Privacy Policy

Last Updated: February 03, 2026

1. Introduction

Hatz AI Inc. ("Hatz AI," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you:

• Visit our website at https://hatz.ai (the "Website")
• Attend our events or interact with our marketing activities
• Use our AI-as-a-service management platform (the "Platform") as an End User, whether through a Managed Service Provider ("MSP") or directly under our End Customer Terms

This Privacy Policy applies to all information collected through our Website, Platform, events, and other related services (collectively, the "Services").

2. Information We Collect

We collect different types of information depending on how you interact with us:

2.1 Website Visitors and Event Attendees

Information You Provide:

• Contact information (name, email address, phone number, company name, job title)
• Communications you send us
• Event registration information
• Marketing preferences

Information Collected Automatically:

• IP address and device information
• Browser type and operating system
• Website usage data through cookies and analytics tools (including Google Analytics)
• Pages visited and links clicked
• Referring website addresses

2.2 Platform End Users

When you access the Platform (whether through your MSP or directly with us), we process:

Operational Data:

• Technical logs and system performance data
• Account and login data (authentication information)
• Processed volumes and usage statistics
• Error logs and debugging information
• Metadata about your Platform activities
• Information about applications and workflows created
• Types of data uploaded (metadata only, not content)

Limited Processing of End Customer Data: While your MSP maintains primary responsibility for your End Customer Data (as defined in our End Customer Terms), we process such data on a limited basis solely to:

• Provide the Platform services to you via your MSP
• Generate responses to your queries through AI services
• Maintain platform security and stability
• Generate aggregated, anonymized usage analytics

3. How We Use Information

3.1 Website Visitors and Event Attendees

We use your information to:

• Respond to inquiries and provide customer support
• Send marketing communications (with your consent)
• Process event registrations
• Improve our Website and marketing efforts
• Analyze website traffic and usage patterns
• Comply with legal obligations

3.2 Platform End Users

We process Platform-related data to:

• Provide, maintain, and improve the Platform
• Enable AI services and features through third-party LLM providers
• Ensure Platform security and prevent fraud
• Generate aggregated, anonymized analytics and benchmarking
• Provide technical support through your MSP
• Comply with legal obligations

4. Legal Basis for Processing

We process personal information when we have a valid legal basis:

For Website Visitors/Event Attendees:

• Consent: For marketing communications and cookies (where required by law, such as in the EU/UK)
• Legitimate Interests: For website analytics, security, business operations, and cookies (in jurisdictions where consent is not required)
• Contract Performance: For event registrations
• Legal Obligations: When required by law

For Platform End Users:

• Contract Performance: To provide Platform services under our End Customer Terms (whether directly with you or through the agreement between Hatz AI and your MSP)
• Legitimate Interests: For platform improvement, security, and aggregated analytics
• Legal Obligations: When required by law

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share information only in the following limited circumstances:

5.1 Service Providers

We share information with third-party service providers who assist us in operating our business:

For All Users:

• Cloud hosting and infrastructure providers
• Analytics and monitoring services
• Security and fraud prevention services
• Payment processors (for MSPs)
• Marketing and email service providers (for website visitors/event attendees)

For Platform End Users:

• LLM Service Providers: We transmit queries and relevant data to third-party AI providers (including but not limited to OpenAI, Anthropic, Google, Perplexity, and others) to provide AI functionality. These providers:
  • Do not store End Customer Data
  • Do not train their models on End Customer Data
  • Are bound by confidentiality obligations
• Your MSP (if applicable): If you access the Platform through an MSP, we may share operational data and usage reports with your MSP for account management and support purposes

5.2 Legal Requirements and Protection

We may disclose information when required to:

• Comply with applicable laws, regulations, or legal processes
• Respond to lawful requests from public authorities
• Protect our rights, property, or safety, or that of others
• Investigate potential violations of our terms or policies

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, information may be transferred to the successor entity.

5.4 Aggregated/Anonymized Data

We may share aggregated or anonymized data that cannot reasonably identify you for research, marketing, analytics, and other business purposes.

6. Data Retention

Website Visitors/Event Attendees: We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, typically for the duration of our business relationship plus any period required by law.

Platform End Users: Operational data and metadata are retained as long as you have access to the Platform (whether through your MSP or directly with us), and for a reasonable period thereafter as necessary for legal, audit, or operational purposes. For End Customer Data that we process, retention is primarily governed by your agreement with us or your MSP's agreement with us, as applicable, though we may retain anonymized, aggregated data indefinitely for analytics purposes.

7. Data Security

We implement industry-standard security measures to protect personal information, including:

• Encryption in transit and at rest
• Role-based access controls
• Multi-factor authentication options
• Regular security assessments and vulnerability management
• Audit logging and monitoring

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. International Data Transfers

Our servers are located in the United States, and we may use service providers in other countries. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries.

For transfers from the European Economic Area, United Kingdom, or Switzerland, we implement appropriate safeguards, such as Standard Contractual Clauses, to protect your information in compliance with applicable data protection laws.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

9.1 Rights for All Users

You may have the right to:

• Access the personal information we hold about you
• Correct or update inaccurate information
• Request deletion of your personal information
• Object to or restrict certain processing activities
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with a supervisory authority

9.2 Location-Specific Rights

California Residents (CCPA/CPRA): If we meet applicable thresholds, California residents may have additional rights including:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale or sharing of personal information
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information

European Economic Area, UK, and Switzerland (GDPR): Residents may have rights including:

• Right to data portability
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time
• Right to lodge a complaint with your local data protection authority

Other U.S. States: Residents of Colorado, Connecticut, Utah, Virginia, and other states with comprehensive privacy laws may have similar rights to those listed above, subject to applicable thresholds and requirements.

9.3 Exercising Your Rights

Website Visitors/Event Attendees: Contact us directly using the information in Section 14.

Platform End Users:

• If you access the Platform through an MSP: Your MSP manages your account relationship with the Platform and is responsible for handling many privacy-related requests on your behalf. Please first contact your MSP for support with privacy requests. For certain requests regarding data we process, you may also contact us directly, though we may need to verify your identity and coordinate with your MSP to fulfill your request.
• If you access the Platform directly: Please contact us directly using the information in Section 14 to exercise your privacy rights.

To opt-out of marketing communications, click the "unsubscribe" link in our emails or contact us directly.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our Website to:

• Ensure website functionality
• Analyze website usage and performance
• Remember your preferences
• Provide targeted advertising (website visitors only)

Types of Cookies We Use:

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us understand how visitors use our Website

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may impact Website functionality. The Platform uses only essential cookies necessary for authentication and security.

11. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected information from a child under 18, we will take steps to delete such information.

12. Do Not Track Signals

Our Website does not currently respond to Do Not Track signals. However, you can manage tracking preferences through cookie settings and browser controls.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our Website;
• Updating the "Last Updated" date; or
• Sending notice to registered MSPs for distribution to End Users (for Platform-related changes) or requiring users to accept the terms of the updated policy upon login.

Your continued use of our Services after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, please contact us at:

Hatz AI Inc.

Email: help@hatz.ai

Phone: 516-550-9288

For Platform End Users:

• If you access the Platform through an MSP: Your MSP is responsible for obtaining necessary consents and managing your account relationship with the Platform. For support with privacy-related requests, please first contact your MSP. They can escalate matters to us as needed, or you may contact us directly for certain requests regarding how we process your data.
• If you access the Platform directly: Please contact us directly using the information above for privacy-related requests and support.

15. Additional Information for Specific Jurisdictions

15.1 California Privacy Rights

• Shine the Light: California residents may request information about third parties to whom we've disclosed personal information for direct marketing purposes.
• California Consumer Privacy Act (CCPA): See Section 9.2 for your rights under CCPA.

15.2 European Privacy Rights

• Legal Basis: We process personal data under GDPR Article 6 legal bases as described in Section 4.
• Supervisory Authority: You may lodge a complaint with your local data protection authority.

Appendix: Categories of Personal Information (for CCPA)