GDPR Statement

This policy describes how Mesh Labs, Inc. collects and processes personal data with respect to data subjects covered by the EU General Data Protection Regulation.  Depending on your geographic location, some parts of this statement may not apply to you. Except as described below, we are the data controller of personal data collected from our website and a data processor for our customers supplied data. Our physical address is 85 Broad Street, Floor 17, New York, NY 10004 and you may reach us by emailing 

Our EU Representative is Osano International Compliance Services Limited and can be contacted by writing to

Osano International Compliance Services Limited, ATTN: FMYZ3, Dublin Landings, North Wall Quay, Dublin, 1D01C4E0

Our UK Representative is Osano UK Compliance LTD and can be contacted by writing to

Osano UK Compliance LTD, ATTN: FMYZ, 42-46 Fountain Street, Belfast, Antrim, BT1 - 5EF

GDPR Principles

The GDPR principles exist to aid companies to stay and remain within the boundaries of the regulation; they also help to understand its main objectives. Therefore, we comply with the contours and principles expressed to be the core of GDPR compliance, which are:

Sources of Data Collection

We may collect information about you during your visit and when you use our website, app, and services. To give you more information on the sources of the data we collect from you, consider that we are doing so;

Nature and Scope of Data Use

The nature of the processing is as follows:

The types of processing identified as likely high risk are those involving personally identifying information (PII), such as contact information and engagement/communication history. We will take appropriate measures to ensure that such data is processed in accordance with GDPR requirements.

Nature and scope of the data: The data collected and processed by Mesh includes, but is not limited to, marketing and sales information, such as lead and opportunity data, revenue data, marketing engagement, website traffic, ad interactions. It does not include special category or criminal offense data. The amount of data collected and used varies depending on the size and activity of our customers. This could be a large amount of data, potentially including records related to millions of individuals.

Frequency & Retention: The data collected and processed by Mesh is updated in real-time, as marketing and sales activities occur. This data is retained for as long as it is necessary for the purposes of providing business services, or as required by law.

Impact & Geography: The number of individuals affected by the processing of data by Mesh varies depending on the size and activity of our customers. It may include thousands or millions of individuals and those individuals may be located anywhere in the world (largely depending on the geographic location and presence of our customers).

Categories of Personal Data

We collect the following categories of personal data:

Remember that you have the right at all times not to disclose any personal information to us. However, this may impact and possibly limit your use of the Website and App and we may not be able to provide you any Services to the extent that your personal data is required to enable us to provide such data. 

How We Use Your Personal Information

We use your personal information for various purposes.

We follow the directives of the GDPR in informing you about our uses, basis, and purposes for the collection and processing of your personal data. In the event that any such purpose changes, we will make sure to inform you about any changes to the purposes of why and what we collect and process your data for.

Sharing of Your Personal Information

Under no circumstance will we sell, trade, or rent any of your personal information, regardless of its source or purpose. However, with your previous consent, we may share personal data with recipients under certain circumstances and with the following parties;

Legal Basis of Processing

Under the GDPR, all companies must have a legal basis for processing personal information. We rely on the following legal bases for collecting and processing personal data:

Our lawful basis for processing is based on our customer’s consent from their clients and prospects either via their terms and conditions or other contractual agreement. Our default assumption is that any customer we work with has received the required consent to capture their client data and process it via first or third party resources. In our contractual agreements with our customers, this will be explicitly agreed upon.

International Data Transfer Mechanisms

Many US companies have commercial interests and businesses inside the EU and therefore handle the personal data of EU citizens directly protected by the GDPR. As a result, EU authorities, through the EU Commission, have determined the need for valid mechanisms for companies to make such data transfers without putting any personal data protected under the GDPR at risk of infringement. These are the most important of such mechanisms.

Data Processing Agreement

The terms of the data processing addendum ("Mesh DPA") available below are hereby incorporated by reference and shall apply to the extent Mesh processes any Personal Data (as defined in the Mesh DPA) that is subject to the GDPR on Customer’s behalf.

Data Processing Addendum


For the purposes determined within this statement and to provide complete and compliant services to you, we engage and use data processors with which we may share some categories of your collected data. These subprocessors are under an agreement with us and may use your data for the specific purposes we require and in compatibility with this statement and our privacy policy.

Mesh Subprocessors List

Your Data Subject Rights

The GDPR has granted data subjects specific rights respecting their personal data. This applicability may depend on your nationality and geographic location. These are your rights:

Right of knowledge or confirmation. You have the right to obtain a confirmation of whether your personal data is being processed

Right of access. You may require from the controller free information about the storage of your personal information and also obtain a copy of this information. Additionally, you  have a right to know the purposes of the processing of any personal information, the categories of personal information collected or processed and stored, and the recipients of the personal information, if any.

Right of rectification. You have the right to correct or request the correction of your personal information.

Right to be forgotten (erasure). You shall have the right to have your personal data erased without delay, provided that processing is unnecessary. The controller shall consider if such information is no longer necessary for the purposes it was collected for and that there are no overriding legitimate grounds for processing.

Right of restriction of processing. You have the right to request that processing of your personal data be restricted when:

Right of Data Portability. You have the right to receive their personal information in a structured and machine-readable format. You shall have the right to transmit the data to another controller without further observation by the original controller. You may also request that personal data be transferred directly from one controller to another.

Right to object. You have the right to object to the processing of your personal information, at any time.

Right not to be subject to automatic decision-making, including profiling. you have the right not to be subject to this kind of processing.

Right to withdraw consent. If you have consented to the collection or use of your personal information, you have the right to withdraw your consent at any time.

Additionally, if you feel we have failed to address any of your requests regarding your personal data, you may have the right to lodge a complaint with a Data Protection Authority. Here is a list of the contacts for them: To practice your aforementioned rights, please contact us at the physical or email address provided in our Privacy Policy. Before we grant or process any requests for your rights, we may require verification of your identity. 

Data Protection Officer

We have appointed a Data Protection Officer. You may contact him at:

Michael Wang

85 Broad Street, Floor 17

New York, NY 10004

If you think the DPO is not the correct party to address for any questions or inquiries about this Statement contact us to our provided contact data above. We can provide a copy of our DPIA by request.