Privacy Policy

Mazi (“we”, “us”) is operated by TODO — Your legal entity or full name, the data controller responsible for your personal data. You can reach us at TODO — privacy@yourdomain.com for any privacy question or to exercise your rights.

This policy explains what we collect, why, the legal bases we rely on, and the choices and rights you have. It applies to https://mazisocial.vercel.app and the Mazi app.

• Account data — your email address and password (stored only as a secure hash by our authentication provider), and the username you choose.
• Profile data — anything you add to your profile, such as a display name, bio, and avatar image.
• Content you create — posts, comments, images you upload, likes, follows, and the communities you join or create.
• Essential technical data — a session cookie that keeps you logged in, and minimal server logs needed to operate and secure the service.

We do not use advertising trackers, third-party analytics, or behavioural profiling, and we do not build advertising profiles about you.

Under the GDPR we rely on the following legal bases:

• To provide the service (performance of a contract) — creating your account, showing your feed, delivering posts, comments, and notifications.
• To keep the service safe (legitimate interests) — preventing abuse, fraud, and security incidents, and enforcing our Terms and Community Guidelines.
• To comply with the law (legal obligation) — responding to lawful requests and meeting our regulatory duties.
• With your consent — where we ask for it explicitly; you can withdraw consent at any time.

We do not sell your personal data. We share it only with service providers (“processors”) who help us run Mazi under contract:

• Supabase — Authentication, database hosting, and file storage (your account, posts, and images). Privacy details.

We may also disclose data if required by law, to protect our rights or users’ safety, or in connection with a merger or acquisition (in which case we will notify you).

Your data may be processed on servers outside your country, including in regions operated by our providers. Where data leaves the UK/EEA, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

We keep your account and content for as long as your account is active. When you delete your account, we delete your profile, posts, comments, likes, follows, and uploaded images. Limited records may be retained where the law requires, or in backups that are rotated and overwritten on a routine schedule.

Depending on where you live, you have some or all of the following rights. To exercise them, email TODO — privacy@yourdomain.com or use the tools in your account settings.

• Access — get a copy of the data we hold about you (available as a one-click export in settings).
• Rectification — correct inaccurate data (edit your profile at any time).
• Erasure — delete your account and content (available in settings).
• Portability — receive your data in a portable, machine-readable format.
• Restriction & objection — limit or object to certain processing.
• Withdraw consent — where processing is based on consent.

EEA/UK users may lodge a complaint with their local data protection authority. California users have the right to know, delete, and correct their data, and to not be discriminated against for exercising these rights. We do not sell or “share” personal information as defined by the CCPA/CPRA.

Mazi is not intended for children under 13. We do not knowingly collect data from anyone under that age. If you believe a child has provided us data, contact TODO — privacy@yourdomain.com and we will delete it.

We use industry-standard measures including encryption in transit, hashed passwords, and row-level security that restricts each account’s access to its own permitted data. No system is perfectly secure, but we work to protect your information and will notify you and the relevant authority of a breach where the law requires.

We may update this policy as the service evolves. We will revise the “last updated” date above and, for material changes, give notice in the app.

Questions or requests: TODO — privacy@yourdomain.com. General enquiries: TODO — hello@yourdomain.com.