Privacy Policy

Last updated: March 2026

1. Our Core Privacy Commitment

At zMesh, your data belongs to you — not us, not our investors, not any third party. We are built on the principle that a backend provider should never monetize, share, or exploit the data you store on our platform.

  • We never sell your data to anyone — not to advertisers, data brokers, or analytics companies.
  • We never share your data with investors, partners, or affiliates for any purpose.
  • We never use your data to train AI/ML models, build user profiles, or derive commercial insights.
  • We never access your database contents, stored files, or function code unless you explicitly request support.

2. Information We Collect

We collect only what is strictly necessary to operate the platform:

  • Account details: Name, email address, and organization name — required for authentication and billing.
  • Project data: Databases, storage files, and function code you create — stored exclusively in your chosen region and never read by us.
  • Usage metrics: API call counts, bandwidth, and compute usage — only for billing and service health monitoring.
  • Technical logs: IP addresses, request paths, and error logs — retained for security, abuse prevention, and debugging (auto-deleted after 30 days).

We do not collect analytics cookies, behavioral data, browsing habits, or device fingerprints.

3. Data Sovereignty & Regional Storage

Your data is stored in the region you select at project creation and never leaves that region. We maintain strict data residency to respect local data protection laws and your sovereignty preferences.

  • India-based users: Data is stored in Indian data centers, compliant with India's Digital Personal Data Protection Act (DPDPA) 2023.
  • EU-based users: Data is stored within the EU, compliant with GDPR.
  • Other regions: Data is stored in the nearest available region you select. No cross-border transfers without explicit consent.

Data replication for backups and high availability occurs only within the same geographic region. We do not replicate your data across continents.

4. How We Use Your Information

  • To provide, maintain, and improve the zMesh platform and its services.
  • To process billing and payments through our payment provider (ZPay by Zyora).
  • To send critical service notifications (outages, security alerts, billing updates) — never marketing spam.
  • To detect and prevent abuse, fraud, and unauthorized access.
  • To respond to your support requests — only when you initiate contact.

That's it. We have no advertising business, no data monetization strategy, and no plans to build one.

5. Data Security

We employ bank-grade security at every layer:

  • Encryption in transit: All connections are encrypted using TLS 1.3. No plaintext communication — ever.
  • Encryption at rest: All databases, files, and backups are encrypted using AES-256.
  • Access controls: Strict role-based access within our team. No employee can access your data without a documented support request from you.
  • Audit logging: Every access to infrastructure is logged and reviewed.
  • Regular audits: Periodic security assessments and vulnerability testing.

6. Zero Third-Party Data Sharing

We do not share your data with any third party. This includes:

  • Investors & shareholders: No investor has access to customer data, analytics, or usage patterns — regardless of ownership stake.
  • Partners & affiliates: No data sharing agreements with any partner company.
  • Advertising networks: We do not run ads and do not share data with ad platforms.
  • AI/ML providers: Your data is never used to train, fine-tune, or evaluate any machine learning model — ours or anyone else's.
  • Government requests: We will only comply with legally binding orders from competent courts in the user's own jurisdiction. We will notify affected users unless legally prohibited.

The only external service that receives limited data is our payment processor (ZPay) — strictly for processing transactions. They receive only billing details (name, email, amount), never your project data.

7. Data Retention & Deletion

  • Active accounts: Data is retained for the lifetime of your account.
  • Account deletion: All personal data is permanently deleted within 30 days of account deletion.
  • Project data: Databases, files, and function code are permanently purged within 7 days of project deletion.
  • Backups: Backup copies are purged within 90 days of deletion.
  • Logs: Technical/security logs are auto-deleted after 30 days.

You can request immediate data export or deletion at any time from the dashboard or by contacting us.

8. Your Rights

Regardless of where you are located, you have the right to:

  • Access: View all personal data we hold about you.
  • Rectification: Correct any inaccurate personal data.
  • Deletion: Request permanent deletion of your data and account.
  • Export: Download all your data in a standard, portable format.
  • Restriction: Request that we limit how we process your data.
  • Objection: Object to any processing you believe is unnecessary.

All requests are fulfilled within 72 hours. No questions asked, no retention tricks.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, or any third-party cookie services. No cookie banner needed — because we don't track you.

10. Changes to This Policy

If we make material changes to this privacy policy, we will notify you via email and display a prominent notice on the dashboard at least 30 days before the changes take effect. Your continued use after notice constitutes acceptance.

11. Contact

For privacy-related inquiries, data requests, or concerns:

We aim to respond to all privacy inquiries within 48 hours.