meethaze logo

meethaze · Legal

Privacy Policy

Last updated: May 9, 2026

This Privacy Policy explains how Haze Tech Solutions (“we”, “us”) collects, uses, and shares information when you use meethaze (the “Service”). It applies to anyone who creates an account, visits our marketing site, or interacts with us by email.

1. Information we collect

Account information. Email, name, password (hashed), and any profile details you provide.

Brand and content data. Brand profile (name, industry, audience, tone, brand colors, logo, focus topics, sample posts), library media assets (images and videos you upload), captions, and generated outputs.

Voice samples. If you use voice cloning, the audio sample you upload and the resulting ElevenLabs voice ID are stored on your brand profile.

Connected social accounts. When you connect Instagram, Facebook, TikTok, YouTube, X, LinkedIn, or Pinterest, we receive OAuth tokens and basic account metadata (handle, account ID, scopes granted) so we can publish on your behalf.

Billing. Subscription tier, plan history, and payment metadata. Card details are handled by Stripe; we never see or store your full card number.

Usage data. Logs of which features you use, AI generations and their token / character counts (for quota tracking), error events, IP address, browser, device, and rough geolocation derived from IP.

Cookies. Strictly necessary cookies (authentication session, CSRF) and a small number of analytics cookies. You can decline non-essential cookies via your browser settings without losing core functionality.

2. How we use it

  • To run the Service — generate content, schedule and publish posts, render reels, sync analytics.
  • To authenticate you, secure your account, and detect abuse.
  • To bill you and prevent payment fraud.
  • To send transactional email (verification, password reset, plan-ready notifications).
  • To send product updates if you opted in. You can unsubscribe at any time.
  • To improve the Service — measure feature usage in aggregate, debug failures, prioritize roadmap.
  • To comply with legal obligations and respond to lawful requests.

3. Who we share it with

We only share what each provider needs to do their job, governed by their own data-processing terms.

  • AI providers — OpenAI (captions, image generation, content planning), Anthropic (vision analysis, content rewriting), ElevenLabs (voiceover synthesis, voice cloning). The text and media you submit for generation are sent to these providers; outputs come back to us and are stored for you.
  • Storage — Cloudflare R2 holds your media assets, generated images, voiceover MP3s, and finished reels. Supabase (Postgres) holds your account and brand records.
  • Payments — Stripe processes your subscription. Stripe is the controller of your payment-card data; we are not.
  • Email — our SMTP provider delivers transactional and marketing email.
  • Social platforms — Meta, TikTok, YouTube, X, LinkedIn, and Pinterest receive whatever you choose to publish through the Service, plus the OAuth scopes you authorized.
  • Analytics — limited, privacy-respecting tools to measure usage in aggregate.
  • Legal — we may disclose information when required by law, subpoena, or to protect our rights, users, or the public.

We do not sell your personal information.

4. Where data is stored

Most data is stored in the United States. Some sub-processors (e.g., social platforms, AI providers) may process data in other regions. We use providers that contract for appropriate safeguards (Standard Contractual Clauses where applicable).

5. Retention

  • Account data: kept while your account is active. We delete or anonymize within 30 days of account closure, except records we’re legally required to retain (typically tax/billing for 7 years).
  • Generated media: kept until you delete it or close your account.
  • Voiceover MP3s and intermediate render files on the VPS: deleted within 30 minutes of being uploaded to your library.
  • Logs: retained for up to 90 days for debugging and abuse detection, then aggregated.

6. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct or delete it.
  • Receive a portable copy.
  • Restrict or object to certain processing.
  • Withdraw consent for marketing email at any time.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email us at info@hazetechsolutions.com. We’ll respond within 30 days.

7. Security

We protect data with industry-standard measures: TLS in transit, encryption at rest for media storage, hashed passwords, scoped API tokens, signed OAuth flows, and audit logging on admin actions. No system is perfectly secure — if we ever discover a breach affecting your data, we’ll notify you and the relevant authorities as required by law.

8. Children

The Service is not intended for children under 16. We don’t knowingly collect personal information from anyone under 16. If you believe a child has given us their data, contact us and we’ll delete it.

9. Changes

We may update this Policy. If the changes are material we’ll notify you (e.g., by email or in-product banner) before they take effect. The “Last updated” date at the top will always reflect the current version.

10. Contact

Questions about your data? info@hazetechsolutions.com.

11. DM Automation

If you enable the DM Bot feature, we process incoming Instagram and Facebook direct messages and comments from your audience in order to generate automated replies via OpenAI. We store: the platform user ID of contacts who interact with your bot, the message text exchanged, and any contact details (email, name, phone) you elect to capture through the agent.

Retention: conversation history is retained for 12 months by default. Contact records and captured leads are retained until the user (you) deletes them or closes their account. You can request deletion of any contact’s data by emailing privacy@myhazepro.com.

Opt-out: contacts can opt out by replying STOP, UNSUBSCRIBE, or STOP ALL to any automated DM. We persist the opt-out and never send further automated messages to that contact unless they reply START or RESUME.

Third-party processors: OpenAI (for agent inference), Resend (for email notifications to you on tagged-handoff events).

Disclosure: every first automated message from the bot includes a disclosure line (“🤖 Automated message from {brand}. Reply STOP to opt out anytime.”).