Privacy Policy

ZoneMesh Privacy Policy

Effective Date: 12/19/2025

Posted Date: 12/19/2025

I. Introduction

ZoneMesh respects your privacy. This Privacy Policy explains how ZoneMesh, Inc. ("ZoneMesh," "we," "us," "our") collects, uses, discloses, and otherwise processes information that identifies, relates to, or could reasonably be linked with an individual ("Personal Data") in connection with:

our websites and online properties (the "Site");
our ZoneMesh platform, including the BYOC Hub component you deploy in your environment (the "Hub") and ZoneMesh-operated control plane services (the "Control Plane").

This Policy does not cover how our customers process Personal Data in their own systems or DNS environments. If you use ZoneMesh through an organization, that organization's privacy practices may also apply.

II. Our Roles & Responsibilities

When ZoneMesh is a controller

ZoneMesh acts as a controller for Personal Data we process for our own business purposes, such as Site operations, marketing, account administration, billing, and support.

When ZoneMesh is a processor / service provider

ZoneMesh may process Personal Data on behalf of a customer through the ZoneMesh platform, in which case the customer is the controller and ZoneMesh acts as a processor/service provider.

If you want to exercise rights relating to Personal Data a customer has provided to ZoneMesh, please contact that customer first. If you contact ZoneMesh directly, we may request the customer name to route your request and assist where appropriate.

III. Personal Data We Collect and Sources

A. Information you provide to us

We may collect:

Contact and account data: name, email, organization, username, and other admin profile fields
Billing and contracting data: billing contact, invoicing details, payment method tokens (typically processed by payment providers), and contract metadata
Support and communications: messages, tickets, call recordings (where permitted), and files/logs you choose to upload

B. Information collected automatically from the Site

We may collect:

Device and usage data: IP address, browser type, pages viewed, referring page, approximate location derived from IP
Cookies and similar technologies: for essential functionality, analytics, and (if enabled) marketing

C. Information collected from the Hub and Control Plane (BYOC)

When you deploy the Hub in your infrastructure, the Hub establishes an outbound connection to the Control Plane so the Control Plane can manage the Hub (for example, register it, deliver configuration, coordinate sync jobs, monitor health, and deliver updates, depending on your settings).

In that context, ZoneMesh may collect:

Hub identity and configuration metadata: Hub ID, version, enabled capabilities, feature flags
Operational telemetry: health signals, performance metrics, error codes, and diagnostics
Logs you choose to send: if you enable log forwarding or share logs with support
Network/security metadata: timestamps, request IDs, and authentication/attestation signals

Important boundary: What ZoneMesh receives depends on what you configure and what features you enable. Where possible, avoid including sensitive or unnecessary Personal Data in logs or configuration fields.

D. Information from third parties

We may receive:

Business contact data from partners, events, referrals
Identity and access data from SSO providers if you use SSO
Payment confirmation data from payment processors

IV. How We Use Personal Data

We use Personal Data to:

Provide and operate the Site, Control Plane, and Hub connectivity
Authenticate and administer accounts
Provide support and troubleshoot issues
Improve reliability and security, including detecting abuse, fraud, and security incidents
Communicate about service updates, security notices, and administrative messages
Marketing (where permitted): send product updates and event invitations (you can opt out)

V. How We Disclose Personal Data

We may disclose Personal Data to:

Service providers (hosting, analytics, support tooling, payment processors) under contractual protections
Affiliates (if applicable) consistent with this Policy
Legal and safety purposes (to comply with law, protect rights, investigate abuse, respond to valid legal process)
Corporate transactions (merger, acquisition, financing, or asset sale), subject to appropriate safeguards

ZoneMesh does not sell Personal Data in the traditional sense. If certain cookie/advertising practices constitute "sharing" under applicable law, you can opt out as described below.

VI. Cookies and Tracking Choices

We use cookies and similar technologies for:

Essential functions (security, session management)
Analytics (understanding Site usage)
Marketing (where enabled)

You can control cookies through your browser settings and any cookie preference tools we provide.

VII. Security

We use administrative, technical, and organizational measures designed to protect Personal Data. No system is perfectly secure; you are responsible for safeguarding your credentials and securing your BYOC environment.

VIII. Data Retention

We retain Personal Data as long as necessary to provide the Site and platform, comply with legal obligations, resolve disputes, and enforce agreements. Retention may vary by data type. Where feasible, telemetry may be aggregated or de-identified over time.

IX. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, object to, or restrict processing of your Personal Data, and to opt out of certain targeted advertising/cookie-based sharing.

To exercise rights, contact us using the details in How to Contact Us. If your request relates to a customer-controlled account, we may direct you to the customer.

X. International Transfers

ZoneMesh may process Personal Data in the United States and other countries where we or our service providers operate. We use appropriate safeguards for cross-border transfers where required.

XI. Children

The Site and services are not directed to children, and we do not knowingly collect Personal Data from children under 16.

XII. California Privacy Notice (CCPA/CPRA)

This section applies to California residents and supplements the Privacy Policy.

A. Categories of Personal Information We Collect

In the preceding 12 months, we may have collected the following categories of personal information (as defined by the CCPA/CPRA), depending on how you interact with us:

Identifiers: name, email address, IP address, account identifiers
Customer records information: billing contact details, contract and account information
Commercial information: records of products or services purchased or considered
Internet or network activity: browsing interactions with the Site, device and usage data, certain Hub telemetry and logs (as configured)
Geolocation data: approximate location derived from IP address
Professional or employment information: organization name, job title (if provided)
Inferences: derived insights (e.g., feature interest) based on usage and interactions

We generally do not intentionally collect Sensitive Personal Information (as defined by CPRA) through the Site or Hub. If you provide sensitive information to us (for example, in support logs), we will use it only as necessary to respond to you or provide the service.

B. Sources of Personal Information

We collect personal information from:

you directly (forms, account creation, support)
your devices and browsers (cookies and similar technologies)
the Hub (telemetry and diagnostics, based on configuration)
service providers and business partners (e.g., events, referrals)

C. Purposes for Collection and Use

We collect and use personal information for the business and commercial purposes described in this Policy, including:

operating the Site and platform
account administration
billing and transactions
support and troubleshooting
security and fraud prevention
analytics and product improvement
marketing communications (where permitted)

D. Disclosure of Personal Information

We may disclose personal information to:

service providers who perform services on our behalf (hosting, analytics, support tooling, payments)
professional advisors (e.g., legal, auditors)
government authorities or other parties as required by law

E. Sale or Sharing of Personal Information

ZoneMesh does not sell personal information for money. ZoneMesh may "share" personal information (as defined under the CPRA) via certain cookie-based advertising/analytics technologies if enabled on the Site.

Opt Out of Sharing: You may opt out of cookie-based sharing by using our cookie preference tool (if available) and/or adjusting browser settings. If we provide a "Do Not Sell or Share My Personal Information" link, you may use it to opt out.

F. Your California Privacy Rights

Subject to verification and applicable exceptions, California residents may have the right to:

Know/Access: request details about personal information we collected, used, or disclosed
Delete: request deletion of personal information
Correct: request correction of inaccurate personal information
Opt out of sale/sharing: opt out of sale or sharing (as applicable)
Limit use of sensitive personal information: if we use SPI beyond permitted purposes (generally not applicable)
Non-discrimination: not be discriminated against for exercising rights

G. Submitting Requests

You can submit a request by contacting us at privacy@zonemesh.io.

We may need to verify your identity and, where applicable, your authority to make the request. You may use an authorized agent, but we may require proof of authorization and may still verify your identity.

XIII. How to Contact Us

Email: privacy@zonemesh.io

Mailing Address: [Insert Address]

XIV. Changes to This Policy

We may update this Policy from time to time. We will update the Effective Date and may provide additional notice if changes are material.