Legal

Privacy Policy

Last updated: September 30, 2025

Important: This privacy policy describes how Mizan collects, uses, and protects your data. By using our service, you agree to the practices described here. This is a template and should be reviewed by your legal counsel before publication.

1. Information We Collect

Information You Provide

When you use Mizan, you provide us with:

  • Account information (name, email, company name, role)
  • Organizational data (structure charts, employee information, cultural assessments)
  • Payment information (processed securely through Stripe)
  • Communications with our support team

Information We Collect Automatically

  • Usage data (features used, time spent, interactions)
  • Device information (browser type, IP address, operating system)
  • Cookies and similar tracking technologies

2. How We Use Your Information

We use your information to:

  • Provide and improve our AI-powered organizational analysis services
  • Generate entropy scores, alignment metrics, and recommendations
  • Communicate with you about your account and our services
  • Process payments and prevent fraud
  • Comply with legal obligations
  • Improve our platform through aggregated, anonymized analytics

3. Data Security

We implement industry-standard security measures to protect your data:

  • End-to-end encryption for data in transit (TLS 1.3)
  • Encryption at rest (AES-256)
  • SOC 2 Type II certified infrastructure
  • Role-based access controls
  • Regular security audits and penetration testing
  • 24/7 monitoring and incident response

4. Data Sharing and Disclosure

We never sell your data. We only share your information in limited circumstances:

  • With your consent: When you explicitly authorize us to share data
  • Service providers: Third-party vendors who help us operate (e.g., AWS for hosting, Stripe for payments)
  • Legal requirements: When required by law or to protect rights and safety
  • Business transfers: In connection with a merger, acquisition, or sale of assets

5. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data (subject to legal obligations)
  • Portability: Receive your data in a machine-readable format
  • Opt-out: Unsubscribe from marketing communications
  • Restriction: Request limited processing of your data

To exercise these rights, contact us at privacy@mizan.ai

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. After account termination, we delete or anonymize your data within 90 days, unless longer retention is required by law.

7. International Data Transfers

Your data may be processed in the United States and other countries where we or our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

8. Children's Privacy

Mizan is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or through the platform. Continued use after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this privacy policy or our data practices:

Mizan, Inc.

Email: privacy@mizan.ai

Data Protection Officer: dpo@mizan.ai

Address: [Your Company Address]

GDPR & CCPA Compliance: This policy is designed to comply with the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). For California residents, please see our CCPA Notice.