Privacy Policy

Msasa is a service of Msasa, Inc.

Last updated: 15 March 2026

1. Who We Are

Msasa, Inc. (“Msasa,” “we,” “our,” “us”) operates the Msasa web application and related services (the “Service”).

Legal entity: Msasa, Inc
Contact: privacy@msasa.ai

2. Scope of This Policy

This Privacy Policy explains how we collect, use, share, and protect personal data when you use our Service, including when you connect third-party integrations (such as accounting platforms, CRM systems, spreadsheets, collaboration tools, and AI features).

Depending on the context, Msasa may process personal data directly as part of providing the Service to you, or on behalf of our business customers when they use Msasa with their own data and connected systems.

3. Information We Collect

We collect the following categories of information:

Account data

Examples: name (if provided), email address, authentication/session identifiers, organization/workspace details.
Source: you.

Usage and device data

Examples: log data, pages/actions in the Service, IP address, device/browser type, approximate location derived from IP, performance data, and information associated with analytics or similar technologies.
Source: collected automatically.

Customer content and integration data

Examples: data you input to the Service and data retrieved from or sent to third-party integrations you connect (which may include contact details, invoices, billing information, transaction references, and other business records that can include personal data).
Source: you and your connected services.

Support communications

Examples: emails, chat messages, and bug reports you send to us.
Source: you.

Inquiry and scheduling data

Examples: information you provide when requesting a demo, booking a meeting, or otherwise contacting us about the Service.
Source: you and service providers you use to schedule with us.

4. How We Use Your Information

We use personal data to:

Provide the Service: authenticate users, operate workflows, enable integrations, and deliver requested features.
Operate, maintain, and secure the Service: monitor performance, debug issues, prevent fraud/misuse, and protect the Service.
Communicate with you: respond to requests and send important service notices (and, where permitted, product updates).
Comply with legal obligations: including accounting, tax, and regulatory requirements where applicable.

GDPR legal bases: contract performance, legitimate interests, and consent where required.

5. Cookies, Analytics, and Similar Technologies

We and our service providers may use cookies, local storage, and similar technologies to operate the website and Service, remember preferences, understand usage, attribute traffic sources, and improve performance.

You can manage cookies through your browser settings. Some technologies may still be used where needed for core functionality, security, or service delivery.

6. Sharing and Disclosure

We share personal data only as necessary to provide and operate the Service, including with:

Sub-processors and service providers (e.g., hosting, authentication, logging/monitoring, integrations, AI model providers, and scheduling or communications providers) that process data on our behalf under contractual obligations.
Authorities and legal requests where required to comply with law or valid legal process.
Corporate events (e.g., merger, acquisition, financing, or sale of assets), in which case we will take appropriate steps to protect your information.

We do not sell personal data.

For transparency, we publish our current list of sub-processors here: /legal/subprocessors.

7. International Transfers

Our service providers and sub-processors may process data in different countries. Where required, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.

8. Data Retention

We retain personal data for as long as necessary to provide the Service and for legitimate business purposes, including to meet legal, tax, accounting, and audit requirements.

You may request deletion of your data, subject to applicable law and contractual obligations.

9. Your Rights

If you are located in the EEA/UK, you may have rights to access, correct, delete, restrict or object to processing, and port your personal data. To exercise your rights, contact privacy@msasa.ai.

10. Security

We use technical and organizational measures designed to protect personal data, including encryption in transit (TLS), access controls, and logging/monitoring. For managed cloud storage services, encryption at rest is provided by our cloud providers.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children.

12. Changes to This Policy

We will post updates on this page. If changes are material, we will provide notice via email and/or in-app notification.

13. Contact

If you have questions or requests about this Privacy Policy or our privacy practices, contact us at privacy@msasa.ai (or hello@msasa.ai).