[YOUR LEGAL ENTITY], [REGISTERED ADDRESS]) must be filled in by your counsel before publication. This text is a starting point, not legal advice.Privacy Policy
Effective April 26, 2026
This Privacy Policy describes how [YOUR LEGAL ENTITY] ("HelpMesh", "we", "us") collects, uses, shares, and safeguards information when you use our customer support platform (the "Service"). It applies to data we process as a controller (account, billing, marketing) and as a processor on behalf of our customers (data they ingest into the Service to operate their own customer support).
1. Information we collect
Account data
Workspace name, email address, name, role, language, time zone.
Customer support content (processor)
Tickets, conversations, attachments, custom fields, knowledge base articles, customer contacts, agent notes. We process this on behalf of our customer (the workspace owner) and only for the purposes set out in their instructions and our Data Processing Addendum.
Telemetry
Pages visited, performance metrics, feature usage, IP address (truncated for analytics), user agent, error reports. Cookies and similar technologies are described in our Cookie Policy.
Billing data
Plan, payment-method last four digits, invoice history. Card numbers are stored by our payment processor (Stripe), not on our infrastructure.
2. How we use information
- To provide, secure, and improve the Service.
- To authenticate users, enforce role-based access control, and detect abuse.
- To send transactional notifications (e.g. password reset, billing).
- With consent, to send product updates and marketing.
- To comply with legal obligations, including law-enforcement requests where lawful.
3. Legal bases (where GDPR or comparable law applies)
- Contract — to operate the Service you have signed up for.
- Legitimate interest — to keep the Service safe and improve it.
- Consent — for non-essential cookies and direct marketing.
- Legal obligation — tax, audit, lawful access requests.
4. Data residency
Customer data is hosted in Mumbai (ap-south-1). Per-tenant region selection is on our roadmap; we will not move existing customer data without notice.
5. Sharing
We share information with sub-processors who help us run the Service (cloud infrastructure, email delivery, payment processing, analytics). The current list of sub-processors is published at /legal/subprocessors.
We do not sell personal information. We do not share customer support content with third parties for advertising.
6. Retention
Customer support content is retained for the lifetime of the workspace, plus 30 days after termination, unless deleted earlier under the customer's configured retention policy or via a deletion request. Audit logs are retained for two years.
7. Your rights
Depending on your jurisdiction (GDPR, UK-GDPR, PDPL, CCPA, PIPEDA, DPDPA, others) you may have the right to access, correct, delete, port, restrict processing, or object to processing of your personal data. Submit requests to privacy@helpmesh.io. We respond within 30 days (72 hours for breach notification per applicable law).
8. Security
We use TLS 1.2+ in transit, AES-256 at rest, role-based access controls, multi-factor authentication for admins, and an immutable audit log of all data access and mutations. Our security commitments are detailed at /legal/security.
9. Children
The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact privacy@helpmesh.io and we will delete it.
10. Changes
We will notify customers of material changes by email at least 30 days before they take effect. The current version is always at https://helpmesh.io/legal/privacy.
11. Contact
Privacy questions: privacy@helpmesh.io
Data Protection Officer: dpo@helpmesh.io
Postal: [YOUR LEGAL ENTITY], [REGISTERED ADDRESS]