DOC. MESA-LEGAL · SECURITY

Security

Mesa runs sales floors, which means it holds the data those floors run on. Protecting it is a first-class part of the product, not an afterthought.

ISOLATION

Tenant isolation

Every workspace is scoped so one tenant can never see another's data. Queries are scoped and row-level rules are enforced at the database.

ACCESS

Role-based access

Access follows the role: a rep sees their own, a leader sees their crew, an owner sees the office. Tightest scope by default.

ENCRYPTION

Encryption in transit

Traffic is served over HTTPS, and credentials are never handled in plain text.

AUDIT

Auditable by design

Sensitive actions are logged. When a rep disputes a certification, a score, or a comp adjustment, there is a paper trail.

AI CONTROL

You set the autonomy

AI agents run at the level you choose per workflow: automatic, approve-first, or hands-off. Nothing fires beyond the bound you set.

PROVIDERS

Vetted subprocessors

Hosting, communications, and AI providers operate under written terms. See the DPA for details.

SECURITY QUESTIONS?

Tell us what your review needs.

For security questionnaires, the subprocessor list, or a signed DPA, reach out and we will help.

Contact us →