TazTaz
FeaturesPricingAboutContact
Sign inGet Started

Legal

Privacy Policy

Last updated: June 29, 2026

1. Introduction

Taz Technologies (“Taz,” “we,” “us,” or “our”) operates the aitaz.com platform and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We are committed to protecting your privacy and handling your data with transparency and care.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password (hashed with scrypt), company name, and billing information when you create an account or subscribe to a paid plan.
  • Store Content: Product information, images, descriptions, pricing, and any other content you upload or create through the platform.
  • Communications: Messages you send to us through contact forms, email, or support channels.
  • Payment Information: We do not directly store credit card numbers. Payment processing is handled by third-party providers (Razorpay, Stripe, Cashfree) who maintain PCI DSS compliance.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns within the admin dashboard.
  • Device Information: Browser type, operating system, device type, screen resolution, and language preferences.
  • Log Data: IP address, access times, referring URLs, and error logs for debugging and security purposes.
  • Performance Data: Page load times, API response times, and error rates to maintain service quality.

2.3 Customer Data (Merchant Stores)

When end customers interact with stores built on Taz, we process data on behalf of the merchant. This includes customer names, email addresses, shipping addresses, order history, and payment transaction records. Merchants are the data controllers for their customer data; Taz acts as a data processor.

3. How We Use Your Information

  • Service Delivery: To provide, maintain, and improve the Taz platform, including AI-powered features like store generation, copilot assistance, and analytics insights.
  • Account Management: To manage your account, process payments, and communicate with you about your subscription and store.
  • AI Features: To power AI store generation, product description writing, analytics insights, and copilot interactions. AI prompts and responses are not used to train models for other customers.
  • Security: To detect, prevent, and address technical issues, fraud, and security threats. This includes rate limiting, RBAC enforcement, and audit logging.
  • Analytics: To understand how merchants use the platform and identify areas for improvement. We use aggregated, anonymized data for this purpose.
  • Communications: To send transactional emails (order confirmations, password resets), service updates, and, with your consent, marketing communications.

4. Data Security

We implement comprehensive security measures to protect your data:

  • Row-Level Security (RLS): All tenant data is isolated at the database level. The application connects as a restricted role (NOBYPASSRLS) that cannot access data across tenant boundaries.
  • Encryption: Sensitive credentials are encrypted with AES-256-GCM via our SecretBoxService. All data is encrypted in transit via TLS 1.3.
  • Authentication: Passwords are hashed with scrypt. Admin sessions use short-lived JWT tokens (4-hour TTL) with refresh token rotation. Two-factor authentication (TOTP) is available.
  • Access Control: Role-based access control (RBAC) with @Roles decorators on all API endpoints. Audit logging tracks all administrative actions.
  • Content Security Policy: Strict CSP headers prevent XSS attacks across both the admin dashboard and storefronts.
  • Infrastructure: Hosted on Railway with automatic SSL, health monitoring, and multi-region failover capabilities.

5. Data Sharing & Third Parties

We share your information only in the following circumstances:

  • Payment Processors: Razorpay, Stripe, Cashfree, and other configured payment providers receive transaction data necessary to process payments.
  • AI Providers: We use Anthropic's Claude for AI features. Prompts sent to the AI include store context but not customer personal data. Anthropic does not use our API inputs to train their models.
  • Email Services: Transactional email providers (Resend) receive recipient email addresses and message content to deliver emails on your behalf.
  • Search Services: Typesense receives product catalog data for search indexing.
  • Legal Requirements: We may disclose your information if required by law, subpoena, or court order, or to protect our rights, property, or safety.

We do not sell your personal information to third parties. We do not share customer data between merchants. Each merchant's data is strictly isolated.

6. Data Retention

  • Account Data: Retained for the lifetime of your account plus 30 days after deletion to allow recovery.
  • Store & Customer Data: Retained for the lifetime of the merchant account. Merchants can export all data at any time.
  • Log Data: Security and access logs are retained for 90 days. Audit logs are retained for 1 year.
  • Backups: Database backups are retained for 30 days and then permanently deleted.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format (JSON/CSV export).
  • Objection: Object to processing of your personal data for marketing purposes.
  • Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at privacy@aitaz.com. We will respond within 30 days.

8. Cookies & Tracking

The Taz admin dashboard uses essential cookies for authentication (JWT tokens stored in localStorage) and session management. We do not use third-party tracking cookies or advertising pixels on the admin dashboard.

Merchant storefronts may include analytics scripts configured by the merchant. The availability and behavior of these scripts is controlled by the merchant, not by Taz.

9. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

10. International Data Transfers

Our servers are located in the United States (SFO region). If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We implement appropriate safeguards to protect your data regardless of where it is processed.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the platform at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

  • Email: privacy@aitaz.com
  • General: hello@aitaz.com
TazTaz

The AI-native commerce platform. Build, launch, and grow your online store with artificial intelligence — from first idea to thousandth order.

Product

  • AI Store Builder
  • Visual Editor
  • AI Copilot
  • Themes
  • Payments
  • Analytics

Use Cases

  • Products & Inventory
  • Mobile Commerce
  • All Features
  • Pricing

Company

  • About Taz
  • Careers
  • Contact Us
  • System Status

Legal

  • Terms of Service
  • Privacy Policy

© 2026 Taz (aitaz.com). All rights reserved.

Terms of ServicePrivacy PolicyContact