Privacy Policy

1. Who we are

Konny is operated by Haze On (PTY) Ltd, a private company incorporated in the Republic of South Africa (“we”, “us”, “Haze On”). For the purposes of POPIA, Haze On (PTY) Ltd is the responsible party for the personal information processed through the Service.

Contact / Information Officer: info@hazeon.co.za

2. Scope

This Privacy Policy applies to personal information we collect when you visit our landing site, create an account, use the Konny web or mobile application, contact our support team or interact with us in any other way related to the Service.

3. Information we collect

3.1 Information you provide

• Account information: name, email address, password (hashed), profile picture (optional), organisation/role;
• Billing information: billing name and address, VAT/tax identifiers, transaction references. Card and bank details are collected and stored directly by our PCI-compliant payment provider and are not stored on our servers;
• Content you upload: video files, audio, images, transcripts and any text you submit to chat or prompts;
• Communications: emails, support tickets, feedback you send us.

3.2 Information collected automatically

• Device and connection data (IP address, user agent, device identifiers, operating system);
• Usage data (pages viewed, features used, timestamps, error logs, performance metrics);
• Cookies and similar storage technologies (see section 10).

3.3 Information generated by the Service

• AI-generated outputs derived from your content (transcripts, scores, summaries, rewrites);
• Account activity history, credit/token usage, invoices.

4. How and why we use your information

• To provide, operate and maintain the Service, including processing uploads, generating AI analyses and delivering results;
• To create and manage your account, authenticate you and provide customer support;
• To process payments, manage subscriptions, prevent fraud and issue invoices;
• To send service-related communications (account, security, billing, important changes);
• To improve, debug and secure the Service (analytics, error monitoring, abuse prevention);
• To send marketing or product-update emails where you have opted in — you can unsubscribe at any time;
• To comply with legal obligations and respond to lawful requests from authorities.

We do not sell your personal information, and we do not use your uploaded content to train our underlying AI models.

5. Lawful basis for processing

Under POPIA, we rely on the following justifications:

• Performance of a contract with you (providing the Service you signed up for);
• Your consent (for example, optional marketing emails — which you can withdraw at any time);
• Compliance with a legal obligation (such as tax, accounting and anti-fraud laws);
• Our legitimate interests (such as securing the Service, preventing abuse and improving features), where these are not overridden by your rights.

6. Sharing & operators

We share personal information only with parties that need it to help us provide the Service, under written agreements that require them to protect the information in line with POPIA:

• Cloud hosting & storage (including Microsoft Azure) for compute, storage and AI inference;
• AI/LLM providers used as operators to generate analyses, rewrites and chat responses;
• Payment gateways for subscription billing, refunds and fraud prevention;
• Email and notification providers for transactional messaging;
• Analytics and error-monitoring providers for service health;
• Professional advisors (accountants, lawyers) where strictly necessary;
• Authorities where required by law, court order or to protect our legal rights.

We may also share information in the context of a corporate transaction (such as a merger, acquisition or sale of assets), in which case we will require the recipient to honour this Privacy Policy.

7. Cross-border transfers

Some of our service providers are located outside South Africa (for example, in the European Union or the United States). Where we transfer personal information across borders, we do so in accordance with section 72 of POPIA, relying on one or more of: (a) the recipient being subject to laws or binding agreements that provide adequate protection; (b) your consent; or (c) the transfer being necessary for the performance of our contract with you.

8. Retention

We keep personal information only for as long as is necessary for the purposes described in this policy, or as required by law:

• Account information: for as long as your account is active, and for a reasonable period thereafter to handle disputes, fulfil legal obligations and enforce our terms;
• Uploaded content and derived AI outputs: until you delete them or close your account, after which we delete them from active systems within a reasonable period (backups may persist for a limited additional period);
• Billing records: retained for the periods required by South African tax and company law (typically at least 5 years).

9. Security

We take reasonable and appropriate technical and organisational measures to safeguard personal information, including encryption in transit (TLS), encryption at rest for stored files where supported by our cloud provider, access controls, hashed passwords, audit logging and least-privilege access. No system is perfectly secure; if we become aware of a security compromise that materially affects you, we will notify you and the Information Regulator as required by POPIA.

10. Cookies & local storage

We use cookies and similar browser storage to keep you signed in, remember preferences, secure the Service against abuse and measure usage. Strictly necessary cookies are used without consent because the Service cannot function without them. You can clear cookies through your browser settings, but doing so may affect functionality such as staying signed in.

11. Children

The Service is not directed to children under the age of 18 and we do not knowingly process personal information of children. If you believe a child has provided us with personal information, please contact us so we can delete it.

12. AI processing of your content

To deliver the Service, your uploaded content (such as videos, audio, transcripts and chat messages) is processed by AI systems, including third-party large-language-model and vision providers acting as our operators. These providers process the data on our instructions to generate the output you requested.

Konny does not use your content to train its own foundational AI models. Our AI providers operate under contractual restrictions that prohibit them from using your content to train publicly-available models.

13. Your POPIA rights

Subject to POPIA, you have the right to:

• Access the personal information we hold about you;
• Correct or update inaccurate or out-of-date information;
• Delete personal information that we are no longer entitled to retain;
• Object to processing on certain grounds, including direct marketing;
• Withdraw consent at any time, where processing is based on consent;
• Lodge a complaint with the Information Regulator of South Africa.

To exercise any of these rights, please email info@hazeon.co.za. We may need to verify your identity before acting on your request. We will respond within a reasonable time and, where applicable, within the timeframes prescribed by POPIA.

14. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of the page will reflect the most recent revision. Material changes will be communicated through the Service or by email where appropriate.

15. Contact & complaints

If you have any questions about this Privacy Policy or how we handle your personal information, please contact our Information Officer at info@hazeon.co.za.

You also have the right to lodge a complaint with the Information Regulator of South Africa:

• Website: https://inforegulator.org.za
• Email: complaints.IR@justice.gov.za