Privacy

Mesh Pilot is the OS for digital marketing, operated by Glitch Executor Labs, a product studio based in Toronto, Canada. Questions about anything on this page go to support@glitchexecutor.com and reach the founder directly.

• Lead-form submissions. Work email, brand domain, and monthly ad-spend band when you fill in the form on this site. Stored in our Postgres database for operator follow-up.
• Account metadata you authorize via OAuth. When you connect Meta, Google Ads, TikTok Business, Amazon Ads, or Shopify, we receive an access token plus identifiers for the accounts you grant access to (account IDs, names, currency, timezone). Tokens are stored encrypted at rest.
• Ad and campaign performance data. The agents read delivery metrics from your connected ad platforms (spend, ROAS, CTR, frequency, impressions) to draft proposals. We don't collect this outside the windows the agents are actively analyzing.
• Operator activity inside the app. Approvals, rejections, decisions, and the email address of the operator who made each call — used to build the audit log on your action history.
• Standard web analytics. Page views and basic device info on this marketing site only, via Google Tag Manager. Not collected inside the authenticated dashboard.

• To operate the autonomous agents on the ad accounts you connect.
• To draft and surface action proposals (pauses, budget changes, creative tests) for your approval inside the app.
• To maintain the audit log so every change to your ad accounts can be traced back to the operator who approved it.
• To reply to lead-form submissions, by email, from the founder.

• We don't sell your data to anyone, for any purpose, ever.
• We don't share your ad-account data with other brands we operate. Each brand's data stays inside that brand's tenant boundary.
• We don't add you to a mailing list when you submit the lead form. Replies come from a real inbox, from one operator.

Application data is stored in a managed Postgres instance hosted in a North American region. The web frontend is hosted on Vercel. OAuth access tokens are encrypted at rest with a key the application server controls — not the database operator. Backups inherit the same encryption.

• Ad platforms you connect (Meta, Google Ads, TikTok Business, Amazon Ads, Shopify, your CMS, your email provider). The agents write to these on your behalf using the access you granted via OAuth. The platforms' own privacy policies apply to data inside their systems.
• Vercel hosts this site and the application frontend.
• Google Tag Manager + Google Analytics for marketing- site analytics only.
• HITL notification mirrors (Discord, Telegram, Slack on request) only if you opt in to route approval cards through chat. The content delivered is the same approval card visible inside the app.

• Revoke access at any time. Every ad platform we connect to lets you revoke partner-access seats from your own business manager. We stop writing immediately.
• Request deletion. Email support@glitchexecutor.com asking us to delete your brand. We confirm and execute within 7 business days, with the deletion log emailed back to you.
• Export your data. Same email address. We hand back a tar of every row tied to your brand inside 14 days.

If we materially change what we collect or who we share with, we update this page and email anyone with an active connected account at least 14 days before the change takes effect.