General Data Protection Regulation (GDPR)

Meshintex GDPR Policy

Meshintex is operated by Meshintex, Inc. The European Union's General Data Protection Regulation (GDPR) and the UK GDPR regulate the processing of personal data of individuals in the EU, EEA, and UK. These laws apply to us because we serve customers in those regions. We have made information security and data privacy foundational principles of our business, and we are committed to ongoing GDPR and UK GDPR compliance.

The data controller for information collected through our website and products is Meshintex, Inc. If you have questions, concerns, or wish to exercise any of the rights described below, you can reach our privacy team at privacy@meshintex.com. For GDPR-related matters, you can also contact our Data Protection Officer at the same address with “DPO” in the subject line.

Our full Privacy Policy covers data handling for all users. This page focuses specifically on GDPR obligations and EU/EEA/UK resident rights.

What data do we collect?

We collect information you choose to provide — such as your name, email address, telephone number, and account credentials — when you register, request a quote, contact support, or otherwise interact with us. We may also collect information automatically through cookies and similar technologies. See the Cookies section below.

How do we collect your data?

We collect data directly from you (when you fill in forms, contact us, or use our services), automatically (via cookies, analytics, and our IoT data ingestion infrastructure), and occasionally from third-party sources such as updated contact data or publicly available records.

How will we use your data?

We use the data we collect to:

• Deliver and operate our products and services under a contractual obligation.
• Send marketing communications where we have a lawful basis — in the EU, EEA, and UK, marketing is always opt-in.
• Research, develop, and improve our products.
• Comply with legal obligations.

We rely on the following legal bases under the GDPR: performance of a contract, your consent, our legitimate interests (where not overridden by your rights), and compliance with legal obligations.

How do we store your data?

Your personal data may be stored on servers in — or processed by staff located in — countries outside your country of residence, including outside the EEA and UK. When we transfer personal data out of the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum. You can request a copy of the safeguards we have in place by emailing privacy@meshintex.com.

We protect all personal data with a layered set of technical and organisational measures including encryption in transit and at rest, access controls under the principle of least privilege, regular security audits, and a documented incident response process with supervisory authority notification within 72 hours of a reportable breach.

How long do we keep your data?

We keep personal data only as long as necessary for the purposes for which it was collected. As general guidance:

• Account data: retained while your account is active and for up to 90 days after closure, then deleted or anonymized.
• Billing and tax records: up to 7 years as required by law.
• Product telemetry and logs: up to 90 days in operational systems; longer in anonymized, aggregated form.
• Support communications: up to 3 years after the last interaction.
• Marketing preferences: until you withdraw consent, plus a short period to honour the opt-out.

Marketing

We may send you emails about our products or partners where we have a lawful basis to do so. In the EU, EEA, and UK, marketing emails are always opt-in. You can unsubscribe at any time via the link in any marketing email, your account settings, or by emailing privacy@meshintex.com. Opting out will not affect transactional emails such as billing notices or security alerts.

Your data protection rights

Under the GDPR and UK GDPR, individuals in the EU, EEA, and UK have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — ask us to delete your personal data.
• Right to restrict processing — ask us to limit how we use your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on our legitimate interests, and opt out of direct marketing at any time.
• Right to withdraw consent — where we rely on consent, you may withdraw it at any time without affecting prior processing.
• Right not to be subject to automated decision-making that produces legal or similarly significant effects.
• Right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, email privacy@meshintex.com. We will respond within 30 days (extendable by up to two further months for complex requests, with notice to you). Exercising your rights is free of charge.

Cookies and how we use them

Cookies are small text files placed on your device when you visit our website. We use the following categories:

• Strictly necessary — required for the website to function. These cannot be disabled.
• Functional — remember your preferences and choices.
• Analytics — help us understand how visitors use the site so we can improve it.
• Marketing — used only with your consent, to measure marketing effectiveness.

You can manage cookies through the cookie banner or your browser settings. Disabling strictly necessary cookies may affect how the website works.

Privacy policies of other websites

Our website may include links to third-party websites. Meshintex does not own or control those sites and is not responsible for their content or data practices. This GDPR policy does not apply to information you provide to third parties. We encourage you to review the privacy policy of any third-party service before submitting information to it.

Audit rights

Customers have the right to request an audit of the processing activities we carry out concerning their personal data.

How to request an audit

Send a written request to our Data Protection Officer at privacy@meshintex.comwith “DPO — Audit Request” in the subject line. The request should set out the purpose and scope of the audit.

Scope and timing

We will acknowledge requests within 10 business days and work with you in good faith to agree on a reasonable scope and timing, taking into account complexity and the confidentiality of other customers' data.

Methodology

Audits are conducted in a way that protects the confidentiality and integrity of personal data. The methodology may include documentation reviews, interviews, site visits, or other reasonable methods appropriate to the scope. Independent third-party auditors may be engaged, provided they are bound by appropriate confidentiality obligations.

Findings and corrective actions

Upon completion we will share a summary of findings including any compliance gaps. Where non-compliance is identified, we will take appropriate corrective action promptly — for example, implementing additional safeguards or updating policies.

How to contact us

If you have questions about this policy, wish to exercise a right, or want to submit an audit request, contact our privacy team:

How to contact the appropriate authorities

If you are in the EU, EEA, or UK and believe we have not adequately addressed a privacy concern, you have the right to lodge a complaint with your local data protection authority. A list of EU/EEA authorities is available at edpb.europa.eu. UK residents can contact the Information Commissioner's Office (ICO). We would appreciate the chance to address your concerns directly first — please reach out to us at privacy@meshintex.com.

Changes to this policy

We may update this policy from time to time. For material changes we will give reasonable advance notice — for example, by email to account holders or a prominent notice on the website — before the change takes effect. Non-material changes will be posted with an updated revision date.