Privacy Policy

Effective Date: January 1, 2025 • Last Updated: March 1, 2025 • Version 2.1

This Privacy Policy describes how Mazlo Technologies Inc. ("Mazlo," "we," "our," or "us") collects, uses, discloses, and protects information about you when you visit our website at mazlosaas.com (the "Site"), use our financial operating platform and related services (the "Services"), or otherwise interact with us. By accessing or using our Site or Services, you agree to the terms of this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use our Site or Services. If you have questions about this Policy or our privacy practices, please contact us at privacy@mazlosaas.com or at the address provided at the end of this document.

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide when you interact with our Site and Services, including:

Account Registration Information: When you create an account, we collect your name, email address, phone number, organization name, job title, and password.
Contact and Communication Information: When you contact us through our website contact form, by email, or by phone, we collect your name, email address, phone number, the content of your message, and any attachments you provide.
Payment and Financial Information: To process payments for our Services, we collect billing information including your name, billing address, and payment method details. Full payment card numbers are processed and stored by our PCI-DSS compliant payment processor and are not stored on our systems.
Customer Data: In the course of providing our Services, we process financial data, accounting records, donor information, transaction data, and other financial operational data that you or your organization input into the Mazlo platform. This is collectively referred to as "Customer Data" and is processed on your behalf as a data processor.
Professional Information: Information about your organization, its size, sector, structure, and financial management practices that you provide in connection with onboarding, support interactions, or account management.

1.2 Information Collected Automatically

When you visit our Site or use our Services, we automatically collect certain technical information, including:

Usage Data: Information about how you access and use our Site and Services, including pages visited, features used, time spent on pages, search queries, click patterns, and navigation paths.
Device and Browser Information: Information about the device and browser you use to access our Site, including IP address, browser type and version, operating system, device identifiers, and screen resolution.
Log Data: Server logs that record your interactions with our Site and Services, including timestamps, error logs, and access logs.
Location Information: General geographic location inferred from your IP address. We do not collect precise GPS or device-level location data.
Cookie and Tracking Data: Information collected through cookies, web beacons, and similar tracking technologies as described in Section 7 of this Policy and in our Cookie Policy.

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

Financial institutions and banking partners through whom you connect accounts to our platform
Identity verification services used to verify the identity of account holders
Analytics providers who supplement our usage data with aggregated insights
Business partners who refer customers to our Services
Publicly available sources such as corporate registration databases and nonprofit registration filings

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Improving Our Services

Creating and maintaining your account and providing access to our platform
Processing transactions and financial operations you initiate through our Services
Providing customer support and responding to your inquiries and requests
Diagnosing and resolving technical problems and service issues
Improving the functionality, performance, and user experience of our Services
Developing new features and products based on customer needs and usage patterns
Conducting internal research, analytics, and quality assurance

2.2 Communications

Sending transactional communications related to your account and our Services (account confirmations, receipts, security alerts, service notifications)
Responding to your inquiries, requests, and customer support needs
Sending marketing communications about our Services, features, and events, where you have provided consent or where we have a legitimate interest in doing so
Sending educational content, industry insights, and product guidance relevant to nonprofit finance

2.3 Legal and Compliance Purposes

Complying with applicable laws, regulations, and legal obligations
Responding to lawful requests from regulatory and law enforcement authorities
Preventing fraud, money laundering, and other financial crimes
Enforcing our Terms of Service and other agreements
Protecting the rights, property, and safety of Mazlo, our customers, and others

3. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who assist us in operating our business and delivering our Services, including cloud infrastructure providers, payment processors, identity verification services, customer support platforms, analytics providers, and email delivery services. These providers are contractually obligated to use your information only to provide the services they perform for us and to protect your information in accordance with our instructions and applicable law.

3.2 Banking and Financial Partners

To provide integrated banking features, we share certain customer information with our banking partners and financial institutions. This sharing is necessary to establish and maintain banking accounts, process payments, and comply with financial regulatory requirements including Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations.

3.3 Legal Requirements and Protection of Rights

We may disclose your information when required to do so by applicable law, regulation, legal process, or governmental request. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or security incidents, or respond to a government request.

3.4 Business Transfers

If Mazlo is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information and describe your choices in that event.

4. Customer Data Processing

Regarding Customer Data — the financial and organizational data that you input into our platform — we act as a data processor on your behalf. You are the data controller with respect to this information and retain full ownership and control over it. We process Customer Data only according to your instructions and as described in our Data Processing Agreement, which governs our handling of Customer Data in detail.

We implement appropriate technical and organizational security measures to protect Customer Data from unauthorized access, disclosure, alteration, and destruction. We maintain SOC 2 Type II certification, which independently validates the effectiveness of our security controls and processes. We do not use Customer Data for any purpose other than providing and improving our Services to you.

5. Data Security

We implement and maintain comprehensive technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include 256-bit AES encryption for data at rest and in transit, multi-factor authentication requirements for all platform access, role-based access controls that limit data access to authorized personnel on a need-to-know basis, regular security assessments and penetration testing by independent security professionals, and a formal security incident response program with defined procedures for detection, containment, and notification.

While we take these security measures seriously and maintain them rigorously, no security system is impenetrable. We cannot guarantee that unauthorized parties will never be able to defeat our security measures or gain improper access to personal information. In the event of a security breach affecting your personal information, we will notify you and applicable regulatory authorities in accordance with applicable law.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. For active customer accounts, we retain account information and Customer Data for the duration of the customer relationship. Upon account termination, we retain certain information for the periods required by applicable law, typically ranging from three to seven years depending on the jurisdiction and nature of the information. After applicable retention periods expire, we securely delete or anonymize personal information.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our Site to collect usage data, improve the functionality and performance of our Site, and deliver relevant content and advertising. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period or until you delete them). For detailed information about our cookie practices and your choices regarding cookies, please review our Cookie Policy.

You can control cookies through your browser settings and our cookie consent mechanism. Please note that disabling certain cookies may affect the functionality of our Site or Services.

8. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

Access: You may request a copy of the personal information we hold about you.
Correction: You may request correction of inaccurate or incomplete personal information.
Deletion: You may request deletion of your personal information, subject to our legal obligations to retain certain records.
Portability: You may request a machine-readable copy of your personal information for transfer to another service provider.
Objection: You may object to our processing of your personal information for direct marketing purposes or where we rely on legitimate interests as our legal basis.
Restriction: You may request that we restrict our processing of your personal information in certain circumstances.
Withdrawal of Consent: Where we rely on your consent for processing, you may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at privacy@mazlosaas.com. We will respond to your request within 30 days and may require identity verification before fulfilling your request.

9. California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA). As a California resident, you have the right to know what personal information we collect, use, disclose, and sell; the right to delete personal information we have collected about you; the right to opt out of the sale or sharing of your personal information; the right to correct inaccurate personal information; the right to limit the use of sensitive personal information; and the right to non-discrimination for exercising your privacy rights.

To exercise your California privacy rights or submit a verifiable consumer request, please contact us at privacy@mazlosaas.com or call us at +1 (866) 916-2956. We do not sell personal information as defined under the CCPA and do not share personal information for cross-context behavioral advertising purposes.

10. International Data Transfers

Mazlo is based in the United States and our Services are operated from the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States. By using our Services or providing us with information, you consent to this transfer, processing, and storage of your information in the United States.

11. Children's Privacy

Our Site and Services are not directed to children under the age of 18 and we do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will promptly delete that information. If you believe we may have collected information from a child under 18, please contact us immediately at privacy@mazlosaas.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our information practices, applicable law, or our Services. We will notify you of material changes by posting the updated Policy on our Site with a revised "Last Updated" date and, for significant changes, by sending you an email notification at the address associated with your account. Your continued use of our Site or Services after the effective date of the updated Policy constitutes your acceptance of the changes.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Mazlo Technologies Inc.
Attn: Privacy Officer
100 Pine Street, Suite 1250
San Francisco, CA 94111
United States
Email: privacy@mazlosaas.com
Phone: +1 (866) 916-2956
Business Hours: Monday through Friday, 9:00 AM to 6:00 PM Pacific Time