mesh

Legal

Privacy Policy

Last updated April 28, 2026

Introduction

Mesh (“Mesh,” “we,” “us”) operates a two-sided marketplace that connects event hosts with brand sponsors at meshnow.io. This policy explains what information we collect about you, how we use it, who we share it with, and the choices you have.

It applies to anyone who visits our website, browses public event listings, or creates a Mesh account as a host or sponsor. By using Mesh, you agree to this policy.

Information we collect

We collect information in three ways: what you give us, what you produce by using Mesh, and what we receive from third parties you authorize.

Account and profile information

  • Sign-in details. When you create an account we receive your name and email address from Google (if you use Google Sign-In) or the email and password you set up directly.
  • Host profiles include your display name, profile photo, bio, portfolio or social links, and your role.
  • Sponsor profiles include your representative name, brand industry, and the organization you belong to. Organization records may include the company name, members, and uploaded brand assets (logos, one-liners, default sponsor copy).

Content you create on Mesh

  • Event listings you publish: title, description, poster image, capacity, date, venue, and external links.
  • Deal data generated when a sponsor expresses interest in an event: deal status, history of state changes, action items, cancellation reasons, and ratings.
  • Messages you send through the deal page activity feed.
  • Sponsor assets and impact reports submitted as part of a deal: logos, copy, attendee counts, highlights, and event photos.
  • Files in the deal file cabinet that either party uploads while a deal is in progress.

Payment information

When a sponsor pays for a sponsorship, payment is processed by Stripe. We receive confirmation that a payment succeeded along with metadata such as amount, currency, and a Stripe identifier; we do not receive or store full card numbers, CVCs, or bank credentials. Hosts who accept payouts complete Stripe Connect onboarding directly with Stripe, which collects identity and tax information required by financial regulators (KYC).

Information collected automatically

  • Authentication cookies issued by our auth provider (Supabase) to keep you signed in. These are strictly necessary; without them the app cannot keep you logged in.
  • Limited request metadata captured by our hosting provider (Vercel) and database provider (Supabase) for security, abuse prevention, and performance — typically IP address, user agent, and request paths.
  • Venue search queries sent to Google when you use the Google Places venue picker on the event creation form.

Mesh does not currently run third-party analytics or advertising trackers. If that changes we will update this policy and notify users.

How we use information

  • Operate the marketplace: show event listings, route sponsor interest to the right host, advance deal state, and display public host and organization profiles.
  • Process payments through Stripe and trigger host payouts after a sponsor confirms the impact report.
  • Send transactional emails through Resend — for example, “new sponsor interest,” “your interest was accepted,” deal status updates, and password resets. These are essential to the service and you cannot opt out while you have an active account or deal.
  • Maintain trust and safety: detect abuse, mediate disputes, and enforce our terms. Mesh administrators may review deals and listings as part of moderation.
  • Improve the product, debug issues, and protect Mesh, our users, and the public from fraud or harm.
  • Comply with legal obligations and respond to lawful requests.

How we share information

With the other party to a deal

Mesh is a marketplace, so most sharing happens between hosts and sponsors as part of normal operation:

  • When a sponsor expresses interest, the host sees the sponsor’s organization name, industry, and representative.
  • Once a host accepts, both parties can see each other’s contact details, exchange messages, and view files attached to the deal.
  • Impact report content (attendee counts, photos, highlights) is visible to the sponsor on the deal it belongs to.

Public information

Some content is intentionally public so the marketplace can function:

  • Event listings (title, poster, host display name, venue city, date, capacity) are browsable without an account.
  • Public host and organization profile pages display the information you put on them.

You control what goes on your profile and listings. Don’t publish anything you don’t want to be public.

Service providers we rely on

We share information with vendors that run parts of our infrastructure under contract. They process data only on our behalf:

  • Supabase — database, authentication, and file storage (event posters, profile photos, sponsor assets, impact report photos, file cabinet uploads).
  • Vercel — application hosting and request routing.
  • Google — Google Sign-In (OAuth) and the Google Places API used by the venue picker.
  • Stripe — payment processing, payouts via Stripe Connect, refunds, and KYC for hosts who accept money.
  • Resend — transactional email delivery.

Administrators and moderation

Mesh administrators have visibility into accounts, events, deals, and disputes for moderation, mediation, and quality control. Where the deal is in dispute, an administrator may review the impact report, deal history, and resolve refunds or payouts.

Legal and safety

We may disclose information when we believe in good faith that disclosure is required by law, necessary to enforce our terms, or needed to protect the rights, property, or safety of Mesh, our users, or others.

Business transfers

If Mesh is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.

We do not sell your personal information.

Data retention

  • Account, profile, and event data are kept while your account is active.
  • Deal records (status history, messages, ratings) are retained as long as either party may need them — including after a deal settles — so the marketplace history stays intact.
  • Files in the deal file cabinet are subject to an automatic retention policy and may be purged after a deal has been settled or cancelled for an extended period.
  • Payment and tax records are retained as required by law, typically several years.
  • Backups and security logs are retained for a limited period for restore and abuse-prevention purposes.

When you delete your account we delete or anonymize your profile and disable future use, but information embedded in shared deals (such as messages already sent or transactions already completed) may remain visible to the other party for record-keeping.

Your choices and rights

  • Access and update your profile, organization, and event listings at any time from your dashboard.
  • Cancel deals with a written reason; refunds (if any) follow Mesh’s refund policy.
  • Delete your account by contacting us at the address below. We will remove or anonymize your personal data subject to the retention rules above.
  • Depending on where you live, you may have rights under GDPR, UK GDPR, CCPA/CPRA, or similar laws — including the right to access, correct, delete, port, or restrict processing of your personal data, and to object to certain uses. Contact us to exercise these rights and we’ll respond in line with applicable law.
  • Transactional emails (deal updates, payment confirmations, password resets) cannot be turned off while you have an active account, because they are essential to the service. Any future marketing email will include an unsubscribe link.

Security

We use industry-standard practices to protect your data, including TLS in transit, encrypted storage at rest with our infrastructure providers, role-based access control, and database row-level security so that one user cannot see another user’s private data. Payments are handled by Stripe; we never see your card details. No system is perfectly secure — if we discover a security incident affecting your account we will notify you in line with applicable law.

International transfers

Mesh is operated using cloud infrastructure that may store and process information in regions different from where you live, including the United States and the European Union. When personal data moves across borders, our service providers contractually commit to safeguards consistent with applicable privacy laws.

Children

Mesh is intended for adults conducting sponsorship business. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us and we will delete it.

Changes to this policy

We may update this policy as the product evolves. When we make material changes we’ll update the “Last updated” date above and, where appropriate, notify active users by email or in-app banner. Continued use of Mesh after a change means you accept the updated policy.

Contact

Questions, requests, or concerns? Email contact@meshnow.io.

← Back to home
Privacy Policy | Mesh | Mesh