Privacy Policy

Last updated: February 20, 2026

t18r (Technology and Creator) ("Company," "we," "us," or "our") operates the Haus platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, profile picture, and authentication credentials (managed through Supabase Auth). If you sign up via Google or Apple, we receive basic profile information from those providers.

1.2 Integration Data

When you connect third-party platforms, we access and process data from those services as authorized by your OAuth grants:

Gmail: Email messages, metadata (sender, recipient, subject, timestamps), attachments, and labels. Used for email triage, contract detection, and automated responses.
Google Calendar: Calendar events, attendees, dates, and event descriptions. Used for scheduling management and deadline tracking.
Instagram: Profile information, posts, stories, insights, comments, and direct messages related to brand collaborations. Used for content management and brand deal coordination.
YouTube: Channel data, video metadata, analytics, comments, and revenue data. Used for content management and performance analysis.
Threads: Profile information and post content. Used for cross-platform content publishing.
TikTok: Profile information, video metadata, analytics, and comments. Used for content management and brand partnership coordination.
Stripe & PayPal: Payment account identifiers and transaction data related to invoicing. Used to facilitate payment collection.

1.3 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, IP address, browser type, device information, and referring URLs.

1.4 AI Processing Data

When the Service processes your data using AI (e.g., analyzing contracts, drafting emails, generating invoices), we may temporarily store intermediate processing data. This data is used solely to deliver results and improve model accuracy, and is not shared with third parties.

2. How We Use Your Information

We use your information to:

Provide, maintain, and improve the Service
Process and automate your workflows (email triage, contract analysis, invoicing, content management)
Communicate with you about your account, updates, and support requests
Analyze usage patterns to improve features and user experience
Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations

3. OAuth Scopes & Permissions

We request only the minimum OAuth scopes necessary to provide the features you enable. You can review the specific permissions requested during the authorization flow for each integration. You may revoke any permission at any time through:

Your Haus account settings (Settings → Integrations)
The third-party platform's app permissions page (e.g., Google Account → Security → Third-party apps)

Revoking permissions will immediately stop our access to that platform's data, though previously processed data may be retained as described in Section 6.

4. Data Sharing & Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

Service Providers: We use trusted third-party services (e.g., cloud hosting, authentication, analytics) that process data on our behalf under strict data processing agreements.
AI Processing: Your data may be processed by AI/LLM providers to deliver Service features. We select providers whose data processing agreements restrict retaining or training on your data, and we review these agreements periodically.
Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
With Your Consent: We may share information when you explicitly authorize us to do so.

5. Data Security

We implement industry-standard security measures to protect your data, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
OAuth 2.0 for all third-party integrations (no password storage)
Regular security audits and vulnerability assessments
Role-based access controls for internal systems
Secure token storage with automatic rotation

While we take reasonable measures to protect your information, no method of transmission or storage is 100% secure.

6. Data Retention & Deletion

We retain your data for as long as your account is active and as needed to provide the Service. Specifically:

Account data: Retained until you delete your account
Integration data: Retained while the integration is active; deleted within 30 days of disconnection
AI processing data: Temporary processing data is deleted within 90 days
Usage logs: Retained for up to 12 months for analytics and security purposes
Backups: Purged within 90 days of data deletion from production systems

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

7. Your Rights

7.1 General Rights

Regardless of your location, you have the right to:

Access the personal data we hold about you
Correct inaccurate or incomplete data
Delete your account and associated data
Export your data in a portable format
Revoke any third-party integration at any time

7.2 European Economic Area (GDPR)

If you are in the EEA, you have additional rights under the General Data Protection Regulation, including:

Legal basis: We process your data based on consent (for integrations), contractual necessity (to provide the Service), and legitimate interests (for analytics and security).
Right to restrict processing of your data
Right to object to processing based on legitimate interests
Right to data portability
Right to lodge a complaint with your local data protection authority

7.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

Right to Know: You may request details about the categories and specific pieces of personal information we collect.
Right to Delete: You may request deletion of your personal information.
Right to Opt-Out: We do not sell personal information. We do not use personal information for cross-context behavioral advertising.
Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

8. Cookies & Tracking

We use essential cookies for authentication and session management. We may use analytics tools to understand Service usage. You can control cookie preferences through your browser settings.

9. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

10. International Data Transfers

Your data may be processed and stored in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.

11. Third-Party Services

The Service integrates with third-party platforms, each governed by their own privacy policies. We encourage you to review the privacy policies of:

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

For privacy-related questions, data access requests, or to exercise your rights, please contact us at:

t18r (Technology and Creator)
Email: [email protected]
Website: landing.joinhaus.ai

For GDPR-related inquiries, you may also contact your local data protection authority.