Commitments / Legal / Privacy

V1 Privacy & Data Handling Notice

Published by Zen Mesh Inc. · Last updated 2026-06-19

Target: V1 Free / Pro trial / evaluation access · Legal entity: Zen Mesh Inc., 2-14 Stadacona Dr, Toronto, ON, CA

1. Data We Process

1.1 Account and Contact Data

When you create an account, we collect your email address and name. This is used for account management, billing, and support communication.

1.2 Configuration Metadata

Webhook source configurations, destination endpoints, transformation rules, and delivery policies are stored as your account configuration. This data is necessary to operate the service.

1.3 Webhook Metadata

Delivery logs, timestamps, HTTP status codes, and delivery attempt records are retained for operational visibility and debugging.

1.4 Webhook Payload Content

Payloads are processed for delivery and may be temporarily stored for redelivery. Payload retention follows the schedule in Section 3. Payloads are not used for training or profiling.

1.5 Operational Telemetry

Performance metrics, error rates, and usage patterns are collected to improve the service. You may opt out of non-essential telemetry.

1.6 Billing Metadata

For Pro tier users, billing metadata including plan type and payment status is processed through Stripe. We do not store full payment card details.

1.7 Support Records

Support correspondence is retained for service improvement and issue resolution.

2. How We Use Data

We use your data solely to operate, maintain, and improve the service. We do not sell personal data. Data processing is limited to what is necessary for service delivery.

3. Data Retention

Webhook payloads are retained for up to 30 days for redelivery purposes. Operational logs are retained for up to 90 days. Account data is retained for the duration of your account plus a reasonable period for legal and operational purposes.

4. Data Sharing

4.1 Subprocessors

We use the following subprocessors to deliver the service:

  • Google Cloud Platform (GCP) — SaaS control plane infrastructure (Toronto, Canada)
  • Vercel — Public website hosting (Global)
  • Stripe — Payment processing (Global)
  • Google Fonts — Web typography (Global)
  • Docker Hub — Container image registry (Global)
  • GitHub — Source control (Global)

No customer webhook payloads are sent to any subprocessor. We update this list as service providers materially change.

4.2 Legal Compliance

We may disclose data if required by law, regulation, or legal process, or to protect the rights, property, or safety of Zen Mesh, our users, or others.

5. Data Location

Primary data processing occurs in Toronto, Canada. Some data may be processed in other regions where our subprocessors operate.

6. Security

All data in transit is encrypted via TLS. Internal service-to-service communication uses mTLS with SPIFFE identities. Data at rest is encrypted using platform-managed encryption keys.

7. Your Rights

You may request access to, correction of, or deletion of your personal data by contacting support@zen-mesh.io. Self-service export and deletion are not yet available. Customer-controlled export/deletion is required but not yet implemented — this is a known product gap.

8. Cookies and Tracking

Our website uses minimal cookies for essential functionality. We do not use third-party tracking cookies.

9. Changes to This Notice

We may update this privacy notice. Material changes will be communicated via email or in-product notification.

10. Contact

Privacy inquiries: support@zen-mesh.io

Non-Claims

  • No compliance certification (SOC2, ISO, PCI, HIPAA, FedRAMP) is claimed
  • No data protection authority approval has been obtained
  • Deletion, export, and retention automation are not yet fully implemented
  • This notice applies to V1 Free/Pro trial access only
  • Separate data processing terms (DPA) apply for Business/Enterprise customers