Privacy Notice

Last updated: 3 August 2025

1. Introduction

Manzhuma ("we", "us", "our") is committed to protecting your privacy. This Privacy Notice explains how we collect, use, disclose and safeguard your personal data when you use our website, applications and related services (collectively, the "Service"). If you do not agree with this Notice, please do not use the Service.

2. Information we collect

2.1. Information you provide

Account data - name, email, password and any optional profile details.
Content - data or files you create or upload (tasks, projects, comments, attachments, etc.).
Billing data - card details, billing address and other payment information handled by our payment processor Dodo Payments; we never store full card numbers.
Support interactions - messages, tickets, feedback and survey responses.

2.2. Information collected automatically

Usage data - features used, actions taken, session duration.
Device / log data - IP address, browser, OS, device identifiers, timestamps, referrer pages.
Cookies / local storage - only cookies that are strictly necessary for site operation.

3. How & why we use your data - with the legal basis

Purpose	Example activities	Legal basis (GDPR Art 6)
Provide & operate the Service	account creation, workspace collaboration	Contract (b)
Process payments & manage subscriptions	invoicing, fraud checks	Contract (b)
Communicate with you	support replies, transactional emails	Contract (b)
Improve and secure the Service	crash analytics, threat detection	Legitimate interest (f)
Comply with law	tax, accounting, legal requests	Legal obligation (c)
Optional marketing (if you opt-in)	news, offers	Consent (a)

4. How we share information

We disclose data only:

To service providers performing functions such as cloud hosting, payment processing (Dodo Payments) or optional analytics; they may access data solely to provide these services.
For legal reasons when required by law or valid government request.
With your consent or within your organisation according to role-based permissions.

5. International transfers

Primary data storage is located in Frankfurt (EU). Where data are accessed from outside the EEA, transfers rely on the EU Standard Contractual Clauses or equivalent safeguards.

6. Security

All traffic is protected by TLS 1.3 in transit and data are stored using AES-256 encryption at rest. Additional measures include MFA, role-based access controls and regular security audits. Our payment processor, Dodo Payments, handles card data under PCI-DSS requirements. No internet system can be 100 % secure, but we aim for industry-leading protection.

7. Your rights

Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict or port your data, or object to our processing. Contact us at contact@manzhuma.com to exercise any right; we may verify your identity first.

8. Retention

We keep data only as long as needed for the purposes above or to satisfy legal requirements, after which we delete or anonymise it.

9. Children

The Service is not directed to children under 16. If we learn we have collected such data without parental consent we will delete it.

10. Changes

We may update this Notice; the "Last updated" date will change accordingly. Continued use of the Service signifies acceptance of the updated Notice.