Mesa runs sales floors, which means it holds the data those floors run on. Protecting it is a first-class part of the product, not an afterthought.
Every workspace is scoped so one tenant can never see another's data. Queries are scoped and row-level rules are enforced at the database.
Access follows the role: a rep sees their own, a leader sees their crew, an owner sees the office. Tightest scope by default.
Traffic is served over HTTPS, and credentials are never handled in plain text.
Sensitive actions are logged. When a rep disputes a certification, a score, or a comp adjustment, there is a paper trail.
AI agents run at the level you choose per workflow: automatic, approve-first, or hands-off. Nothing fires beyond the bound you set.
Hosting, communications, and AI providers operate under written terms. See the DPA for details.
For security questionnaires, the subprocessor list, or a signed DPA, reach out and we will help.
Contact us →