Legal & Compliance
GDPR Notice
Effective April 7, 2026
Updated April 7, 2026
Scope EEA · UK · Switzerland

This GDPR Data Processing Notice supplements our Privacy Policy and applies to users located in the European Economic Area (EEA), United Kingdom, and Switzerland. It describes our obligations and your rights under the General Data Protection Regulation (GDPR).

Data Controller

Mezano Consulting LLC is the data controller for personal data processed through the Mezano Construction Management Platform.

Contact: info@mezanoconstructionmanagementplatform.com

  • Contract Performance (Art. 6(1)(b)) — Account registration, subscription management, service delivery, payroll processing, invoice generation
  • Legal Obligation (Art. 6(1)(c)) — Tax records, employment records, contractor licensing compliance
  • Legitimate Interests (Art. 6(1)(f)) — Security monitoring, fraud prevention, product improvement, analytics
  • Consent (Art. 6(1)(a)) — Marketing communications, optional analytics cookies — you may withdraw consent at any time

Categories of Personal Data

  • Identity data: name, job title, role
  • Contact data: email address, phone number, business address
  • Financial data: billing details (tokenized via Stripe), payroll information
  • Location data: GPS coordinates from employee time clock (consent required)
  • Technical data: IP address, browser type, session data, usage logs
  • Employment data: timesheet records, payroll history, tax documents (W-9)

International Data Transfers

The Platform is hosted on Microsoft Azure (Canada Central). Certain sub-processors are located outside the EEA:

  • Microsoft Azure — Canada (EU-Canada adequacy decision)
  • Stripe Inc. — United States (Standard Contractual Clauses)
  • Resend — United States (Standard Contractual Clauses)
  • Anthropic PBC — United States (AI Agent processing, Standard Contractual Clauses)

Copies of applicable transfer mechanisms are available upon request at info@mezanoconstructionmanagementplatform.com.

Data Retention

  • Account data: duration of subscription plus 7 years
  • GPS/location data: 3 years for payroll audit purposes
  • Tax and payroll records: 7 years per applicable tax law
  • Support communications: 3 years
  • Marketing consent records: until consent withdrawn plus 1 year

Your Rights Under GDPR

Right of Access (Art. 15)

Request a copy of all personal data we hold about you. We will respond within 30 days.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17)

Request deletion of your personal data, subject to legal retention obligations (tax records, employment records).

Right to Restriction (Art. 18)

Request restriction of processing in certain circumstances.

Right to Data Portability (Art. 20)

Request your personal data in a structured, machine-readable format (JSON or CSV).

Right to Object (Art. 21)

Object to processing based on legitimate interests. We will cease unless we demonstrate compelling legitimate grounds.

Withdrawal of Consent

Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, contact info@mezanoconstructionmanagementplatform.com. Unsatisfied? You have the right to lodge a complaint with your local supervisory authority.

Automated Decision-Making

The Platform does not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Cookie Consent

When you first access the Platform, a cookie consent banner is displayed. You may accept all cookies, essential cookies only, or manage preferences at any time via the Cookie Settings panel.

Contact & Complaints

Mezano Consulting LLC — Data Protection Inquiries

Email: info@mezanoconstructionmanagementplatform.com

EEA Supervisory Authorities: edpb.europa.eu