Maanaz — Privacy Policy

Maanaz provides a multi-tenant internal governance and work management platform for organizations. If you have questions about this policy, contact us at info@maanaz.com.

2.1 Account and Registration Data

When you register, we collect your name, email address, and password (stored as a secure hash). If you use Google sign-in, we receive your name and email address from Google as part of OAuth verification; we do not receive or store your Google password.

2.2 Organization and Profile Data

Information you provide about your organization (name, departments, member details, reporting structure), and profile data such as job title or department you enter within the Service.

2.3 Content and Customer Data

Files, notes, tasks, meeting details, complaints, requisitions, notices, forms, recruitment records, and any other content you or your Organization uploads or creates within the Service ("Customer Data"). We process this data solely to provide the Service.

2.4 Usage and Technical Data

Log data including IP addresses, browser type, device identifiers, pages visited, and actions taken within the Service. This is collected automatically for security, debugging, and service improvement purposes.

2.5 Billing Data

We use Lemon Squeezy as our payment processor. Lemon Squeezy collects and stores your payment information directly. We receive transaction records, plan status, and invoicing metadata from Lemon Squeezy, but we do not store credit card numbers or full bank details.

2.6 Integration Data

When you connect a third-party integration (Google Calendar, Google Meet, Zoom, Slack, Read.ai, or others added in the future), we receive OAuth tokens and the limited data those integrations return to fulfill the integration's function. We request only the minimum necessary scopes.

2.7 Communication Data

If you contact us via info@maanaz.com or the Contact form, we retain records of that correspondence.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your identity and secure your account
• Fulfill your Organization's subscription and entitlements
• Deliver email verification codes, security notifications, and product updates (where you have opted in or where required for account security)
• Enable third-party integrations you choose to connect
• Process payments through Lemon Squeezy and manage billing records
• Respond to support requests and communications
• Detect, investigate, and prevent fraudulent or unauthorized activity
• Comply with legal obligations

We do not use Customer Data to train machine learning models or sell it to third parties.

Where data protection law requires a legal basis for processing personal data, we rely on:

• Contract performance: Processing necessary to provide the Service you have subscribed to
• Legitimate interests: Security monitoring, fraud prevention, product analytics, and improving the Service
• Legal obligation: Retaining records as required by applicable law
• Consent: Sending optional marketing or product notifications (you may withdraw consent at any time)

5.1 Within Your Organization

Customer Data is accessible to members of your Organization based on their role and permissions as configured by your Organization's administrators.

5.2 Service Providers

We share data with trusted third-party vendors who help us operate the Service under data processing agreements, including: cloud infrastructure and storage providers, Lemon Squeezy (payment processing and invoicing), email delivery providers, and error monitoring and analytics tools. These providers access data only as necessary to perform their services.

5.3 Third-Party Integrations

When you connect an integration, data is exchanged with that provider as described in Section 6 of this Policy. Each provider's privacy policy governs their handling of your data.

5.4 Legal Requirements

We may disclose information if required to do so by law, court order, or governmental authority, or to protect the rights, property, or safety of Maanaz, our users, or the public.

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, Customer Data may be transferred to the successor entity, subject to equivalent privacy protections.

We do not sell personal data.

6.1 Google (Calendar and Meet)

When you connect your Google account, Maanaz uses the Google OAuth 2.0 flow to request access tokens for the scopes you authorize. The scopes we request are limited to reading and writing calendar events and associated Google Meet details. We store OAuth tokens securely and use them only when you trigger a calendar or meeting action within Maanaz.

We do not access Google Drive files, Gmail, Contacts, or any other Google services beyond what you explicitly authorize. You can revoke access at any time from Google Account permissions (https://myaccount.google.com/permissions) or from the Maanaz integrations settings panel.

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

6.2 Zoom

When you connect your Zoom account, Maanaz requests OAuth tokens to create, read, and manage Zoom meetings on your behalf. We store only the tokens required for this function and do not access your Zoom contacts, recordings, or other account data beyond meeting management. You may disconnect the integration from within the Maanaz integrations panel at any time.

6.3 Slack

This integration is used to send meeting-related notifications or links. We request only the permissions necessary for these notifications. We do not read your Slack messages.

6.4 Read.ai

The Read.ai integration is handled via a webhook. Data received via this webhook is stored and processed within your Organization's workspace in Maanaz. Please review Read.ai's privacy policy for how they handle data on their side.

6.5 Future Integrations

As new integrations are added, this policy will be updated to describe their data handling. We will notify you of material changes.

Customer Data is stored on secure cloud infrastructure. File attachments are stored in private object storage (e.g., AWS S3) and accessed only through time-limited signed URLs — files are not publicly accessible by default.

API keys issued for programmatic access are stored as one-way hashes; plain-text keys are never stored. Passwords are hashed using industry-standard algorithms.

We implement access controls, encryption in transit (TLS), and monitoring to protect data from unauthorized access. Despite these measures, no system is completely secure. If you suspect unauthorized access or a data breach, please contact us immediately at info@maanaz.com.

We retain Customer Data for as long as your Organization's account is active or as needed to provide the Service.

If your account is terminated, we will retain Customer Data for a limited period (not exceeding 90 days) to allow for account recovery requests, after which it will be deleted from active systems.

Certain records (billing history, audit logs) may be retained longer where required by law.

Anonymized or aggregated usage data may be retained indefinitely.

We use cookies and similar technologies to maintain your authenticated session, remember your preferences, and collect anonymized analytics to understand usage patterns.

We do not use third-party advertising trackers. You can control cookies through your browser settings; disabling certain cookies may affect Service functionality.

Depending on your location and applicable law, you may have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data (subject to legal retention requirements); object to or restrict certain processing; receive a portable copy of your data; and withdraw consent where processing is based on consent.

To exercise these rights, contact us at info@maanaz.com. We will respond within the timeframe required by applicable law (typically 30 days).

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact info@maanaz.com and we will delete it.

If you access the Service from outside the country where our servers are located, your data may be transferred across borders. We take appropriate measures to ensure such transfers comply with applicable data protection laws.

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or an in-app notice. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance.

For privacy-related questions, requests, or concerns:

Email: info@maanaz.com

Website: https://maanaz.com

Application: https://app.maanaz.com