Introduction
TGLO Labs ("we," "us," or "our") operates the Gezana mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not use the Service.
Data Controller
TGLO Labs is the data controller responsible for your personal data. For privacy-related inquiries, data access requests, or to exercise your rights, contact our privacy team at support@gezana.app.
Last updated: March 28, 2026
Data Inventory
Audit table of core data categories, purposes, storage, sharing, and retention.
| Type | Purpose | Stored | Shared | Retention |
|---|---|---|---|---|
| Contact and account identifiers | Sign in and protect accounts | Secure cloud-based identity systems | Service partners supporting hosting and account access | Until account deletion |
| Profile and preference data | Preferences and personalization | Secure cloud-based processing environments | Service partners supporting service delivery | Until account deletion |
| User-submitted content and generated outputs | Generate AI responses | Secure cloud-based processing environments | Service partners supporting core service functionality | Until account deletion, subject to limited legal or operational exceptions |
| Service performance and usage data | Feature analytics and product improvement | Service performance and analytics platforms | Service partners supporting analytics and product improvement | Limited durations necessary for operational integrity, security, and incident response |
| Subscription and entitlement data | Billing and access control | Subscription administration systems and secure service records | Service partners supporting billing, subscription administration, and marketplace transactions | Maintained as needed for service delivery, dispute resolution, and legal compliance |
| Reliability and diagnostic data | Stability and incident response | Service reliability and incident response platforms | Service partners supporting reliability monitoring and incident response | Limited durations necessary for operational integrity, security, and incident response |
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:
| Data Type | Legal Basis |
|---|---|
| Contact and account identifiers | Contract performance - necessary to provide the Service |
| User-submitted content and prompts | Contract performance - necessary to generate AI responses |
| Subscription and billing data | Contract performance - necessary to process payments |
| Service performance and usage data | Legitimate interest - improving Service quality and user experience |
| Reliability and diagnostic data | Legitimate interest - maintaining Service stability and security |
| Marketing communications | Consent - only with your explicit opt-in |
Where we rely on legitimate interest, we have conducted a balancing test to ensure your rights and freedoms are not overridden. You may object to processing based on legitimate interest by contacting support@gezana.app.
Service Partners
We rely on carefully selected service partners to support hosting, identity and account access, subscription administration, analytics, reliability monitoring, and core service functionality. These parties process information only as needed to perform those functions on our behalf and subject to appropriate confidentiality, security, and data protection obligations.
- Hosting and account access support
- Core service functionality and processing support
- Subscription administration and billing support
- Service analytics and performance support
- Reliability monitoring and incident response support
Retention
| Category | Rule |
|---|---|
| Operational logs | Limited durations necessary for operational integrity, security, and incident response |
| Webhook traces | Limited durations necessary for operational integrity, security, and incident response |
| Durable account records | Maintained as needed for service delivery, dispute resolution, and legal compliance |
User Rights
- Access
- Delete (app/email)
- Correct
- Object
- Delete: In-app or email support@gezana.app.
AI Processing
User-submitted content is processed solely as necessary to provide the Service and generate requested outputs. Such content is not used to train external foundational or generative models.
Children
The Service is not intended for individuals below the minimum age required to use it under applicable law and, in any event, is not intended for users under 12.
International Transfers
Your information may be processed in secure regional service zones where the Service and its supporting operations are maintained. Where required by applicable law, we rely on legally recognized international data transfer mechanisms and safeguards.
Automated Decision-Making
Gezana uses artificial intelligence to generate conversational responses based on your inputs. This AI processing is essential to provide the core functionality of the Service.
What we do: AI generates text responses to your messages. Content moderation filters may automatically block certain inputs or outputs to prevent harmful content.
What we do NOT do: We do not use automated decision-making to make legal or similarly significant decisions about you. Account actions (suspension, termination) are reviewed by humans. Subscription eligibility is determined by your payment status, not AI profiling.
You have the right to request human review of any automated decision that significantly affects you. Contact support@gezana.app for such requests.
Your Privacy Rights (California - CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Categories of Personal Information Collected: Identifiers (email, name), commercial information (subscription status), internet activity (usage data), and inferences (chat context).
Do Not Sell or Share My Personal Information: TGLO Labs does not sell your personal information as defined by the CCPA. We do not share personal information for targeted advertising purposes. Disclosures are limited to service categories necessary to operate the Service, including hosting, identity and account access, core functionality, subscription administration, analytics, and service reliability support.
To exercise your California privacy rights, contact support@gezana.app. We will verify your identity before processing requests.
How We Protect Your Data
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: We use industry-standard encryption protocols for data in transit and at rest.
- Access Controls: Strict logical data isolation and identity-based access controls are used to limit access to authorized personnel and permitted account activity.
- Authentication: We support secure sign-in and account access through email-based verification and industry-standard federated identity providers. Session tokens are securely stored on your device.
- Partner Diligence: We assess service partners using contractual, security, and operational diligence appropriate to the role they perform and the data they process.
- Incident Response: We maintain incident response procedures to detect, investigate, contain, and respond to potential security incidents.
While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.
Data Breach Notification
In the event of a verified unauthorized access or security incident requiring notice, notification will be provided in accordance with applicable statutory requirements and timelines. Where required, notices will describe the nature of the incident, likely consequences, and the measures taken to address it.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make substantive updates, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, through in-app notifications or email.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: support@gezana.app
- Privacy Contact: support@gezana.app
If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.