Privacy Policy
mesha Consumer Privacy Notice Rev. April 2, 2024
Personal Data We Process on Behalf of Business Customers: If one of our business customers (such as your employer) provides you with access to the Service, there are a few points to keep in mind when you review this Privacy Policy:
● Our business customers may impose certain restrictions on how we may process their users’ personal data – for example, by limiting our marketing to that customer’s users. Our Privacy Policy does not reflect these restrictions; they are governed by our Terms of Service and other agreements with the applicable business customer.
● If you are a business user, you should contact the business customer directly to access, correct or request deletion of your personal data. If you contact mesha with a privacy request, we will refer your request to the business customer that provides you with access to the Service, and we will assist that business customer in responding to your request.
Information About Non-Users. If you exchange emails with other individuals who are not using our Service (“Non-Users”), we will not read that Email Content Data (as defined below) and will not advertise or market to those Non-Users. We collect the email addresses of Non-Users only to provide the Service.
Please contact us if you have any questions about this Privacy Policy.
1. PERSONAL DATA WE COLLECT
When you contact us or interact with our Service, we may collect personal data as follows:Personal Data You Provide
● Your contact details, when you register for our Service, sign up for our mailing list, or otherwise communicate with us; this information may include your name, email address, and phone number. We may also collect employment-related information if you are a representative of one of our business customers.
● Your payment information, when you enroll in one of our plans or otherwise make a purchase on the Service. This information is processed by our payment service provider, Stripe, which may handle your payment information in accordance with its own privacy policy (https://stripe.com/privacy). We do not have access to your full payment card information.
● Communications that we exchange with you, including when you participate in any interactive features of the Service, fill out a form, apply for a job, request customer support, or otherwise communicate with us or interact with the Service.
● Marketing information, such as your preferences for receiving our marketing communications and details about your engagement with them.
● Contents of emails that you send and receive through the Service (“Email Content Data”), which we process on your behalf solely to provide the Service. mesha does not read Email Content Data and does not use that data for marketing or advertising purposes. Other than email drafts and snippets you create in the Service, we do not store or host the contents of your emails. The use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
● Other information not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
Personal Data Collected Automatically
When you access or use the Service, we, our service providers, and our advertising partners may automatically log and combine information about you, your computer or mobile device, and your interactions over time with the Service, online resources, and our communications, including:
● mesha content. We collect information from mesha product features, including the content of drafts or snippets you create in the Service and read receipts. Please note that our advertising partners will not have access to such information.
● Authentication tokens. When you sign in to the Service, we collect and store encrypted Google or Microsoft authentication tokens.
● Use of the Site and App. When you visit, use and interact with the Site or App, we may receive certain information about your visit, use or interactions. For example, we may monitor the number of people that visit our Site or App, peak hours of visits, which page(s) are visited on our Site, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access and visit our Site (e.g., Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and Site-navigation pattern. In particular, the following information is created and automatically logged in our systems:
○ Log data: Information that your browser automatically sends whenever you visit the Site (“log data”). Log data includes your Internet Protocol (“IP”) address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with the Site.
○ Cookies: Please see the Cookie Policy to learn more about how we use cookies on the Site.
○ Device information: Includes the operating system and browser you are using. Information collected may depend on the type of device you use and its settings.
○ Usage information: We collect information about how you use our Site and App, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency and duration of your activities.
○ Email metadata: We collect and store information about emails you send and receive through the Service. This includes numeric identifiers and timestamps, but does not include Email Content Data (as defined above) or other information that could identify the sender, the recipient or the subject of the email.
Personal Data We Receive From Third Parties and Other Sources
From time to time we may receive personal data from third parties and other sources, including:
● Social media information. We maintain pages on social media sites like Facebook and Twitter (“Social Media Pages”). When you interact with our Social Media Pages, we may collect personal data that you elect to provide to us through your settings on the social media site, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
● Third-party login information. When you link, connect, or login to our Service with a third-party service (e.g., Google, Microsoft), you direct the service to send us information such as your registration and profile information as controlled by that service or as authorized by you via your privacy settings on that service.
● Publicly available information, such as publicly available social media information about users and Non-Users and other details that may be aggregated and provided to us by third-party data providers. The types of data we receive may depend on the relevant individual’s privacy settings with the relevant social networks and the types of data available to our data providers.
2. HOW WE USE PERSONAL DATA
We use personal data for the following purposes or as otherwise described at the time of collection:● To provide the Service and perform our contract with you under our Terms of Service, including:
○ To authenticate users, provide the Service and related support, process transactions and respond to your inquiries, requests, comments or feedback;
○ To update and synchronize Service features across multiple devices (i.e., so a draft email you begin on one device will be available on your other device(s)); and
○ To manage our relationship with you, which includes sending administrative information to you relating to our Service and changes to our terms, conditions, and policies and sending account verification or technical/security notices.
● To improve, monitor, personalize and protect our Service for the following legitimate business interests:
○ To display information about your contacts, including Non-Users, in the Service (such as emails and insights job titles and profile photos);
○ To solicit referrals for new users from current users;
○ To analyze how you interact with our Service and provide, maintain and improve the content and functionality of the Service and our customer relationships and experiences, develop our business and inform our marketing strategy;
○ To conduct research and aggregate personal data, to analyze the effectiveness of our Service, to improve and add features to our Service, and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Service. We may collect aggregated information through the Service, through cookies, and through other means described in this Privacy Policy.
● To enforce our agreements, comply with legal obligations and to defend us against legal claims or disputes in our legitimate interests, including:
○ To administer and protect our business and the Service, prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture and networks (including troubleshooting, testing, system maintenance, support and hosting of data); and
○ To comply with legal obligations and legal process and to protect our rights, privacy, safety or property, and/or that of our affiliates, you or other third parties, and recover debts due to us.
● For marketing and advertising purposes.We, our service providers, and our third-party advertising partners may collect and use personal data for the following marketing and advertising purposes:
○ Direct marketing. We may send you direct marketing communications that we believe will be of interest to you, as permitted by law, including by email. For instance, if you elect to provide your email address, we may use that information to send you promotional information about our products and Service. You may opt out of our marketing communications as described in the Opt out of marketing communications section below.
○ Interest-based advertising. We may engage third-party advertising companies, such as Google, to display our ads on their online services and around the web. We may also share information about our users with these companies to facilitate advertising for our Service to them or similar users on other online platforms.
Except where consent is required, we undertake such marketing and advertising on the basis of our legitimate business interests. Where we seek your consent, you may withdraw your consent at any time.
3. HOW WE DISCLOSE PERSONAL DATA
In certain circumstances we may disclose personal data to third parties without further notice to you, unless required by the law, as set forth below:● Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may disclose personal data to service providers, including web hosting, debugging services, email and productivity services, survey providers, database and sales/customer relationship management services, customer service providers, payment processors; web and app analytics services, and data brokers. Notwithstanding the foregoing, we disclose Email Content Data to our hosting provider (Google, Inc.). Pursuant to our instructions, these parties will access, process or store personal data in the course of performing their duties to us.
● Professional advisors.Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
● Advertising partners. Third-party advertising companies, including for the interest-based advertising purposes described above.
● Business transferees. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your personal data and other information may be disclosed in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets.
● Authorities and others.Law enforcement, government authorities and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above, including to (i) comply with legal or regulatory obligations, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.
4. PRIVACY RIGHTS AND CHOICES
Opt out of marketing communications. You may opt out of marketing-related emails and other communications by following the opt out or unsubscribe instructions in the communications you receive from us or by contacting us as provided in the Contact Us section below. You may continue to receive Service-related and other non-marketing emails.Online tracking opt-out. You can opt out of third-party cookies as described in our Cookie Policy.
Personal data requests. We offer you choices that affect how we handle the personal data that we control. Depending on your location and the nature of your interactions with our Service, you may request the following in relation to your personal data:
● Information about how we have collected and used personal data. We have made this information available to you without having to request it by including it in this Privacy Policy.
● Access to a copy of the personal data that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
● Correction of personal data that is inaccurate or out of date.
● Deletion of personal data that we no longer need to provide the Service or for other lawful purposes.
● Opt out of sharing your personal data for interest-based advertising. We share personal data with advertising partners that display targeted advertisements to users around the web. You can limit online tracking as described in our Cookie Policy or by clicking Do Not Share My personal data on the footer of our website. We do not sell personal data.
● Additional rights, such as to object to and request that we restrict our use of personal data.
To exercise these privacy rights, or if you have any questions about we handle your personal data, please contact us as provided in the Contact Us section below. Depending on your jurisdiction, you may be entitled to empower an “authorized agent” to submit requests on their behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.
Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the Contact Us section below. Depending on where you reside, such as if you reside in the European Economic Area or United Kingdom, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred. For example, in the UK, the Information Commissioner's Office, can be contacted at https://ico.org.uk/concerns, and in other EU countries, you can contact the data protection authority of the country in which you are located.
5. USE OF THIRD-PARTY AI TECHNOLOGY
We leverage third-party AI technology, offered by our service providers, to enable mesha’s AI features. These features are designed to assist you in communicating through the Services, including by helping you draft, summarize and edit emails. To enable these features, we will disclose some of your information to our AI service providers.We require our AI service providers to use your information only for the purpose of providing our Service – for example to generate email drafts for you – and we do not allow those providers to train their AI models using your data. mesha will only store logs of the prompts used in AI features, but will not store Email Content Data, other than as described in this Privacy Policy.
We have a Zero Data Retention agreement with our AI service provider in which our provider does not store customer API data on their servers. The input data is deleted once a response is generated and sent back to mesha. The responses are stored for 90 days by mesha, and can be deleted upon request by the customer.
6. DATA RETENTION
We keep personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, in accordance with our retention policies, applicable laws and regulatory obligations, or until you withdraw your consent (where applicable).To determine the appropriate retention period for your personal data, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
7. CHILDREN’S PRIVACY
Our Service is not directed to children who are under the age of 16. mesha does not knowingly collect personal data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided personal data to mesha through the Service please contact us and we will endeavor to delete that information from our databases.8. DATA TRANSFERS
You will provide personal data directly to our website in the United States. We may also transfer personal data to our partners and service providers in the United States and other jurisdictions. Please note that such jurisdictions may not provide the same protections as the data protection laws in your home country.When we engage in cross-border data transfers, we will ensure that relevant safeguards are in place to afford adequate protection for personal data and we will comply with applicable data protection laws, in particular by relying on an EU Commission or UK government adequacy decision or on contractual protections for the transfer of personal data.
9. Data Privacy Framework
mesha complies with EU-U.S. Data Privacy Framework and intends to comply with the forthcoming UK Extension of the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce and the European Commission regarding the collection, use, and retention of personal data transferred from the European Union, United Kingdom, and Switzerland to mesha in the United States.mesha has certified that it adheres to the Data Privacy Framework Principles with respect to such information. If there is any conflict between the policies in this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/.
mesha may be liable under the DPF Principles if its agent processes personal information on behalf of mesha in a manner inconsistent with the DPF Principles.
In compliance with the Data Privacy Framework Principles, mesha commits to resolve complaints about our processing of your personal data. EU and Swiss users with inquiries or complaints regarding this Data Privacy Framework Policy should first contact mesha at: info@mesha.club.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, mesha commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
We have further committed to refer unresolved Data Privacy Framework complaints to an alternative dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider JAMS (free of charge) at https://www.jamsadr.com/eu-us-data-privacy-framework.
If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Data Privacy Framework Panel. For additional information, please visit: https://www.dataprivacyframework.gov/s/.
mesha may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
The Federal Trade Commission has jurisdiction over mesha’s compliance with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
10. LINKS TO OTHER WEBSITES
The Site may contain links to other websites not operated or controlled by mesha, including social media services ("Third-Party Sites"). The information that you share with Third-Party Sites will be governed by the specific privacy policies and terms of service of the Third-Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third-Party Sites directly for information on their privacy practices and policies.11. SECURITY
You use the Service at your own risk. We have implemented safeguards designed to be consistent with industry standards to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration or destruction. However, no internet or email transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you send to us via the Service or email. Please keep this in mind when disclosing any personal data to mesha via the internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites.12. JOB APPLICANTS
When you visit the Careers portion of our Site, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information on the basis of our legitimate business interests to facilitate our recruitment activities such as monitoring recruitment statistics.. We may also use this information to provide improved administration of the Services and as otherwise necessary (i) to comply with relevant laws or to respond to subpoenas or warrants served on us, (ii) to protect and defend our or others’ rights or property, (iii) in connection with a legal investigation and (iv) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy or our terms of use.13. CHANGES TO THE PRIVACY POLICY
The Service, and our business may change from time to time. As a result, we reserve the right to modify this Privacy Policy at any time. When we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our Service or providing us with personal data after we have posted an updated Privacy Policy, or notified you if applicable, you consent to the revised Privacy Policy and practices described in it.14. CONTACT US
Responsible entity. mesha is the entity responsible for the processing of personal data under this Privacy Policy (as a controller, where provided under applicable law).Contact us. If you have any questions about our Privacy Policy or the information practices of the Site, please feel free to contact us by email at info@mesha.club.
COOKIE POLICY
This Cookie Policy explains how mesha uses cookies and similar technologies in connection with our Service.If you have any questions or concerns about the Cookie Policy, please contact us at inf@mesha.club or as otherwise described in our Privacy Policy.
What are cookies and similar technologies?
● Cookies are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand activity and patterns and facilitating online advertising.
● Local storage technologies, like HTML5, provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
● Web beacons, also known as pixel tags or clear GIFs, are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked. There are various types of web beacons or pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a service that contains a pixel, the pixel may permit us or a separate entity to drop or read cookies on your browser, or collect other information about your visit.
This Cookie Policy refers to all these technologies collectively as “cookies.”
How do we use cookies and other similar technologies?
We use both persistent cookies and session cookies. Persistent cookies stay on your device for a set period of time or until you delete them, while session cookies are deleted once you close your web browser. We use persistent cookies, for example, to record your choice of language and country location. The cookies placed through your use of our website are either set by us (first-party cookies) or by a third party at our request (third-party cookies).
We also allow our advertising partners to collect this information through our Site.
What types of cookies do we use?
We use the following categories of cookies:
● Essential cookies: These cookies are required to enable basic website functionality. They cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the Service may not work.
● Marketing cookies. These cookies are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the our permission.We work with agencies, advertisers, ad networks, and other technology services to place ads about our products and services on other websites and services. For example, we place ads through Google and Facebook that you may view on their platforms as well as on other websites and services.
As part of this process, we may incorporate tracking technologies into our own Service as well as into our ads displayed on other websites and services. Some of these tracking technologies on our Website and within our emails and advertisements may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you.
● Personalization cookies. These cookies allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. For example, a website may provide you with local weather reports or traffic news by storing data about your current location.
● Analytics cookies. We use analytics cookies that allow us to recognize and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way our Website works, for example by making sure users are finding what they need easily. The collected data provides us only with anonymous traffic statistics (like number of page views, number of visitors, and time spent on each page). Examples of the third-party analytics cookies we use include Google Analytics. Specifically, we use Google Analytics to collect information about how users use our services, which we then use to compile reports that disclose trends without identifying individual visitors and help us improve our services. For more information on Google Analytics, click here. For more information about Google’s privacy practices, click here. You can opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
How can you control the use of cookies?
Depending on the location from where you access the Service, you may be presented with a cookie banner or other tool to provide permissions prior to non-Essential cookies being set. In this case, we only set these non-Essential cookies with your consent.
You can also limit online tracking by:
● Blocking cookies in your browser.Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. Use the following links to learn more about how to control cookies and online tracking through your browser:
●Firefox; Chrome; Microsoft Edge; Safari (Mac); Safari (Mobile/iOS)
● Blocking advertising ID use in your mobile settings.Your mobile device settings can provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
● Using privacy plug-ins or browsers.You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave,or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin,and configuring them to block third-party cookies/trackers.
● Advertising industry opt out tools.You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:
●Digital Advertising Alliance for Websites: outout.aboutads.info
●Network Advertising Initiative: optout.networkadvertising.org
● Platform opt-outs.Some of our advertising partners offer opt-out features that let you opt out of use of your information for interest-based advertising, including:
Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Do Not Track.Some Internet browsers can be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.