Privacy Policy

1. Scope and Overview

This Privacy Policy describes how HZF Tech ("Mangen Engine", "we", "us", "our") collects, uses, discloses, and protects Personal Data when you use our websites, applications, and services (collectively, the "Services"). This policy applies globally, with specific provisions for users in:

• The United States (including state-specific laws like CCPA/CPRA)
• The European Economic Area, United Kingdom, and Switzerland (GDPR)
• Japan (APPI)
• South Korea (PIPA)

Note: Our Services are not currently available in the People's Republic of China (mainland China). Users accessing from China do so at their own discretion and are responsible for compliance with local laws.

This policy does not cover data processed on behalf of enterprise customers under separate agreements, which are governed by those agreements. If you use an organization account, your organization may access and control certain account settings and content.

2. Personal Data We Collect

We collect Personal Data depending on how you use the Services. Categories include:

Information You Provide

• Account data: Name, email address, username, password, and authentication details.
• Profile data: Biography, avatar, preferences, and settings you choose to provide.
• Content and inputs: Prompts, instructions, files, images, audio, project data, and any content you create or upload.
• Payment data: Billing address and payment details (processed by our payment processors).
• Communications: Messages, feedback, support requests, and survey responses.

Information Collected Automatically

• Usage data: Features used, pages viewed, actions taken, session duration, and interaction patterns.
• Technical data: IP address, browser type and version, device identifiers, operating system, screen resolution, and crash logs.
• Location data: Approximate location derived from IP address; precise location only with your explicit consent.
• Security data: Device fingerprints, risk signals, authentication logs, and abuse reports.

Information from Other Sources

We may receive information from security partners, payment providers, marketing platforms, affiliates, and publicly available sources to improve the Services, protect users, verify accounts, and comply with legal obligations.

3. Cookies and Similar Technologies

We use cookies, pixels, local storage, and similar technologies to operate the Services, remember your preferences, prevent fraud, and measure performance.

Types of Cookies We Use

• Essential cookies: Required for basic functionality, security, and authentication. Cannot be disabled.
• Performance cookies: Help us understand how you use the Services and improve performance.
• Functional cookies: Remember your preferences and settings.
• Analytics cookies: Collect aggregated information about usage patterns.
• Marketing cookies: Used to deliver relevant advertisements (only with consent where required).

You can manage cookies in your browser settings and through our cookie consent controls where available. Note that disabling certain cookies may affect functionality.

4. How We Use Personal Data

We use Personal Data for the following purposes:

• Provide Services: Operate, maintain, and deliver the Services you request.
• Process transactions: Handle billing, subscriptions, and payments.
• Personalization: Customize your experience and provide relevant features.
• Improvement: Develop and improve features, products, and research.
• Security: Detect, prevent, and address fraud, abuse, and security incidents.
• Communication: Send service updates, support responses, and marketing where permitted.
• Legal compliance: Enforce our terms, comply with legal obligations, and respond to legal requests.
• Analytics: Analyze usage patterns and measure performance.

We may aggregate or de-identify information for analytics, research, and product improvement. We maintain de-identified data in that form and do not attempt to reidentify it unless required by law.

5. AI Training and Model Improvement

We may use content, usage data, and feedback to develop and improve our AI models and Services. This may include:

• Training models with aggregated or de-identified data.
• Using feedback and annotations to improve output quality.
• Analyzing usage patterns to enhance features.
• Sharing necessary data with model and infrastructure partners.

Opt-Out: You may request that your Content not be used for model training by contacting support@mangagen.com with "AI Training Opt-Out" in the subject line. Note that opting out may limit certain personalization features. Enterprise customers may have different terms under their agreements.

6. Legal Bases for Processing

For EEA, UK, and Switzerland Users (GDPR)

We process Personal Data based on the following legal bases:

• Contract: Processing necessary to perform our contract with you (providing the Services).
• Legitimate interests: Processing for our legitimate interests (security, improvement, analytics) where not overridden by your rights.
• Consent: Where you have given explicit consent (marketing, optional cookies).
• Legal obligation: Processing required to comply with applicable laws.

You can withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

For Japan Users (APPI)

We specify the purpose of use when collecting Personal Information and limit processing to that purpose. We will notify you or publicly announce the purpose before or promptly after collection.

For South Korea Users (PIPA)

We collect and process Personal Information with your consent or as permitted by law. We inform you of the purpose, items collected, retention period, and your rights before collection.

7. Disclosure of Personal Data

We may disclose Personal Data to:

• Service providers: Hosting, analytics, payment processing, email, security, and customer support providers.
• AI partners: Model and infrastructure partners that help provide AI features (under appropriate data protection agreements).
• Affiliates: Companies in our corporate group for legitimate business purposes.
• Legal authorities: Government bodies, law enforcement, or courts when required by law or to protect rights and safety.
• Business transfers: Parties to a merger, acquisition, bankruptcy, or similar transaction.
• With your consent: Other third parties when you direct us to share your data.

We require all third parties to respect the security of your Personal Data and process it in accordance with applicable law.

8. International Data Transfers

We operate globally and may transfer Personal Data to countries other than your own, including the United States and other jurisdictions where we or our partners operate.

Transfer Safeguards

• EEA/UK/Switzerland: We use Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other approved mechanisms.
• Japan: We ensure adequate protection through contracts or by confirming adequate data protection systems in receiving countries. Japan has an adequacy decision from the EU.
• South Korea: We obtain consent or use approved transfer mechanisms for overseas transfers. South Korea has an adequacy decision from the EU.

You may request information about the safeguards we use by contacting support@mangagen.com.

9. Data Retention

We retain Personal Data only as long as necessary for the purposes described in this policy. Retention periods depend on:

• The nature and sensitivity of the data.
• The purposes for which we process it.
• Your account status and activity.
• Legal, regulatory, and contractual obligations.

When data is no longer needed, we delete or anonymize it. Some data may be retained longer for legal, security, or audit purposes.

10. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights:

• Access: Request information about the Personal Data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your Personal Data (subject to legal exceptions).
• Portability: Request a copy of your data in a portable format.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Withdraw consent where we rely on it for processing.
• Opt-out of sale/sharing: Opt out of "sale" or "sharing" of Personal Data where applicable.
• Non-discrimination: Exercise your rights without discriminatory treatment.

To exercise your rights, contact support@mangagen.com with "Privacy Request" in the subject line. We will verify your identity before processing requests. You may also designate an authorized agent to make requests on your behalf.

11. Region-Specific Disclosures

United States

Under California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), and other state privacy laws, you may have additional rights including:

• Right to know what Personal Information we collect, use, disclose, and sell.
• Right to delete Personal Information (with exceptions).
• Right to correct inaccurate Personal Information.
• Right to opt out of sale or sharing of Personal Information.
• Right to limit use of sensitive Personal Information.
• Right not to be discriminated against for exercising your rights.

Categories of data we collect: Identifiers, commercial information, internet/network activity, geolocation data, professional information, and inferences drawn from the above.

"Sale" and "Sharing": We may share data with analytics and advertising partners in ways that may constitute "sale" or "sharing" under some state laws. You can opt out by contacting support@mangagen.com with "Opt-Out Request" in the subject line, or by using our cookie preference controls.

European Union, United Kingdom, and Switzerland (GDPR)

If you are in the EEA, UK, or Switzerland, you have the rights described in Section 10, plus:

• Right to lodge a complaint with your local data protection authority.
• Right to withdraw consent at any time.
• Right to object to automated decision-making with legal effects.

Data Protection Authority: You may file a complaint with the supervisory authority in your country of residence. A list of EEA authorities is available at edpb.europa.eu.

Japan (APPI)

If you are in Japan, the following provisions apply:

• Purpose limitation: We use Personal Information only for the purposes specified at the time of collection.
• Third-party provision: We obtain your consent before providing Personal Data to third parties, except as permitted by law.
• Your rights: Request disclosure, correction, deletion, or cessation of use of Retained Personal Data.
• Overseas transfers: When transferring data overseas, we confirm the receiving country has adequate protection or obtain your consent.

South Korea (PIPA)

If you are in South Korea, the following provisions apply:

• Consent: We obtain your consent before collecting, using, or providing Personal Information to third parties.
• Your rights: Access, correct, delete, suspend processing, and request data portability.
• Automated decisions: You have the right to refuse or request explanation of automated decisions that significantly affect your rights.
• Overseas transfers: We inform you of the recipient, purpose, and items transferred when sending data overseas and obtain consent where required.
• Breach notification: We will notify you and the Personal Information Protection Commission without delay if a data breach occurs that may cause harm.

12. Automated Decision Making

We may use automated systems to detect fraud, enforce safety policies, personalize experiences, and improve the Services. We do not use automated decision making that produces legal or similarly significant effects on individuals without human review where required by law.

If you believe an automated decision has significantly affected you, you may contact us to request human review.

13. Data Security

We implement reasonable administrative, technical, and organizational safeguards to protect Personal Data, including:

• Encryption of data in transit and at rest.
• Access controls and authentication measures.
• Regular security assessments and monitoring.
• Employee training on data protection.
• Incident response procedures.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we strive to protect your data to the best of our ability.

14. Data Breach Notification

In the event of a data breach that affects your Personal Data, we will:

• Take immediate remedial measures to contain and address the breach.
• Notify relevant supervisory authorities as required by applicable law.
• Notify affected individuals without undue delay where required, particularly if the breach poses high risk to your rights and freedoms.

Specific notification timelines vary by jurisdiction (e.g., 72 hours under GDPR, varying state requirements in the US) and we will comply with all applicable legal requirements.

15. Children's Privacy

The Services are not intended for children under 13 (or the minimum age required in your jurisdiction: 16 in some EU countries, 14 in South Korea, 14 in China for certain services).

We do not knowingly collect Personal Data from children below these ages. If you believe a child has provided Personal Data without appropriate consent, please contact us immediately at support@mangagen.com so we can take appropriate action.

If you are under 18 (or the age of majority in your jurisdiction), you must have permission from a parent or guardian to use the Services.

16. Do Not Track

Some browsers offer a "Do Not Track" (DNT) setting. There is no industry consensus on how to respond to DNT signals, and we do not currently respond to DNT signals. However, you can manage tracking through our cookie preferences and opt-out mechanisms described in this policy.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy.
• Provide notice through email, in-app notification, or a prominent notice on our website.
• Where required by law, obtain your consent to the changes.

We encourage you to review this policy periodically.

18. Data Protection Contact

For questions or concerns about our data protection practices, or to exercise your privacy rights, please contact us:

• Email: support@mangagen.com

For EEA/UK Users: Although we have not appointed a formal representative under Article 27 of the GDPR due to our current scale of operations, we are committed to responding to all data protection inquiries. You may contact us at the email above, and we will address your request in accordance with applicable law.

For South Korea Users: For inquiries under PIPA, please contact us at the email above. We will respond to requests in accordance with applicable Korean data protection law.

For Japan Users: For inquiries under APPI, please contact us at the email above.

As our operations grow, we will appoint formal representatives and data protection officers as required by applicable law and update this policy accordingly.