Privacy Policy

1. Who this policy covers

This policy covers visitors to our websites, people who create Tuzzle accounts, and the data we process when you use the service. If you build a product on Tuzzle, your end users' uploads and personal data are processed on your behalf and on your instructions; that relationship is governed by our Data Processing Addendum, with you as the controller.

2. Information we collect

We collect only what we need to run the service:

• Account details: name, email address, password hash, and two-factor authentication settings.
• Billing information: your plan, invoice history, and payment method details held by our payment providers. Card numbers never touch Tuzzle's servers.
• Content: the assets you upload, their metadata, and the folders, collections, upload configurations, and settings you create around them.
• Technical data: request logs, IP addresses, user-agent strings, and usage metrics we need to deliver files, bill accurately, and prevent abuse.
• Communications: messages you send to support, and your email preferences.

3. How we use information

We use this information to provide and secure the service, process payments, meter usage against your plan, send service communications such as usage alerts and billing notices, respond to support requests, and improve the product.

We do not sell your personal data. We do not use your assets to train AI models, ours or anyone else's.

4. Legal bases

Where the Nigeria Data Protection Act (NDPA), the GDPR, or similar laws apply, we process data on these bases: performing our contract with you, our legitimate interests in running and protecting the service, your consent where we ask for it, and our legal obligations.

5. Your assets and your end users

Files you upload remain yours. We store, transform, cache, and deliver them only to provide the service, and only according to the access type you set for each asset: public, private, or authenticated.

If your application lets end users upload files, you decide what is collected and why. For personal data inside that content you are the controller and Tuzzle is your processor, as described in the Data Processing Addendum.

6. Face detection

Face-aware cropping runs only when a transform requests it (face, faces, eyes, or auto gravity). The detection step returns bounding-box coordinates that we use to position the crop, and we cache those coordinates so repeated transforms stay fast. We do not identify or recognise individuals, we do not build biometric profiles, and the coordinates are never used for anything except framing the image you asked for.

7. Who we share data with

We share data only where the service requires it:

• Infrastructure providers that store, process, and deliver your assets: object storage, the edge network, and hosting.
• The face-detection provider, which receives image data only for the crops you request.
• Email providers that send transactional mail on our behalf.
• Payment providers that process your charges, including Paystack for Naira billing.
• Authorities, where the law genuinely requires it.
• A successor entity if Tuzzle is acquired or merges, under this same policy.

Each provider is bound by data-protection terms appropriate to its role. The Data Processing Addendum describes our sub-processors in more detail.

8. International transfers

Tuzzle delivers from a global edge network, so data crosses borders by design. Where transfer rules apply, we rely on recognised mechanisms such as standard contractual clauses and the NDPA's transfer provisions.

9. How long we keep data

We keep your data while your account is active. Deleted assets pass through a short trash window before being permanently removed, and cached derivatives expire from the edge on their own schedule. When you close your account we delete your data, except records we are legally required to keep, such as invoices.

10. Security

Assets are encrypted in transit and at rest. Access is controlled with signed URLs, per-asset access types, space-scoped API keys, optional two-factor authentication, and least-privilege access inside our own team. The Security page describes our measures in more detail. No system is perfectly secure, but we treat your content as the product it is.

11. Your rights

Depending on where you live, you can access, correct, export, object to, or delete your personal data. Most of this is available directly from your dashboard; for anything else, email [email protected]. You can also complain to your supervisory authority, such as the NDPC in Nigeria, the ICO in the UK, or your EU member-state authority.

12. Cookies

We use a small number of cookies and similar technologies to keep you signed in, secure forms, and understand aggregate usage. Assets delivered through the CDN set no cookies at all. The Cookie Policy has the full list.

13. Marketing

We only send marketing email you have opted into, and every message includes an unsubscribe link. Service emails, such as usage alerts and billing notices, are part of running your account and are sent regardless.

14. Children

Tuzzle accounts are for adults and businesses. The service is not directed at children and we do not knowingly collect children's data. If your product serves minors, you are responsible for the consents your use case requires.

15. Changes to this policy

We will update this policy as the product evolves. If a change is material, we will tell you in the app or by email before it takes effect, and the date at the top always reflects the latest version.

16. Contact

Email [email protected] for anything in this policy, including data requests. We aim to respond within a few business days.