Privacy Policy

Last updated: March 27, 2026

In short: We only collect what's needed to run your account. Your media stays private in your own encrypted bucket. We never sell your data. You can delete everything at any time.

1. Who We Are

SMOOZZ is an AI-powered media management platform operated by FutureMinds. This policy explains how we collect, use, store, and protect your personal data when you use our website at www.smoozz.com and the SMOOZZ application.

For questions about this policy, contact us at privacy@smoozz.com.

2. Data We Collect

Account information

Name, email address — provided when you create an account
Password — stored as a salted SHA-256 hash, never in plain text
Company name — if you provide one (optional for individual accounts)
Subscription plan — Free, Individual, or Corporate

Payment information

Payments are processed by Stripe. We store your Stripe customer ID and subscription ID but never your card number, CVV, or billing details. These are handled entirely by Stripe under their privacy policy.

Media content

Photos and videos you upload to your library
EXIF metadata extracted from your files (camera model, GPS coordinates, date taken, etc.)
AI-generated metadata — descriptions, tags, objects, quality scores, scene analysis, and CLIP embeddings created by our AI during indexing

Usage data

Session data — login timestamps, IP address (for rate limiting and security)
Search queries — to provide search results (not stored permanently)
Basic analytics — page views, feature usage (anonymized)

3. How We Use Your Data

To provide the service — storing your media, running AI analysis, serving search results, generating reels
To manage your account — authentication, subscription management, quota tracking
To send transactional emails — welcome email, password resets, team invitations (via Brevo)
To improve the platform — aggregated, anonymized usage patterns to guide product development
To protect the service — rate limiting, fraud prevention, security monitoring

We never use your media content to train AI models. Your photos and videos are processed solely to generate metadata for your own use.

4. Data Storage & Security

Where your data is stored

Media files — secured cloud object storage, in a private per-account bucket with a unique identifier
Database — Supabase PostgreSQL with Row Level Security (RLS) enabled on all tables
AI embeddings — stored in PostgreSQL via pgvector, isolated per account

Security measures

Passwords hashed with salted SHA-256
HTTPS everywhere (TLS 1.2+)
Per-account bucket isolation (tenants cannot access each other's data)
Row Level Security on all database tables
Rate limiting on authentication endpoints (10 attempts, 5-minute lockout)
Google reCAPTCHA v3 on login/registration
Security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
Session cookies with Secure and HttpOnly flags in production

5. Third-Party Services

We use the following third-party services to operate SMOOZZ:

Cloud storage provider — encrypted media file storage with per-account isolation
Supabase — database hosting (privacy policy)
Stripe — payment processing (privacy policy)
Brevo — transactional emails (privacy policy)
Anthropic (Claude API) — AI analysis of media content (privacy policy)
Google reCAPTCHA — bot protection (privacy policy)

We do not share your personal data with any third party for marketing or advertising purposes.

6. Cookies

We use the following cookies:

Session cookie — to keep you logged in (essential, expires when you close the browser or after inactivity)
GDPR consent — to remember your cookie preference (smoozz_gdpr in localStorage)
Intro video — to avoid replaying the intro (smoozz_intro_seen in localStorage)

We do not use advertising cookies, tracking pixels, or any third-party analytics cookies.

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights under GDPR:

Access — request a copy of your personal data
Rectification — correct inaccurate data in your account settings
Erasure — delete your account and all associated data (available in Account Settings)
Portability — export your media and metadata
Restriction — request we limit processing of your data
Objection — object to processing based on legitimate interests
Withdraw consent — where processing is based on consent, you can withdraw at any time

To exercise any of these rights, email privacy@smoozz.com or use the delete account feature in your Account Settings.

8. Data Retention

Active accounts — data is retained as long as your account is active
Deleted accounts — all personal data, media, and metadata are permanently deleted within 30 days of account deletion
Cancelled subscriptions — your account reverts to the free plan; data is retained unless you delete your account
Security logs — IP addresses and failed login attempts are retained for 90 days

9. Children's Privacy

SMOOZZ is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has created an account, contact us and we will delete it.

10. International Transfers

Your data may be processed in countries outside the EEA where our service providers operate (including the United States). We ensure appropriate safeguards are in place, including standard contractual clauses and service providers' compliance with applicable data protection regulations.

11. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on the website. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions, data requests, or complaints:

Email: privacy@smoozz.com
Company: FutureMinds
Website: www.smoozz.com

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.