Privacy Policy

Effective date: April 22, 2026

1. Introduction

This Privacy Policy explains how haus (“haus,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects information when you use our website at joinhaus.ai and the haus web application (collectively, the “Service”). By using the Service, you agree to the practices described in this policy.

haus is a creator revenue operating system that helps creators manage brand deals through three AI agents: an Ops Agent for inbound email triage, contracts, scheduling, invoicing, and payment follow-up; a Sales Agent for outbound pitching, pricing, and negotiation drafts; and a Content Agent for briefs, content calendars, and performance reports. The agents read data from the platforms you connect, draft actions on your behalf, and execute approved actions (such as sending an email or creating a calendar event) only with your authorization.

2. Information We Collect

2.1 Account Information

When you sign up, we collect your name, email address, profile image, and authentication identifiers from your chosen sign-in provider (e.g., Google). If you connect additional accounts below, we associate their identifiers with your haus account.

2.2 Google User Data (Gmail, Calendar, Profile)

With your explicit consent during Google OAuth, haus may access the following Google user data. Each scope is only requested when you enable the corresponding feature, and only the minimum scope necessary is used.

  • Google profile (openid, name, email, profile picture) — used to create and identify your haus account.
  • Gmail — read (gmail.readonly or gmail.modify) — the Ops Agent reads inbound messages, metadata, and thread context to identify brand-deal emails, extract deal terms (brand, deliverables, compensation, deadlines), detect follow-ups, and organize your inbox with labels.
  • Gmail — compose, send, and modify on your behalf (gmail.compose, gmail.send, gmail.modify) — haus drafts replies, outbound pitches, counter-offers, and follow-ups. Messages are only sent after you either (a) approve them individually in the haus interface, or (b) enable a specific auto-send workflow you have explicitly configured (see Section 6 on AI Workflow Customization).
  • Google Calendar — read, create, update, and delete events (calendar, calendar.events) — haus reads your availability to propose meeting times, creates events for brand deal deadlines, content deliverables, and meetings, and can send Google Calendar invitations to brand contacts on your behalf when you approve a scheduling action.
  • Google Analytics (where you connect it, analytics.readonly) — read-only access to aggregated view/traffic metrics that you designate so the Content Agent can include them in brand performance reports.
  • Google Drive (file-level, optional, drive.file) — haus only accesses files you explicitly select or create within the haus app (media kits, contracts, invoices). haus never scans your entire Drive.

You can revoke Google access at any time at myaccount.google.com/permissions.

2.3 Instagram / Meta Data

When you connect an Instagram professional (Business or Creator) account via Meta OAuth, haus receives, via the Instagram Graph API and Meta Graph API:

  • Account identifiers, username, profile picture, account type, follower and following counts, biography, and website URL.
  • Your posts, Reels, Stories, and other media you have published, including captions, hashtags, timestamps, and media URLs.
  • Insights and performance metrics on your media (impressions, reach, engagement, saves, video views) used to generate brand reports.
  • Comments and mentions on your content, which the Ops Agent may scan for brand-deal inquiries.
  • Business Messaging / Instagram Direct Messages (only when you enable the inbox-triage feature) so haus can identify brand inquiries received by DM and draft replies for your approval.

haus uses Meta data solely to deliver the features you request, complies with the Meta Platform Terms and Meta Developer Policies, and does not sell, license, or use Meta data for advertising targeting.

2.4 YouTube Data

When you connect a YouTube channel via Google OAuth, haus uses the YouTube API Services. By connecting, you also agree to the YouTube Terms of Service.

We may receive:

  • Channel metadata (channel ID, title, description, handle, thumbnails, subscriber count, view count).
  • Video metadata (video IDs, titles, descriptions, tags, thumbnails, publish time, privacy status).
  • YouTube Analytics and reporting data for your videos and channel (views, watch time, audience retention, traffic sources), used for brand performance reports.
  • Comments on your videos, scanned for brand-deal inquiries when that feature is enabled.

You can revoke the YouTube API Services access granted to haus through the Google security settings page at myaccount.google.com/permissions.

2.5 TikTok Data

When you connect TikTok via TikTok Login Kit / TikTok for Developers OAuth, and subject to the TikTok API Terms of Service, haus may receive:

  • Your TikTok profile (open ID, union ID, username, display name, avatar, bio, follower/following counts).
  • Your public videos (video ID, caption, cover image, statistics, create time).
  • Video analytics and performance data (views, likes, comments, shares) for brand reporting.

2.6 Content You Provide

Content you create inside haus — brand briefs, notes, pitch templates, approved messaging, contract uploads, performance metrics, approvals, and the instructions you give the AI agents.

2.7 AI Workflow Customization

You can configure AI agent workflows (e.g., rules for when a pitch is auto-sent, how to triage brand inquiries, which calendar template to use). We store these workflow rules, prompts, and approvals to operate the agents consistent with your preferences. Agent actions and their input/output are logged for audit, troubleshooting, and your review.

2.8 Usage, Device Data, and Cookies

We collect log data such as IP address, device and browser information, timestamps, pages viewed, and feature interactions. We use cookies and similar technologies for session management, preference storage (such as language), security, and product analytics.

2.9 Site Analytics

We use Google Analytics (through the NEXT_PUBLIC_GA_ID integration) on our marketing site and, in an aggregated and de-identified form, inside the app to understand feature usage and performance. Google Analytics may set cookies; you can opt out via the Google Analytics opt-out browser add-on or through your in-app privacy controls. We do not send Google user data, Instagram, YouTube, or TikTok content to Google Analytics.

3. How We Use Information

  • To provide, operate, maintain, and improve the Service.
  • To run the AI agents on your explicit instructions: reading inboxes and social inboxes, drafting pitches and counter-offers, reviewing contracts, tracking deliverables, issuing invoices, producing performance reports, and creating or sending calendar events you approve.
  • To send messages, create calendar events, and take other actions on your behalf only with your authorization (one-click approval or an explicit automation rule you have configured).
  • To authenticate you, secure your account, detect fraud and abuse, and enforce these terms.
  • To communicate with you about product updates, security notices, and support.
  • To comply with legal obligations and respond to lawful requests.

4. Google API Services — Limited Use

haus's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, haus:

  • Only uses Google user data to provide or improve user-facing features of the Service that are prominent in the haus user interface.
  • Does not transfer Google user data to third parties except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • Does not use Google user data to serve advertisements, including retargeting, personalized, or interest-based advertising.
  • Does not allow humans to read Google user data unless (a) we have your affirmative agreement to view specific messages, (b) it is necessary for security (e.g., investigating abuse), (c) to comply with applicable law, or (d) the data has been aggregated and anonymized for internal operations such as quality analysis or debugging.
  • Does not use Google user data to train or develop generalized / foundation machine-learning models. Data is only passed to model providers to produce an output for your specific in-product request (see Section 7).

5. YouTube API Services Notice

Functionality that touches YouTube is built using YouTube API Services. Your use of those features is additionally governed by the YouTube Terms of Service and the Google Privacy Policy. haus stores only the YouTube data needed for in-product features and honors deletion requests (Section 9).

6. AI Workflow Customization and Agent Actions

You can customize how the AI agents behave — for example, which inboxes to triage, the tone of pitches, pricing guardrails, which actions require manual approval, and which may auto-execute within limits you set. haus discloses every agent action in your activity log with sufficient detail to understand what was read, what was drafted, what was sent, and to whom.

Automated sending or posting is off by default. Any feature that sends email on your behalf, creates or dispatches calendar invitations, replies to DMs, or publishes content requires either explicit approval of the specific action or an automation rule you have personally enabled and that you may disable at any time.

7. Subprocessors and Third-Party Services

We use trusted third-party providers under contractual data protection obligations to operate the Service. Categories include:

  • Cloud hosting — application hosting, storage, and databases (e.g., AWS, Google Cloud, Supabase/Postgres).
  • Authentication / identity — Google OAuth, Meta OAuth, TikTok Login Kit.
  • AI model providers — large-language- model vendors (e.g., Anthropic, OpenAI) that process prompts to produce agent outputs on your behalf, under no-training / zero-retention terms where offered.
  • Email sending — where haus relays outbound messages, this is done via your own Gmail account under the permission you granted; haus does not send brand emails from a third-party transactional sender.
  • Product / site analytics — Google Analytics, limited to de-identified product usage signals. Google user data (Gmail, Calendar), Instagram, YouTube, and TikTok content are never sent to analytics providers.

8. Data Sharing

We do not sell personal data. We share data only with (a) subprocessors listed in Section 7 to operate the Service, (b) parties you direct us to share with (such as brands when you send them an invoice or report), (c) professional advisors and authorities as required by law, or (d) a successor entity in the event of a merger, acquisition, or asset sale, with notice.

9. Data Retention and Deletion

We retain account and deal data while your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce agreements. You can delete your account or disconnect any individual platform at any time from the haus settings. On deletion request, or on revocation of a platform permission, haus deletes the corresponding platform data within 30 days (subject to legal retention). You can also email Jazz@thecreatorshaus.com to request deletion.

10. Security

We apply administrative, technical, and physical safeguards designed to protect your data, including encryption in transit (TLS), encryption at rest, least-privilege access controls, and secret management. No system is 100% secure, and we cannot guarantee absolute security.

11. Your Rights

Depending on your location (including the EEA, UK, California, and other jurisdictions with applicable privacy laws), you may have the right to access, correct, delete, port, or restrict use of your personal data, and to object to certain processing. To exercise these rights email Jazz@thecreatorshaus.com.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect data from them.

13. International Transfers

haus is operated from the United States. If you use the Service from outside the US, your data will be transferred to and processed in the US and other countries where our subprocessors operate, under safeguards such as standard contractual clauses where required.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or an in-app notice and will be reflected by an updated “Effective Date” at the top of this page.

15. Contact

Questions about this policy, your data, or to exercise your rights: Jazz@thecreatorshaus.com.

Privacy Policy | haus