Privacy Policy
Last updated: February 1, 2026
Mesh-Trace Inc. (“Mesh-Trace”, “we”, “us”, or “our”) is committed to protecting the privacy of our customers and website visitors. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the Mesh-Trace platform, website, and related services (collectively, the “Service”).
1. Information We Collect
Account Information
When you create an account, we collect your name, email address, company name, and billing information. If you sign up through SSO, we receive basic profile information from your identity provider.
Telemetry Data
The Service processes distributed trace data, span data, and related observability telemetry (“Customer Data”) that you send to our collector endpoints. Customer Data may include service names, operation names, HTTP headers, status codes, latency measurements, and custom span attributes. We do not inspect the contents of Customer Data except as necessary to provide the Service.
Usage Data
We automatically collect information about how you interact with the Service, including pages viewed, features used, API calls made, session duration, and browser type. This data is used solely to improve the Service and is not sold to third parties.
Log Data
Our servers automatically record information when you access the Service, including your IP address, request timestamps, referring URLs, and device identifiers. Log data is retained for 90 days for security and debugging purposes.
2. How We Use Information
We use collected information to:
- Provide, maintain, and improve the Service
- Process transactions and send billing-related communications
- Send technical notices, security alerts, and support messages
- Respond to your comments, questions, and support requests
- Monitor and analyze usage trends to improve user experience
- Detect, investigate, and prevent fraudulent or unauthorized access
- Comply with legal obligations and enforce our Terms of Service
3. Data Retention
Customer Data (traces and spans) is retained according to your subscription plan: 30 days for Pro plans, 90 days for Enterprise plans, or as specified in your order form. Account information is retained for the duration of your account plus 30 days after termination to allow for data export. Usage and log data is retained for 90 days. Billing records are retained for 7 years as required by applicable tax and accounting regulations.
4. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in transit: All data is transmitted over TLS 1.2 or higher. API communication uses TLS 1.3 by default.
- Encryption at rest: Customer Data is encrypted using AES-256 in isolated, single-tenant storage partitions.
- Access controls: Employee access to production systems requires multi-factor authentication and is logged. Access is granted on a least-privilege basis.
- Infrastructure: Our infrastructure is hosted in SOC 2 Type II certified data centers with 24/7 physical security, redundant power, and environmental controls.
- Auditing: We undergo annual third-party security assessments and maintain SOC 2 Type II compliance.
5. Data Sharing and Disclosure
We do not sell your personal information. We may share information with:
- Service providers: Third-party vendors who assist in operating the Service (cloud hosting, payment processing, email delivery). These providers are contractually bound to use your information only to provide services to us.
- Legal compliance: When required by law, subpoena, court order, or governmental request. We will notify you of such requests unless legally prohibited.
- Business transfers: In connection with a merger, acquisition, or sale of assets. Your information will remain subject to this Privacy Policy.
- With your consent: When you explicitly authorize us to share information with a third party.
6. International Data Transfers
Mesh-Trace processes data primarily in the EU (Frankfurt, eu-central-1). Enterprise customers may select their preferred data residency region. For transfers outside the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. A copy of the applicable SCCs is available upon request.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information, subject to legal retention requirements
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to processing of your personal information for certain purposes
- Restriction: Request restriction of processing under certain circumstances
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
8. Cookies and Tracking
The Mesh-Trace website uses only essential cookies required for authentication and session management. We do not use third-party tracking cookies, advertising pixels, or behavioral analytics scripts. Session cookies expire when you close your browser. Authentication cookies expire after 24 hours of inactivity.
9. Children’s Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.
10. California Privacy Rights (CCPA)
If you are a California resident, you have the right to: (a) request disclosure of the categories and specific pieces of personal information we have collected, (b) request deletion of your personal information, and (c) opt out of the sale of personal information. As stated above, we do not sell personal information. To exercise your CCPA rights, contact [email protected].
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Data Protection Officer
For privacy-related inquiries or to exercise your data protection rights, contact our Data Protection Officer:
Mesh-Trace Inc.
Attn: Data Protection Officer
1209 Orange Street
Wilmington, DE 19801
United States
[email protected]