top of page
octomesh.png

OpenMesh

Privacy Policy

Last Updated: April 4, 2026

Zygma, Inc. (“OpenMesh,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.

This Privacy Policy describes how we collect, use, disclose, and otherwise process personal data when you access or use our website, platform, APIs, dashboard, billing tools, and related services (collectively, the “Service”). Capitalized terms not defined in this Privacy Policy have the meanings given in our Terms of Service.

This Privacy Policy applies to personal data collected through written, electronic, and oral communications, including when you:

  • access our website and any pages that link to this Privacy Policy;

  • create an account or workspace;

  • use the OpenMesh platform, including Deploy, Route, Ground, and Evaluate features;

  • interact with our APIs, dashboard, billing flows, support channels, or communications;

  • interact with third-party applications or services that link to this Privacy Policy.

 

Before using the Service, please read this Privacy Policy and our Terms of Service carefully. By using the Service, you consent to the collection, use, and disclosure of your personal data as described in this Privacy Policy and our Terms of Service. If you do not agree, you should not use the Service.

We may update this Privacy Policy from time to time. If we make material changes, we will post the revised version and update the “Last Updated” date above. Where required by law, we will provide additional notice, such as by email or in-product notification. Your continued use of the Service after the effective date of an updated Privacy Policy constitutes your acceptance of the revised policy.

We may also provide additional just-in-time disclosures, product-specific notices, or supplemental privacy terms where appropriate.

1. Collection of Personal Data

We collect personal data in connection with your use of the Service. “Personal data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual or household.

The personal data we collect may include:

  • information you provide directly to us,

  • information we collect automatically when you use the Service,

  • information we receive from third parties, such as service providers, payment processors, analytics providers, or identity and authentication partners.

 

A. Personal Data You Provide to Us

We may collect the following categories of personal data that you voluntarily provide:

  • Account and registration information, such as your name, email address, company name, username, password, job title, and workspace details.

  • Billing and transaction information, such as billing address, subscription details, usage plan, invoice information, and transaction history. Payment card information is generally processed by our payment processor, Stripe, rather than stored directly by OpenMesh.

  • Communications, such as records of your correspondence with us, including support requests, feedback, survey responses, and other messages.

  • Inputs and content you submit, including prompts, files, datasets, code, search requests, grounded retrieval requests, deployment configuration data, logs, and other content you choose to send through the Service.

  • Workspace and account configuration data, such as deployment settings, routing rules, grounding preferences, evaluation settings, API usage preferences, and notification settings.

  • Marketing and event information, such as your preferences for receiving product updates, event communications, or promotional content.

B. Personal Data Collected Automatically

When you access or use the Service, we may automatically collect certain information, including:

  • Usage information, such as pages visited, features used, API requests, run history, model routing metadata, evaluation events, search queries, referring pages, clickstream activity, and timestamps.

  • Device and connection information, such as IP address, browser type, device type, operating system, language, time zone, and unique device or browser identifiers.

  • Log and performance data, such as error reports, diagnostic information, request metadata, performance metrics, latency measurements, and system activity logs.

  • Location information, such as approximate geolocation derived from IP address.

  • Cookie and similar technology data, as described below.

C. Inputs, Outputs, and AI-Related Data

Because OpenMesh provides AI infrastructure features, the Service may process content that you submit to or generate through the platform, including prompts, code, files, outputs, traces, routing decisions, evaluations, and grounding requests.

Depending on your plan, workspace settings, and system configuration, OpenMesh may also process or store:

  • request and response logs,

  • routing traces,

  • model and provider metadata,

  • search or retrieval metadata,

  • evaluation results,

  • deployment usage metrics,

  • debugging, observability, and analytics data.

 

If you submit personal data within your inputs, files, or prompts, we may process that information as part of providing the Service. You are responsible for ensuring that you have an appropriate legal basis and all required rights and permissions for any personal data you submit through the Service.

We do not control the privacy practices of third-party model providers, search providers, or other third-party services that may be used through OpenMesh. Their handling of data may be subject to their own terms and privacy policies.

2. Cookies and Other Tracking Technologies

We use cookies, pixels, SDKs, local storage, and similar tracking technologies (“Tracking Technologies”) to operate and improve the Service, personalize your experience, analyze traffic, secure accounts, and understand product usage.

A. Types of Cookies and Tracking Technologies We May Use

Strictly Necessary Cookies

These are required for the operation of the Service, including authentication, account login, session management, security, fraud prevention, and core product functionality.

Functional Cookies

These help us remember your preferences, settings, and account-related choices to improve your experience.

Performance and Analytics Cookies

These help us understand how users interact with the Service, including page views, click behavior, navigation, and usage trends, so that we can improve functionality and reliability.

Marketing Cookies

These may be used to understand engagement with our marketing communications and website content. We do not use these to sell your personal data.

B. Analytics and Product Usage Tools

We may use analytics and observability providers to understand usage of the Service, measure product performance, analyze errors, and improve the user experience. These providers may collect information such as pages visited, session behavior, device identifiers, event logs, and technical performance data on our behalf.

C. Your Cookie Choices

Most browsers allow you to manage or disable cookies. Please note that if you disable cookies or similar technologies, some parts of the Service may not function properly.

3. How We Use Your Personal Data

We use personal data for the following purposes:

A. To Provide the Service

We use personal data to:

  • create and manage accounts and workspaces;

  • authenticate users and secure access to the Service;

  • operate Deploy, Route, Ground, and Evaluate features;

  • process API requests, routing events, search requests, deployments, logs, and evaluations;

  • provide billing, account management, and subscription services;

  • provide customer support and respond to inquiries.

B. To Operate, Improve, and Develop the Service

We use personal data to:

  • understand product usage and feature adoption;

  • monitor performance, uptime, latency, and reliability;

  • improve product design, routing systems, observability, grounding, evaluation, and user experience;

  • diagnose errors, debug issues, and develop new features;

  • analyze usage trends, business operations, and platform effectiveness.

C. To Communicate with You

We use personal data to:

  • send verification emails,

  • send login and security notices,

  • send billing and transaction notices,

  • notify you about product updates, feature changes, legal notices, and policy updates,

  • send marketing and promotional communications, where permitted by law.

You may opt out of promotional or marketing emails at any time by following the unsubscribe instructions in those communications or by contacting us at support@openmesh.ai. Even if you opt out of marketing messages, we may still send service-related communications.

D. To Protect the Service and Enforce Our Rights

We use personal data to:

  • detect, investigate, and prevent fraud, abuse, unauthorized access, misuse, and security incidents;

  • enforce our Terms of Service and other policies;

  • protect our rights, users, platform, systems, and business operations;

  • comply with legal, regulatory, and contractual obligations.

E. For Research, Analytics, and Aggregation

We may use personal data in aggregated, anonymized, or de-identified form for analytics, benchmarking, platform measurement, research, and business insights, to the extent permitted by law.

4. How We Share and Disclose Personal Data

We may share personal data in the following circumstances:

A. Service Providers

We may share personal data with vendors, contractors, consultants, cloud providers, hosting providers, payment processors, analytics providers, authentication providers, support providers, and other service providers that process information on our behalf and under our instructions.

B. Third-Party Providers Used Through the Service

When you use OpenMesh to access third-party models, search providers, infrastructure providers, or other third-party services, we may transmit your data to those providers as necessary to fulfill your requests.

C. Affiliates and Corporate Partners

We may share personal data with our affiliates, subsidiaries, and related entities for purposes consistent with this Privacy Policy.

D. Workspace Administrators

If you use the Service as part of a team, company, or enterprise workspace, workspace administrators may be able to access certain account details, usage data, logs, billing information, routing configurations, evaluation data, or content associated with that workspace.

E. Corporate Transactions

We may disclose personal data in connection with a merger, acquisition, financing, asset sale, reorganization, bankruptcy, or similar corporate transaction.

F. Legal Compliance and Protection

We may disclose personal data where we believe disclosure is necessary to:

  • comply with applicable law, regulation, legal process, subpoena, or government request;

  • enforce our Terms of Service or other agreements;

  • detect, prevent, or address fraud, abuse, security, or technical issues;

  • protect the rights, property, or safety of OpenMesh, our users, or others.

G. With Your Consent

We may disclose personal data for other purposes with your consent or at your direction.

5. Your Rights and Choices

Depending on where you live, you may have rights regarding your personal data, subject to legal limitations and exceptions.

These rights may include:

  • the right to know what personal data we collect and how we use it,

  • the right to access a copy of your personal data,

  • the right to correct inaccurate personal data,

  • the right to request deletion of personal data,

  • the right to object to or restrict certain processing,

  • the right to withdraw consent where processing is based on consent,

  • the right to data portability where applicable,

  • the right to opt out of certain marketing communications.

A. Account Information

You may review and update certain account information by logging into your account or workspace settings.

B. Marketing Communications

You may unsubscribe from promotional emails by using the unsubscribe link in those emails or by contacting us at support@openmesh.ai. You may still receive account, billing, security, legal, and service-related emails.

C. Data Access, Correction, or Deletion Requests

To request access, correction, deletion, or exercise other privacy rights, contact us at support@openmesh.ai. We may request information to verify your identity before processing your request.

We may decline or limit a request where permitted by law, including where we need to retain information for legal compliance, security, fraud prevention, contractual obligations, or legitimate business purposes.

6. Data Retention

We retain personal data for as long as reasonably necessary to:

  • provide the Service,

  • maintain accounts and workspaces,

  • process billing and subscription records,

  • support debugging, observability, and system security,

  • comply with legal, tax, accounting, and regulatory obligations,

  • resolve disputes and enforce our agreements.

Retention periods may vary depending on the type of data, your account settings, your plan, workspace-level controls, and whether logs or traces are enabled.

When personal data is no longer required, we will delete, anonymize, or de-identify it, unless retention is required or permitted by law.

7. Data Security

We implement reasonable physical, administrative, and technical safeguards designed to protect personal data from accidental loss and from unauthorized access, use, disclosure, alteration, or destruction.

However, no security system is perfect, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly if you suspect unauthorized access to your account.

8. International Data Transfers

OpenMesh is based in the United States. If you access the Service from outside the United States, your personal data may be transferred to, stored in, and processed in the United States and other countries where we or our service providers operate.

Where required by law, we take appropriate steps to provide lawful transfer mechanisms and safeguards for international transfers of personal data.

9. Children’s Privacy

The Service is not intended for children, and we do not knowingly collect personal data from children under 18. If we learn that we have collected personal data from a child without appropriate authorization, we will take steps to delete it.

10. Third-Party Services

The Service may link to, integrate with, or rely on third-party websites, products, APIs, providers, and services. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you interact with.

11. U.S. State Privacy Disclosures and GDPR Legal Bases

Depending on your jurisdiction, additional privacy laws may apply, including U.S. state privacy laws and the GDPR.

A. Categories of Personal Data We May Collect

We may collect the following categories of personal data:

  • identifiers, such as name, email address, IP address, account identifiers, and device identifiers;

  • account and billing information;

  • commercial information, such as plan details and transaction history;

  • internet or network activity information, such as product usage, clickstream, and logs;

  • geolocation information based on IP address;

  • communications and support records;

  • user-submitted content and AI workflow metadata;

  • professional or employment-related information where voluntarily provided.

B. Purposes of Processing

We process personal data to:

  • provide and operate the Service,

  • improve and develop the Service,

  • communicate with users,

  • secure the Service,

  • comply with legal obligations,

  • prevent fraud and abuse,

  • support billing and business operations.

C. Legal Bases Under the GDPR

Where the GDPR applies, we generally rely on the following legal bases:

  • performance of a contract, where processing is necessary to provide the Service;

  • legitimate interests, such as improving the Service, securing the platform, preventing abuse, and managing operations;

  • consent, where required, such as certain marketing communications or optional cookies;

  • legal obligation, where processing is necessary to comply with law.

D. Sale and Sharing

We do not sell personal data in exchange for money. We do not knowingly sell personal data as that term is defined under applicable privacy laws.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, you may contact us at:

support@openmesh.ai

bottom of page