Hana, Inc.

Privacy Policy

Effective: October 1, 2025 | Last updated: October 1, 2025

Hana, Inc. ("Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, share, and protect information when you use the HanaWeb platform and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

1. Information We Collect

We collect information in several ways depending on how you interact with the Service. The types of information we collect include:

Information You Provide Directly

  • Account registration information, including your email address, name, and password
  • Profile information such as your display name, profile picture, biography, and language preferences
  • Content you create, upload, or share through the Service, including event details, descriptions, images, and brand configurations
  • Communications with us, including support requests, feedback, and correspondence
  • Payment and transaction information — though complete payment card details are processed and stored exclusively by our PCI-compliant payment processor, Stripe, and are never stored on our servers
  • Business information provided by merchants, including brand details, event configurations, pricing, and operational data

Information Collected Automatically

  • Device and browser information, including device type, operating system, browser type, and screen resolution
  • Usage data, including pages visited, features used, actions taken, and time spent on the Service
  • Log data, including IP address, access times, referring URLs, and error logs
  • Cookies and similar tracking technologies (see Section 8 for details)
  • General location information derived from your IP address

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, maintain, and improve the Service, including personalizing your experience and delivering content and features relevant to you
  • To process transactions, send transaction confirmations, and provide related customer support, including ticket purchases, event registrations, and subscription management
  • To send you technical notices, security alerts, and administrative messages necessary for the operation of the Service
  • To respond to your comments, questions, and customer service requests
  • To detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities, and to protect the rights, property, and safety of the Company, our users, and the public
  • To analyze trends, usage, and activities in connection with the Service to improve our products and develop new features
  • To send you promotional communications, such as information about features, newsletters, and events, where permitted by law — you may opt out of these communications at any time
  • To comply with legal obligations, enforce our Terms of Service, and protect the Company's legal rights

We process your personal information based on the following legal grounds:

  • Contract performance — Processing necessary to fulfill our contractual obligations to you, such as providing the Service and processing transactions
  • Consent — Processing based on your explicit consent, such as sending marketing communications. You may withdraw consent at any time.
  • Legitimate interests — Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your data protection rights
  • Legal obligation — Processing required to comply with applicable laws and regulations

4. Information Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information in the following limited circumstances:

  • With your explicit consent or at your direction
  • With merchants, when you interact with their brands, events, or services — merchants receive only the information necessary to fulfill your transaction and manage their relationship with you
  • With trusted third-party service providers who perform services on our behalf, such as payment processing, hosting, database management, email delivery, and AI processing. These providers are contractually obligated to protect your information and use it only as directed by us.
  • To comply with applicable law, regulation, legal process, or governmental request
  • To protect the rights, privacy, safety, or property of the Company, our users, or the public, as required or permitted by law
  • In connection with a merger, acquisition, reorganization, bankruptcy, or other business transfer, in which case the successor entity will be bound by this Privacy Policy

We may share aggregated or de-identified information that cannot reasonably be used to identify you, for purposes such as analytics, research, and industry reporting.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit using TLS/HTTPS and encryption of data at rest using AES-256 disk-level encryption
  • Row-level security policies on our database, ensuring users can only access data they are authorized to view
  • Secure authentication using cryptographic token verification, httpOnly cookies, and automated session invalidation
  • No storage of complete payment card information — all payment data is processed by our PCI DSS Level 1 certified payment processor
  • Secure development practices including code review, automated testing, type checking, and continuous integration gates

While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We may also retain certain information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes.

When your account is deleted, we will delete or anonymize your personal information within a reasonable time frame, except where retention is required by law or for legitimate business purposes such as fraud prevention or financial record-keeping.

Some data may be soft-deleted (marked as inactive) rather than permanently removed, to maintain data integrity and audit trails. Soft-deleted data is excluded from active use and regular queries.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Right of access — You may request a copy of the personal information we hold about you
  • Right to rectification — You may request that we correct inaccurate or incomplete personal information
  • Right to deletion — You may request that we delete your personal information, subject to certain legal exceptions
  • Right to object — You may object to our processing of your personal information in certain circumstances
  • Right to data portability — You may request to receive your personal information in a structured, commonly used, and machine-readable format
  • Right to restrict processing — You may request that we limit how we use your personal information
  • Right to withdraw consent — Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing performed prior to withdrawal

To exercise any of these rights, please contact us at privacy@hanaweb.com. We will respond to your request within thirty (30) days. We may ask you to verify your identity before processing your request.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on the Service. Cookies are small data files stored on your device that help us provide and improve the Service.

  • Essential cookies — Required for the Service to function properly, including authentication cookies, session management, and security tokens. These cookies cannot be disabled.
  • Functional cookies — Used to remember your preferences and settings, such as language selection and display preferences
  • Analytics cookies — Help us understand how users interact with the Service so we can improve its functionality and user experience

You can control cookies through your browser settings. Please note that disabling essential cookies may prevent you from using certain features of the Service.

9. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

We take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through contractual safeguards with our service providers.

10. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe that a child under 16 has provided us with personal information, please contact us at privacy@hanaweb.com.

11. Third-Party Links and Services

The Service may contain links to third-party websites and services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Service. Our integration with third-party services, including Stripe, Supabase, Cloudflare, Resend, Telnyx, and OpenAI, is governed by our agreements with those providers and their respective privacy policies.

12. Additional Rights for California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, and the right to opt out of the sale of your personal information. As stated above, we do not sell your personal information. To exercise your rights under the CCPA, please contact us at privacy@hanaweb.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by law, provide additional notice. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at privacy@hanaweb.com .

Hana, Inc.