Privacy Policy
Effective Date: July 1, 2026
Last Updated: July 1, 2026
Mesh Intelligent Technologies, Inc.'s Pieces ("Pieces", "we", "us", or "our") knows that you care about how your personal information is used and shared, and we take your privacy seriously. In this Privacy Policy, we describe how we collect, use, and handle your personal information when you use our services, software, technology, and websites ("Services"). This Privacy Policy applies when Pieces is the data controller with regard to the personal information referenced in it.
This Privacy Policy does not apply where Pieces acts as a data processor on behalf of an organization — for example, where your employer provisions Pieces for you under an enterprise agreement. In that case, that organization's agreement (including any Data Processing Addendum) governs, and you should direct privacy requests to your organization.
Pieces stores your data locally on your device. By default, we do not store your memories or content on our cloud. To make your memories useful, however, Pieces uses large language models ("LLMs") running in the cloud: as part of forming, enriching, and summarizing your memories, and when generating chat responses, Pieces sends relevant textual, visual, and audio-derived data from your device to a cloud LLM to be processed. That cloud LLM is either a default model provisioned by Pieces or, for members of an organization, a model provisioned by their organization and connected via "Bring Your Own Key" (BYOK). This cloud processing is transient — the data is used to return a result and is not retained on our cloud afterward. We never use your content to train our models. This Privacy Policy explains these practices in detail.
Pieces's address is:
Mesh Intelligent Technologies, Inc. 1311 Vine St., Unit 301 Cincinnati, OH 45202 United States
Summary of Key Points
- Stored on your device. Your memories and content are saved locally on your device. By default, we do not store your memories or content on our cloud. The limited exceptions are optional cloud backup (if you enable it), usage analytics you have left enabled, and data synced through connectors you set up.
- Processed with cloud LLMs. To form, enrich, and summarize your memories, and to answer chat prompts, Pieces sends relevant text, visual, and audio-derived data from your device to a cloud LLM — either a Pieces-provisioned default model or your organization's own BYOK model. This processing is transient and is not retained on our cloud afterward.
- Some processing stays on-device. Capture, text extraction (OCR), retrieval, and search run on your device, and — where your device supports it — audio transcription runs locally too.
- Sensitive data is redacted before cloud processing. Before content is sent to a cloud LLM, Pieces runs an on-device redaction step that is designed to remove personal identifiers, credentials, keys, and financial data. Automated redaction is not perfect and may not catch everything.
- You choose what Pieces captures. You control which capture sources (screen, clipboard, audio, files, browser) are enabled, can allow/deny specific apps and websites, and can disable usage analytics.
- No training on your data. We never use your content, personal information, or Google user data to train, fine-tune, or improve any Pieces AI/ML model. Our proprietary models are trained on synthetic datasets.
- We do not sell your personal information and do not use it for cross-context behavioral advertising.
Table of Contents
- Information We Collect
- How Your Data Is Processed
- How We Use Your Information
- AI Models and Training
- Google User Data
- Legal Bases for Processing (GDPR)
- How We Share Your Personal Information
- Subprocessors
- Security of Personal Information
- Data Retention
- International Data Transfers
- Cookies and Local Storage
- Children's Privacy
- Your Privacy Rights and Choices
- Automated Decision-Making
- Advertising and Marketing
- California Residents (CCPA/CPRA)
- Nevada Residents
- Changes to This Privacy Policy
- Accessibility
- Contact
1. Information We Collect
We collect and use the following information to provide, improve, protect, and promote our Services.
Account Information. We collect, and associate with your account, the information you provide when you do things such as create your account and upgrade to a Pieces account that includes paid features ("Paid Account"). This may include your name, email address, and billing information (payment card details are handled by our payment processor, not stored by us).
Your Content. Our Services are designed as a simple and personalized way for you to capture and store your code, files, data, memories, content, and other information ("Your Content"). Your Content is stored locally on your device. Depending on the capture sources you enable, Your Content may be formed from: screen/window context (captured as a cropped screenshot and converted to text on your device), clipboard activity, files and code you work with, browser activity, and — if you enable it — audio (microphone and/or system audio). Related information may also be handled, such as file names, file sizes, timestamps, the application a piece of content came from, the identity of collaborators (where you collaborate or share), and usage activity.
Data from Connected Third-Party Services (including Google user data). If you choose to connect a third-party account — such as a Google account — to Pieces, we will access and process data from that third-party service solely to provide or improve the user-facing features of Pieces that you have connected and that are prominent in the Pieces user interface. Connector data may be synced through our cloud infrastructure to your device. The categories of Google user data we may access, the purposes for which we access them, and the limits on our use of that data are described in Section 5 ("Google User Data").
Usage Analytics and Diagnostics. Pieces can collect usage analytics and diagnostic information (such as feature-usage metrics, performance metrics, and crash reports) to help us detect abuse, fix problems, and improve the Services. You can enable or disable this collection through the application's privacy settings. When enabled, this data may include limited content such as your prompts. Crash reports are processed with personal-data scrubbing where feasible.
Device and Log Information. We collect information from and about the devices you use to access the Services, such as IP address, device and operating-system type, and browser type. We also collect log information about how the Services perform, including access times and error logs. Depending on their settings, your devices may transmit approximate location (for example, derived from IP address) for security and performance purposes.
Cookies and Other Technologies. We use technologies like cookies and pixel tags on our marketing website to understand how you interact with it, improve it, and compile statistics. See Section 12 ("Cookies and Local Storage").
Do Not Track. Do Not Track ("DNT") is a privacy preference you can set in your web browser. We honor DNT and recognized opt-out preference signals where technically feasible and legally required. For information about DNT, visit www.allaboutdnt.com.
Information We Do Not Intentionally Collect. We do not intentionally collect special-category or sensitive personal data (such as health, biometric, or government-ID information). Because Pieces captures your work context, Your Content could incidentally include sensitive information; the on-device redaction step is designed to reduce this before any cloud processing, and you can exclude specific apps, websites, and sources.
2. How Your Data Is Processed
Pieces uses a hybrid architecture: your data is stored locally, but is processed using both on-device models and cloud LLMs. The vast majority of your data always remains on your device; our cloud is used to run AI processing, not to store your content.
- Local storage. Your memories and content are saved on your device. By default we do not store them on our cloud. The only circumstances in which your content may reach our servers are: (i) if you enable optional cloud backup; (ii) if you leave usage analytics enabled (which may include limited content such as prompts); and (iii) data you sync through connectors you set up.
- On-device capture and text extraction. When you enable context capture, Pieces detects relevant activity, captures a cropped screenshot of the active window, and converts it to text on your device using your operating system's built-in text recognition where available, or a bundled on-device model on platforms without one. Screenshots are stored locally (encrypted on disk) only while they are being processed and are then deleted; they are not sent to or stored on our cloud.
- On-device redaction (before content is sent to the cloud). Before content is transmitted to a cloud LLM, it passes through the Pieces on-device redaction engine, which uses pattern-matching and rules-based detection to remove personal information, credentials, API keys, and financial data. This is designed so that redacted — not original — text is what we transmit for cloud processing. Automated redaction has inherent limitations and may not remove every instance of sensitive data.
- On-device relevance filtering. Pieces applies on-device filtering that is designed to avoid processing content unrelated to your work (for example, non-work audio is scored on-device and skipped before any transcription or cloud processing).
- On-device retrieval. When you query your memories, retrieval and search (embeddings, similarity search, and ranking) run on your device. No data leaves your device during retrieval.
- Cloud LLM processing. Forming memories, enriching and summarizing them, and generating chat responses use LLMs that run in the cloud. Pieces sends the redacted, relevant payload from your device to a cloud LLM, which processes it to return the requested result.
- Which model processes your data. The cloud LLM is either (i) a default model provisioned by Pieces (routed through our LLM routing provider), or (ii) for members of an organization, a model provisioned by that organization and connected via BYOK. Where a BYOK model is used, your data is processed by the model provider your organization has configured, under that provider's and your organization's terms.
- Cloud routing and proxy. Traffic to cloud LLMs passes through a Pieces proxy that runs on short-lived cloud instances and processes each request in memory to authenticate it, route it to the correct model, enforce rate limits, and screen for abuse (for example, checking request size and abuse/jailbreak patterns). By default, the content of your requests and responses is not persisted by the proxy; organizations may enable additional audit logging. Data is encrypted in transit (see Section 9).
- On-device transcription. For audio, Pieces transcribes locally where your device supports it, so the audio never leaves the device. If local transcription is unavailable (or an organization has configured cloud transcription), the audio is transcribed in the cloud transiently and the raw audio is deleted immediately afterward. Raw audio is never retained after transcription.
- Transient processing; no cloud archive. Data sent to the cloud is used to produce a result for you and is not retained on our cloud afterward. We do not build a cloud-side archive of your memories or content.
- Optional cloud backup (off by default). You may choose to enable encrypted cloud backup of your local database. When enabled, an encrypted copy of your local database is stored either in Pieces-managed Google Cloud storage or, in some configurations, in your own cloud storage, with a rolling retention period (up to 35 days). If you do not enable backup, no copy of your content is stored on our cloud.
If you use Pieces through an organization, your administrator may set organization-wide policies (such as which capture sources or models are allowed) and may route cloud processing through the organization's own model provider.
3. How We Use Your Information
Important limitation for Google user data — read first. None of the uses described in this section apply to Google user data except to the extent they constitute providing or improving the user-facing features of Pieces that you have connected and that are prominent in the Pieces user interface. Pieces's use of Google user data is restricted exclusively to the purposes described in Section 5 ("Google User Data") and is governed at all times by the Google API Services User Data Policy, including the Limited Use requirements.
We may use your information (other than Google user data) for the following purposes:
- To present our Services and their contents to you.
- To provide you with information, products, or services that you request, and to respond to support requests.
- To provide you with notices about your Pieces account.
- To carry out our obligations and enforce our rights arising from any contracts between you and us, including for billing and collection.
- To notify you about upgrades or changes to the Services.
- For aggregated statistical analysis of how you and others use our Services (does not apply to Google user data).
- To develop, improve, secure, and market our Services (does not apply to Google user data).
- For the management of our relationships and the administration of our Services and business (does not apply to Google user data).
- As necessary for security purposes or to investigate possible fraud, abuse, or attempts to harm Pieces or our users.
- To comply with our legal obligations, protect our intellectual property, and enforce our Terms of Service.
- For any other legal purpose with your consent.
We may also use contact information you voluntarily provide directly to us to tell you about goods and services we believe may interest you (this does not apply to Google user data). If you do not want us to use your information this way, email legal@pieces.app.
4. AI Models and Training
We never use your data to train our models. Your content, personal information, and Google user data are never used to train, fine-tune, evaluate, or improve any Pieces AI or machine learning model, whether generalized or personalized. This applies to all product components, including Long-Term Memory, Copilot interactions, context injection, transcription, and metadata generation.
Our proprietary on-device models are trained exclusively on synthetic datasets generated using non-user-derived methods. When Pieces sends your data to a cloud LLM to form, enrich, or summarize memories or to generate a chat response, the model is invoked solely to produce the requested output for you in that moment.
Cloud LLM providers. When Pieces uses a default cloud model, the model is operated by a third-party LLM provider (reached through our LLM routing provider) acting as our subprocessor under terms that do not permit using your data to train that provider's models. When your organization uses a BYOK model, your data is processed by the provider your organization has configured, subject to that provider's and your organization's terms rather than Pieces's default arrangements.
We may use de-identified or aggregated data for legitimate business purposes such as abuse detection, cost verification, and service improvement, and we maintain such data in de-identified form. Where you have left usage analytics enabled, we may also use that data to improve the Services; you can disable analytics at any time in the application's privacy settings.
5. Google User Data
This section describes how Pieces accesses, uses, stores, shares, and protects data obtained from Google APIs ("Google user data"). It applies in addition to, and where in conflict overrides, the other provisions of this Privacy Policy with respect to Google user data.
Compliance with the Google API Services User Data Policy. Pieces's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
What Google user data we access. When you connect a Google account to Pieces (for example, to use the Google Calendar connector), we request only the OAuth scopes required to operate the feature you have connected. The specific categories of Google user data we access depend on the connector you authorize and may include, for example, your Google account identifier and email address (for authentication and account linking) and your Google Calendar events, calendars, and event metadata (for the Google Calendar connector). At the time you authorize a connector, Google will display the exact scopes being requested.
How we use Google user data. We use Google user data solely to provide and improve the user-facing features of Pieces that you have connected and that are prominent in the Pieces user interface. For example, if you connect Google Calendar, we use the data we access to display, sync, and operate the calendar features inside Pieces at your direction. We do not use Google user data for any purpose other than providing or improving these user-facing features.
Affirmative prohibitions. Pieces does not, and will not:
- Use Google user data to serve advertisements of any kind, including retargeted, personalized, or interest-based advertisements.
- Transfer or sell Google user data to advertising platforms, data brokers, or information resellers.
- Use Google user data for any general marketing, promotional, or business-development purpose.
- Use Google user data to develop, train, fine-tune, evaluate, or improve any artificial intelligence or machine learning model, whether generalized, personalized (including per-user models), or operated by a third party. Where Pieces uses AI/ML at inference time to deliver a feature you have specifically requested on your Google user data (such as summarization of content you have explicitly directed Pieces to process), the model is invoked solely to produce the requested output for you in that moment; your Google user data is not retained, logged, or otherwise used to train, fine-tune, evaluate, or develop any model, and is not used to improve any model serving you, other users, or any third party.
- Allow humans to read Google user data, except: (i) with your affirmative, in-product consent for specific Google user data, requested at the point of access; (ii) as necessary for security purposes (such as investigating abuse or a security incident); (iii) to comply with applicable law; or (iv) where the data has been aggregated and anonymized for limited internal operations such as service reliability, abuse prevention, security, and legal compliance, in accordance with the Limited Use requirements.
How we share Google user data. We do not share Google user data with third parties except: (i) with sub-processors and service providers that host or operate infrastructure on our behalf, strictly to deliver the user-facing features you have connected, under contractual obligations consistent with the Google API Services User Data Policy; (ii) where you have given us explicit consent to share specific Google user data with a specified third party; (iii) as necessary for security investigations or to comply with applicable law; or (iv) as part of a merger, acquisition, or sale of assets, but only with your explicit prior consent for the transfer of Google user data.
How we store and protect Google user data. Google user data is transmitted over TLS and stored on servers operated by reputable cloud providers using encryption at rest. Access is restricted to authorized personnel who require it to operate or support the connected feature, subject to access controls, logging, and the human-access limitations described above.
Retention of Google user data. We retain Google user data only for as long as necessary to provide the connected feature to you. You may disconnect a Google account from Pieces at any time from within the application, which will cause Pieces to stop accessing further Google user data from that account. Upon disconnection or upon a deletion request, Pieces will delete the Google user data we hold from that account within thirty (30) days, except where retention is required to comply with our legal obligations or to establish, exercise, or defend legal claims.
Revoking Pieces's access to your Google account. You can revoke Pieces's access at any time by visiting your Google Account permissions page at https://myaccount.google.com/permissions, or by disconnecting Google from within Pieces. To request deletion of Google user data we hold, email legal@pieces.app.
6. Legal Bases for Processing (GDPR)
To the extent our processing of your personal information is subject to laws such as the EU/UK General Data Protection Regulation ("GDPR"), we process personal information on the following legal bases:
- Performance of a contract. When you create a Pieces account or hold a Paid Account, we process the information necessary to provide the Services you have contracted for.
- Legitimate interests. We process personal information for our legitimate business interests, including managing user relationships, administering our Services and business, ensuring security, and maintaining the confidentiality, availability, and resilience of the Services — balanced against your privacy rights.
- Consent. Where we process personal information for other purposes (for example, optional analytics or certain marketing), we ask for your consent, which you may withdraw at any time.
- Legal obligation. We process personal information where necessary to comply with applicable law.
7. How We Share Your Personal Information
Sharing of Google user data is additionally governed by Section 5; where the two conflict with respect to Google user data, Section 5 controls. We do not sell your personal information.
Service Providers and Subprocessors. We use third-party service providers as processors to help us provide, improve, protect, and promote our Services (for example, cloud hosting, LLM routing/inference, payments, authentication, email delivery, analytics, and support). These providers may access personal information only to perform tasks on our behalf and are bound by contractual obligations, including Data Processing Addenda where applicable. Our current subprocessors are listed in Section 8.
Organizations and Administrators. If you use Pieces through an organization (for example, an account provisioned by your employer, or one linked to your organization by a matching email domain), we may make account and usage information available to that organization's administrators, who may manage your access and set policies. Where your organization uses BYOK, your cloud processing is routed to the organization's chosen model provider.
Other Users. Our Services may display information such as your name, profile picture, email address, and usage information to other users with whom you collaborate or choose to share. Where the email address you registered with Pieces happens to match an address returned by Google OAuth, Pieces displays only the copy collected directly through account registration and does not expose Google user data to other users, except where you have explicitly directed Pieces to share specific Google user data with a specified user.
Other Applications and Integrations. You may connect your Pieces account with third-party services — for example, via Pieces APIs or the Model Context Protocol (MCP), which lets compatible AI tools access your Pieces context at your direction. Those third parties' use of your information is governed by their own privacy policies and terms. Pieces does not transmit Google user data through Pieces APIs to third-party applications for promotional, advertising, or marketing purposes. Where you affirmatively initiate, through the Pieces user interface, a specific share of specific Google user data with a specifically identified third party, we will transmit only the Google user data you have authorized.
Legal Purposes, Protection, and the Public Interest. Pieces may disclose personal information if required in response to a valid subpoena, court order, search warrant, or similar government order, or when we believe in good faith that disclosure is necessary to comply with legal obligations; to enforce our agreements; or to protect the rights, property, safety, or security of Pieces, our employees, our users, third parties, or the public. Where legally permitted, we will notify the affected user or customer.
Business Transfers. If Pieces is involved in a merger, acquisition, or sale of assets, or enters bankruptcy, personal information may be transferred as a business asset, and any acquirer may continue to use your personal information as set forth in this Privacy Policy. With respect to Google user data, any such transfer will occur only with your explicit prior consent, as required by the Google API Services User Data Policy.
8. Subprocessors
We maintain a minimal vendor dependency model. Our current subprocessors include:
| Subprocessor | Purpose |
|---|---|
| Google Cloud Platform | Cloud infrastructure, storage, and analytics data warehousing |
| GitHub | Code repository and development workflow |
| OpenRouter | LLM routing for cloud AI processing (default models) |
| Cloudflare | Connector authentication/proxy for third-party integrations |
| Paddle.com | Payments (Merchant of Record) |
| Descope.com | Authentication |
| Sentry.io | Crash and error reporting (personal data scrubbed where feasible) |
| SendGrid | Transactional email delivery |
| HubSpot | CRM and support |
| Customer.io | Email communications |
| Segment | Usage analytics and abuse detection (configurable; can be disabled) |
| Satismeter | NPS and product feedback (optional) |
| Google Workspace | Internal email and productivity |
We publish our current subprocessor list and provide advance notice of material changes where required by contract.
Cloud LLM providers. Because memory formation, enrichment, summarization, and chat are performed by cloud LLMs, data from your device is processed by an LLM provider acting as our subprocessor (for example, providers such as OpenAI, Anthropic, or Google) solely to return the requested output. Where your organization has configured a BYOK model, your data is instead processed by the provider your organization has selected, under that provider's and your organization's terms. If your organization uses BYOK, the organization's encrypted provider credentials are stored using our cloud secrets management and are accessible only to the automated systems that route requests.
9. Security of Personal Information
Pieces implements reasonable administrative, technical, and physical measures designed to protect personal information from accidental loss and from unauthorized access, use, alteration, and disclosure, including:
- Encryption in transit using TLS 1.3 (or TLS 1.2 with strong cipher suites), and encryption at rest using AES-256 provided by our cloud infrastructure. Locally cached data on your device is also encrypted.
- Authentication through a dedicated identity provider (Descope), with support for multi-factor authentication (MFA). Enterprise deployments may use SSO and, where available, customer-managed encryption keys (CMEK).
- Access controls based on least privilege, with periodic access reviews.
- SOC 2 Type II certification, regular security audits, and independent third-party penetration testing.
Breach notification. If we become aware of a personal-data breach affecting your information, we will notify affected users or customers without undue delay (and, where we act as a processor for an organization, within the timeframe required by our agreement, generally within 24 hours of confirmation). Where required, we will notify the relevant supervisory authority within the legally mandated period (for example, within 72 hours under the GDPR).
No method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and limiting access to your devices.
10. Data Retention
We retain information for as long as your account exists or as long as we need it to provide the Services, and no longer than necessary for the purposes it was collected, unless a longer retention period is required by law. Our standard retention schedule is:
| Data Category | Examples | Standard Retention Period |
|---|---|---|
| Account & Billing Data | Registration details, invoices, tax identifiers | Account duration + 7 years post-termination (for tax, audit, and regulatory compliance) |
| Your Content (on your device) | Memories, snippets, chats, notes, files | Stored locally; retained until you delete it. Not stored on our cloud by default. |
| Cloud Backups (if enabled) | Encrypted copy of your local database | Rolling retention up to 35 days |
| Usage Analytics & Diagnostics (if enabled) | Feature-usage and performance metrics, crash reports, and limited content such as prompts | 180 days (rolling) |
| Security & Access Logs | Authentication records, API access logs | 90 days (rolling) |
| De-identified / Aggregated Data | Usage statistics | Until no longer required for legitimate business purposes |
| Support & Communications | Service requests, correspondence | 2 years following case closure |
Your memories and content stored on your device are retained until you delete them. Data sent to a cloud LLM for processing is not retained on our cloud afterward. Google user data is retained only as long as necessary to provide the connected feature (see Section 5).
11. International Data Transfers
To provide the Services, your personal information may be transferred to, stored, or processed on servers outside your home country. Our primary cloud region is Google Cloud's Ohio, USA region (us-east5), and regional options (including the EU and Australia/Sydney) may be available for eligible organizations. Where we transfer personal information across borders, we rely on legal mechanisms approved under applicable law, including Standard Contractual Clauses (SCCs) or equivalent safeguards, and take steps to ensure your privacy rights continue to be protected. Because Your Content is stored on your device, most of it does not cross borders through Pieces at all.
12. Cookies and Local Storage
We use cookies and local storage technologies for authentication, user-preference management, and analytics on our marketing website, subject to applicable consent requirements. You can manage these through your browser or application settings. We honor "Do Not Track" and recognized opt-out preference signals where technically feasible and legally required.
13. Children's Privacy
Our Services are not intended for individuals under 13 years of age (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If personal information from a child is inadvertently collected, please contact legal@pieces.app to request its removal.
14. Your Privacy Rights and Choices
You have control over your personal data and how it is collected, used, and shared.
- Control what Pieces captures. You can enable or disable each capture source (screen context, clipboard, audio, files, browser activity) and set allow/deny rules for specific applications and websites. Audio capture additionally requires operating-system-level permissions, and revoking those permissions immediately halts audio capture.
- Control analytics and backup. You can disable usage analytics and diagnostics in the application's privacy settings, and you control whether optional cloud backup is enabled.
- Delete. You can delete individual items, or delete captured memories by time span and source application (and clear all captured history at once). Deleting a memory also removes derivatives that referenced it.
- Export. You may export Your Content at any time through our cloud or local APIs, or via the UI, in industry-standard formats such as JSON and CSV. We do not use proprietary lock-in formats. Exported data remains available for re-download for 30 days after export.
- Disconnect integrations. You may revoke Pieces's access to a connected Google account at any time by disconnecting it within Pieces or at https://myaccount.google.com/permissions.
- Withdraw consent / update / correct. Where processing is based on consent, you may withdraw it at any time. You may update or correct certain personal information from your account page or by contacting legal@pieces.app.
Additional Rights as a Data Subject
Depending on your jurisdiction, you may have the following rights:
- Access. Request a copy of the personal information we hold about you.
- Deletion/Erasure. Request deletion of your personal information. Information may be retained where required for our compliance with a legal obligation or for the establishment, exercise, or defense of legal claims. Standard deletion requests are processed within 30 days (up to 60 days for complex requests), with corresponding backup data purged within 35 days. On request, we will provide written confirmation of deletion.
- Correction. Request that we correct inaccurate personal data. Because of how AI models work, we cannot guarantee the accuracy of AI-generated output, but we will make reasonable efforts to address correction requests.
- Restrict/Object. Restrict or object to processing of your personal information, including for direct marketing.
- Data Portability. Where processing is based on consent or contract and carried out by automated means, receive your personal information in a structured, commonly used, machine-readable format and transmit it to another controller.
- Appeal. Where we decline a request, you may appeal by contacting legal@pieces.app.
- Complain to an Authority. Lodge a complaint with a relevant supervisory or regulatory authority.
To exercise these rights, email legal@pieces.app or write to us at the address in Section 21. We may verify your identity before responding, and we aim to respond within applicable statutory timeframes (typically 30–45 days). Following account termination, you have 60 days to export any cloud-stored data before it is deleted. We will not discriminate against you for exercising your privacy rights.
15. Automated Decision-Making
Pieces does not make decisions that produce legal or similarly significant effects about you based solely on automated processing. AI features generate suggestions, summaries, and responses to assist you; they do not make consequential decisions about you without human involvement.
16. Advertising and Marketing Through Third-Party Platforms
We may use contact information you voluntarily provide directly to us (for example, through a newsletter signup or account registration) to advertise our services on third-party platforms such as Meta and Google, including through custom audiences. You may opt out by contacting legal@pieces.app. We do not use your personal data for cross-context behavioral advertising, and we do not process sensitive personal data to infer characteristics about you.
Google user data is not used for advertising or marketing. Pieces does not use Google user data — including email addresses, contact information, or any other information obtained from Google APIs — for advertising or marketing of any kind, on any platform (including Google's own advertising products), and does not upload, hash, or transmit Google user data to any advertising platform for custom audiences, lookalike audiences, retargeting, or any other purpose. Where a user's account email happens to match the email returned by Google OAuth, Pieces uses only the copy collected directly through account registration for any advertising or marketing audience.
17. California Residents — CCPA/CPRA Notice and Other California Privacy Rights
This section applies only to California residents and describes how Pieces collects, uses, and shares personal information when we act as a "business" under the California Consumer Privacy Act, as amended by the CPRA ("CCPA"). Terms defined in the CCPA have the same meaning here.
Personal Information We Collect. Over the preceding 12 months, we have collected the following categories of personal information (as defined by the CCPA): identifiers; personal information categories listed in the California Customer Records statute; commercial information; internet or other electronic network activity; and geolocation data. Each category is used for the purposes described in Section 3 and disclosed to the categories of third parties described in Section 7. For Google user data, Section 5 controls.
How We Obtain Personal Information. We obtain personal information directly and indirectly from your activity on our websites and your use of the Services.
Disclosures for a Business Purpose. In the preceding 12 months, we disclosed identifiers, personal information, and internet or electronic network activity to service providers for business purposes such as maintaining accounts, providing customer service, and fulfilling orders.
Sale or Sharing of Personal Information. In the preceding 12 months, Pieces has not sold personal information and has not shared personal information for cross-context behavioral advertising as those terms are defined under the CCPA. We do not knowingly sell or share the personal information of consumers under 16.
Service Provider Role. Where Pieces processes personal information on behalf of an organization, Pieces acts as a "service provider" and processes that information only for the purposes specified in our agreement.
Your California Rights. Subject to verification, you have the right to: know/access the categories and specific pieces of personal information we collect; know the sources, purposes, and third parties involved; request deletion; request correction; and not be discriminated against for exercising your rights.
Exercising Your Rights. Submit a verifiable consumer request by emailing legal@pieces.app. You may make a request for access or portability twice within a 12-month period. Only you, or a person authorized to act on your behalf, may make a request. We will respond within 45 days (extendable with notice) and will not charge a fee unless the request is excessive, repetitive, or manifestly unfounded.
18. Nevada Residents
Nevada residents have the right to opt out of the sale of certain personal information. Pieces does not currently sell Nevada residents' personal information. To submit an opt-out request should our practices change, contact legal@pieces.app with the subject line "Nevada Do Not Sell Request" and include your name and the email address associated with your account.
19. Changes to This Privacy Policy
We may revise this Privacy Policy from time to time and will post the most current version on our website with an updated effective date. If a revision meaningfully reduces your rights, we will notify you. You are bound by changes to this Privacy Policy when you access or use the Services after the changes have been posted.
20. Accessibility
If you are a user with a disability, or an individual assisting a user with a disability, and need alternative access to this Privacy Policy, please contact legal@pieces.app.
21. Contact
Have questions or concerns about Pieces, our Services, your personal information, our use and disclosure practices, or your consent choices? Contact us:
For all inquiries — including privacy and data subject requests (our data protection contact), security and incident reports, legal notices, and general support — contact us at legal@pieces.app.
You can also write to us at:
Mesh Intelligent Technologies, Inc. 1311 Vine St., Unit 301 Cincinnati, OH 45202 United States
You also have the right to contact your local data protection supervisory authority.