Identity & access
- Organization-scoped credentials with explicit read and write permissions
- Revocable keys stored only as cryptographic hashes
- Cross-organization authorization regression tests
Meshi protects professional identity and relationship data with scoped access, encryption, traceable AI, and controlled integrations.
Security
Providers receive task-specific inputs, never direct database access.
Source namespaces and provenance metadata keep client-provided, connected, public, and derived inputs distinguishable.
Evidence stays separate from inference, with source context attached to derived intelligence.
Matching uses professional and networking attributes, not special-category attributes. Avoid unnecessary sensitive data in free-form inputs.
Users can initiate account deletion in product. Database hard-delete and audited organization-scoped purge paths exist; object-storage and derived-data deletion coverage remains in progress.
Subprocessors
Usage labels show when a provider can enter a product or operational data path.
API hosting and application compute
Managed Postgres database
Frontend hosting and web delivery
Private object storage
Durable workflow orchestration
Product analytics and browser error reporting
Transactional email
SMS, WhatsApp, and voice
Connected Gmail and Calendar actions
Server error reporting when configured
Signup and operational notifications, including signup contact metadata
Messaging-channel delivery and media handling
Optional onboarding and coach voice conversations
Turnstile bot protection for public docs chat
Trust Center logo delivery and request metering
AI inference and live voice
Model inference
Model inference and embeddings
Inference and capture workflows
Inference workflows
Public professional-data search
Public-profile enrichment
Enabled providers and processing locations vary by capability and deployment.
Logos provided by Logo.devResources
Controls, data flow, assurance status, and providers.
Draft notice describing how Meshi handles personal information.
Terms governing Meshi services.
Authentication, capabilities, data flows, and integration reference.
Discuss technical architecture and data flow for a proposed deployment.
Confirm in-path providers and their roles for a proposed deployment.
Discuss contractual privacy terms and security questionnaire needs.
FAQ
Meshi has not completed an external SOC 2 audit. Audit preparation, control ownership, policies, evidence packages, and identified technical work remain in progress.
Access is organization-scoped. Partner credentials carry explicit read and write permissions for one organization; deployment-specific requirements are agreed during onboarding.
Meshi uses TLS, provider encryption at rest for primary storage, application-layer encryption for OAuth credentials, and short-lived signed URLs for private objects.
Providers receive task-specific inputs, never database access. Evidence stays separate from inference, and enabled provider paths are reviewed for each enterprise deployment.
Matching covers professional and networking attributes, not special-category attributes. Clients should avoid unnecessary sensitive data in free-form inputs.
Users can initiate account deletion in product. Database deletion paths exist; object-storage and derived-data deletion coverage remains in progress. Enterprise retention requirements are defined during review.
An independent penetration test is planned. Current safeguards include code review, automated checks, authorization tests, and controlled releases.
Contact Meshi to scope an architecture, data-flow, provider, DPA, or questionnaire review for your proposed deployment.
The register names Meshi's current provider paths. Which providers and processing locations apply to a customer depends on the enabled capabilities and deployment.
Request a scoped architecture, provider, DPA, or questionnaire review.