Mobasi

Privacy Policy

Effective: April 1, 2026

Mesa Intelligence, LLC (dba "Mobasi," "we," "us," or "our") operates the Mobasi platform and the mobasi.ai website. This Privacy Policy describes how we collect, use, and protect information when you use our services.

Where you have entered into a Master Service Agreement (MSA) or other written agreement with Mobasi, that agreement controls to the extent it conflicts with this policy.

Information We Collect

Account Information

When you create an account, we collect your name, email address, organization name, and authentication credentials. If you sign up through a third-party identity provider, we receive the profile information you authorize.

Usage Data

We collect information about how you interact with the platform, including API calls, feature usage, timestamps, and session metadata. This data helps us maintain service reliability and improve the product.

Customer Data

Data you submit to the platform for processing ("Customer Data") is handled according to your service agreement. Because the Mobasi agent runs on your own workstation, the Customer Data stored by Mobasi is limited to account and billing metadata (for example, organization name, service tier, and usage counts); substantive investigation data does not transit or reside on Mobasi-operated servers. We process Customer Data only as necessary to provide the services you request and do not use it for any other purpose.

Website Visitors

When you visit our website, we may collect standard web analytics data such as IP address, browser type, referring URL, and pages viewed.

How We Use Information

We use the information we collect to provide and maintain the platform, authenticate users and manage access, monitor for security threats, communicate with you about your account or our services, comply with legal obligations, and improve our products.

Third-Party AI Model Provider Data Processing

The Mobasi agent runs on the customer's own workstation and transmits reasoning-relevant evidence snippets and inference queries directly to the configured third-party AI model provider over HTTPS / TLS. Data does not pass through Mobasi-operated servers during inference. Current providers are Anthropic, OpenAI, and Google Cloud Vertex AI. AWS Bedrock and Microsoft Azure AI Services are on Mobasi's roadmap and may be added in the future.

Zero Data Retention. Mobasi maintains Zero Data Retention (ZDR) agreements with its AI model providers. Under these agreements:

  • Customer Data is not stored, logged, or retained by the AI provider beyond the duration of the API request.
  • Customer Data is not used to train, fine-tune, or improve any AI model.
  • No prompts, completions, or conversation logs are retained by the provider after the response is returned.

These protections are enforced through contractual agreements and enterprise API configurations. If a provider's policies change in a manner that affects these protections, we will update this policy and notify affected customers. Contact support@mobasi.ai for details on our ZDR agreements.

Data Sharing

We do not sell your personal information. We share information only in the following circumstances:

  • With cloud infrastructure providers and AI model providers as necessary to deliver our services.
  • With service providers that help us operate the platform, under contractual obligations to protect your data.
  • When required by law, regulation, or valid legal process.
  • To protect the rights, safety, or property of Mobasi, our users, or the public.

Service Providers

Mobasi uses the following categories of service providers who may process your data:

  • Infrastructure & Hosting: Google Cloud Platform (primary control plane for Mobasi-operated services and tenant provisioning), Vercel (static marketing site only). Customer tenants may also be provisioned on Amazon Web Services or Microsoft Azure where required by a customer's data-residency, regulatory, or architectural preferences; those environments are operated under the same controls described in our Security page.
  • Development & Collaboration: GitHub, Google Workspace
  • AI Model Providers: Anthropic, OpenAI, Google Cloud Vertex AI. AWS Bedrock and Microsoft Azure AI Services are on the roadmap.

Each provider has been assessed for security and data protection compliance. This list may be updated from time to time as our operations evolve.

Data Security

We implement technical and organizational measures to protect your information, including:

  • Encryption in transit using TLS 1.2 or higher, and at rest using AES-256.
  • Tenant-isolated infrastructure.
  • Role-based access controls.
  • Multi-factor authentication for administrative access.
  • Continuous monitoring.

For details, see our Security page.

Data Processing Addendum

A Data Processing Addendum (DPA) is available upon request for customers who require one. Contact privacy@mobasi.ai.

Data Breach Notification

In the event of unauthorized access, disclosure, or loss of your personal information, Mobasi will investigate the incident and determine its scope, notify affected customers without unreasonable delay (unless law enforcement requests a delay), provide a description of the incident and categories of data affected, and notify relevant regulatory authorities as required by applicable law. Notifications will be sent via email to the address associated with your account.

Data Retention

We retain account information for the duration of your account plus 90 days. Automated deletion of account-level personal information on the 90-day schedule is tracked as a planned control; interim deletion is performed manually on account-close events. Customer Data processed by the agent (evidence files) is not retained by Mobasi at all — it resides only on the customer's workstation and transiently at the AI model provider under ZDR. Usage and analytics data is retained in aggregated form for product improvement. Log data (administrative and infrastructure audit events) is retained for up to one (1) year for security and compliance purposes.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal information.
  • Restrict or object to certain processing.
  • Data portability.
  • Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@mobasi.ai. We will respond within 45 days.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the CCPA and CPRA provide you with specific rights. We collect the following categories of personal information: identifiers (name, email, IP address), commercial information (service tier, usage patterns), internet activity (API calls, feature usage, timestamps), and geolocation data (inferred from IP address).

Mobasi does not "sell" or "share" personal information as defined by CCPA. You have the right to know what personal information we collect, request deletion or correction of your personal information, and opt out of the sale or sharing of personal information (if applicable). We will not discriminate against you for exercising your CCPA rights. To exercise these rights, contact privacy@mobasi.ai with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days.

International Data Transfers

Our infrastructure is hosted on cloud providers located primarily in the United States. If you are located outside the United States and have questions about how your data is handled or your rights under applicable law, contact privacy@mobasi.ai.

Cookies

We use essential cookies to maintain session state and authenticate users. We may use analytics cookies to understand site usage. You can control cookie preferences through your browser settings. The platform application uses authentication tokens (not browser cookies) to manage session state.

Children's Privacy

The platform is not directed at or intended for use by individuals under 18. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information without parental consent, we will delete it promptly.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of the platform after changes take effect constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy or our data practices, contact us at privacy@mobasi.ai.

Mesa Intelligence, LLC (dba Mobasi) Austin, Texas