Privacy Policy

The short version (Highlights)

This summary is a friendly orientation, not a substitute for the full policy below.

  • You can design, save, and share mazes with no account and no personal information at all. Free and anonymous is the default way to use Mazedly.
  • We ask for a little more only when you choose to give it. If you sign in, we hold a verified email address and an optional display name — nothing else. No postal address, no phone number, no date of birth.
  • Our engine is deterministic and algorithmic. We do not use generative AI, and we never train any model on your content. We say this as a promise, not as fine print.
  • Analytics are on by default, but they are anonymous. We measure the site, not you: we can see that a visitor viewed a page, never that a named person did. Advertising, personalization, and cross-site signals are off, we anonymize IP addresses, and we honor the Global Privacy Control signal. You can opt out at any time.
  • We do not sell or share your personal information, we run no advertising trackers or ad pixels, and we never trade your data to advertisers.
  • What you make is private until you decide otherwise. Sharing a maze creates a link; publishing a maze makes it public and searchable and shows your account username. You can revert either choice.
  • You can delete your saved work, close your account (reversible), or permanently delete it (an irreversible erasure), any time.

The full policy below is what actually governs how we handle your information.

Who we are and how to reach us

Mazedly is a browser-based studio for designing, rendering, saving, and sharing mazes, operated by Sevensoft LLC (“Mazedly,” “we,” “us,” “our”), a United States limited liability company. The studio lives at mazedly.com.

This policy explains what we collect, why we collect it, who processes it on our behalf, how long we keep it, and the choices and rights you have. We built the studio to be fully usable with no account and no personal information, and to collect more only when you choose to give it.

For privacy questions, or to exercise any of the rights described below, email us at privacy@mazedly.com. For general help, use support@mazedly.com. For content or abuse reports, use abuse@mazedly.com; for copyright complaints, use copyright@mazedly.com (details are in our Copyright & DMCA Policy).

Mazedly is the controller of your information

For the personal information described in this policy, Sevensoft LLC is the data controller — the party that decides what is collected and why. Mazedly is a consumer product; we are not a data processor acting on behalf of a business customer, so there is no separate data processing agreement to sign, and no business accounts, seats, or administrators. This policy is where our obligations to you are met.

We make the decisions about the modest set of data the studio holds, and we are the point of contact for your privacy rights. Where a vendor processes data on our behalf to run the service (for example, our cloud host), we list it in the Sub-processors section below and share only what that vendor needs to do its job.

Our privacy-first posture

Mazedly is privacy-first by design, and we want to be precise about what that means so the promise is true rather than merely reassuring.

You can open Mazedly and design, save, and share mazes without telling us your name, your email, or any other identifier. We run no third-party advertising trackers and no ad pixels. We do not sell or rent personal information, and we do not build cross-site advertising profiles about you. Our engine is deterministic and algorithmic — there is no generative AI in it, and we do not train any model on the mazes or images you make.

We do measure how the site is used, so we can keep improving it — but we do so anonymously, in a way that is tied to the site and not to your identity. The Analytics section below explains exactly how, including how to opt out. Being honest about that is part of being privacy-first.

Information we collect

We keep the set of information we hold deliberately small. Here is all of it.

Anonymous session cookie. When you first use the studio, our server issues an anonymous session cookie named woven_session so it can keep your work tied to your browser — for example, so the mazes you save stay scoped to you. This cookie is first-party, HTTP-only, host-only, and sent only over HTTPS. It is a random session identifier, not an advertising identifier, and it carries no name or email. It is set to expire roughly thirty days after it is issued.

Account information (only if you sign in). Signing in is optional; anonymous use is the default. If you create an account, we store a verified email address and, where your sign-in method supplies one, a display name. Some sign-in methods do not share an email with us at all, in which case we may hold no email. We do not ask for a postal address, phone number, or date of birth. We also store which sign-in methods you have linked (for example, a passkey, or the identifier your Google, Apple, or Facebook sign-in returns) so you can sign back in.

Content you create. If you save a maze, we store the maze’s definition and rendered output, any image mask you upload to shape a maze, and the share links you generate. Anonymous saves are tied to your session; saves made while signed in are tied to your account. Uploaded mask images are re-encoded on the way in, which strips embedded metadata such as camera or location tags from the version we keep.

Generation log (operational). To operate and debug the studio, our systems keep a short technical log of maze generations — the recipe and seed used and the timestamps — keyed to your anonymous session identifier. These rows carry no name or email; if your session later becomes a signed-in account, the log for that session is associated with your account. We retain this log for about 90 days, and it is included in the erasure that a permanent account deletion performs.

Operational data. Like any web service, our infrastructure processes basic technical request data — such as IP address and browser user-agent — to deliver pages, keep the service secure and reliable, and prevent abuse. A coarse region (not a precise location) may be recorded with a passkey you enroll, to help you recognize it later.

Analytics data. We collect anonymous, aggregate usage measurements about the site itself, described in the Analytics section below. This measurement is not tied to your identity.

How we use information

We use the information above only to run Mazedly and to make it better:

  • To operate the studio and keep your saved work, masks, and share links available to you.
  • To authenticate you when you sign in, and to keep your account secure.
  • To send you service messages about your account — for example, magic-link sign-in emails and confirmations of account changes such as a deletion. These are transactional; we are not sending you marketing you did not ask for.
  • To keep the service reliable and safe: to prevent, detect, and respond to abuse, fraud, security incidents, and violations of our Terms of Use, Acceptable Use Policy, and Community & Content Guidelines.
  • To understand, in aggregate, how the site is used so we can improve it — measured anonymously, as described under Analytics.
  • To comply with the law and to handle legal requests, as described under Legal requests and law enforcement below.

We do not use your content to train models, and we do not use your personal information to build advertising profiles or to sell to anyone.

Analytics: we measure the site, not you

We want to correct something and be plain about it. Analytics on Mazedly are on by default — but they are anonymous, and they measure the site rather than the person.

What that means in practice: we use Google Analytics 4 to understand how the studio is used overall — which pages and features get used, how people move through the builder — so we can improve it. It is configured so that there is no correlation to your identity. We can see that a visitor viewed a page or generated a maze; we cannot see that a particular named user did. Advertising, remarketing, personalization, and cross-site signals are turned off. IP addresses are anonymized. We do not enable Google’s advertising or audience features, and we never sell analytics data to advertisers.

You are in control. We honor the Global Privacy Control (GPC) signal: if your browser sends GPC, we treat it as an opt-out automatically — we do not load analytics at all, and we do not even show you the cookie banner. Independently, you can opt out at any time using the banner’s opt-out control; opting out stops analytics from that point forward and is remembered so we do not ask again. The studio works exactly the same whether analytics are on or off.

We are telling you this because an earlier version of this page described analytics as opt-in and off until you turned them on. That was not accurate to how the product works, and being accurate matters more to us than sounding stricter than we are. Analytics are default-on, anonymous, opt-out — and never sold.

Cookies and similar technologies

Mazedly’s cookie footprint is small. We use two kinds of local storage, and no advertising cookies at all.

Essential session cookie. The woven_session cookie described above is required to operate the studio — it is what lets features like saving your mazes work. It is first-party, HTTP-only, host-only, HTTPS-only, and expires roughly thirty days after issuance.

Analytics storage. When analytics are active, Google Analytics 4 sets its own first-party analytics cookies to measure site usage anonymously (see Analytics above). We also store your analytics choice locally in your browser so we do not have to ask you again; if you opt out, that preference is what remembers your decision.

We do not set advertising or cross-site tracking cookies, and we run no ad pixels. You can clear cookies and local storage at any time through your browser settings; note that clearing your analytics preference may cause the banner to appear again. Because a dedicated Cookie Notice may accompany this policy, that notice — where published — carries the detailed cookie inventory and controls.

Public content and the Share / Publish choice

What you make in Mazedly is private to you until you decide to make it visible to others. You choose, per maze, and every choice is reversible.

Share. Sharing a maze creates a link. Anyone who has the link can view that maze, but it is not listed in search results, is not indexed by search engines, and is not eligible for our galleries. A share is a way to send one maze to specific people; it does not, by itself, make your maze publicly discoverable.

Publish. Publishing a maze is the deliberate, all-in choice: it makes the maze fully public on mazedly.com. A published maze can be indexed by search engines, found through search, surfaced in Mazedly’s own site search, and included in our galleries. Publishing is also the affirmative act by which you grant Mazedly the right to display, feature, and include that maze in galleries — we do not claim any promotional right by default, and simply sharing a link does not grant it. When a maze is published, your account username is shown on it by default (you can turn that attribution off in your account settings, and you can separately choose whether to show an email — email is never shown by default). Private mazes are never used, featured, or shown.

Embed. Embedding includes everything in Publish and additionally gives you an embed snippet so the published maze can be placed on other websites.

Reverting. You can make a maze private again at any time — mark it private in your saved galleries, or delete it. Unpublishing or deleting removes the public page. One thing to know: if someone has already forked (made their own copy of) a maze you published, their copy is independent and is not affected by your later unpublishing or deletion — a fork stands on its own once it is created. (The one exception is a valid copyright takedown, handled under our Copyright & DMCA Policy.)

Anonymous and free saves. If you are not signed in, or you are on the free tier, a maze you save may default to public so it can be discovered — under your username if you are signed in, never under your email. You can always change a maze’s visibility. Paid mazes default to private.

Sub-processors

We rely on a short list of vendors to run Mazedly, and we share only the data each one needs to do its job. None of them are advertising networks, and none receive data for advertising or for sale.

  • Microsoft Azure — cloud hosting and storage. Handles the application, your saved mazes and their rendered output, uploaded masks, and share data. Region: United States (primary region East US 2).
  • Azure Communication Services — account email delivery. Sends transactional email such as magic-link sign-in messages and account-change confirmations, to the address on file. Region: United States.
  • Google Analytics 4 — anonymous site analytics. Handles anonymized, aggregate usage measurement of the site (no advertising signals; see Analytics). Region: global (Google infrastructure).
  • Sign-in providers — Google, Apple, Facebook — authentication only (if you choose social sign-in). Verifies your identity and returns a basic profile (an identifier, and where available an email and display name); used only to sign you in. Region: global (provider infrastructure).
  • LemonSqueezy — payments (when paid plans launch). As Merchant of Record, processes purchases and handles billing, tax, and refunds; will receive the billing details you enter at checkout. Region: global (provider infrastructure).

Paid plans are not live yet. LemonSqueezy is listed here so this policy is ready when billing launches; until then, we hold no billing data. If you choose social sign-in, your use of that provider is also governed by the provider’s own privacy policy. We update this list as our vendors change.

Legal requests and law enforcement

We may access, preserve, and disclose information — including account information and content you have created — where we believe in good faith that doing so is necessary to comply with a law, regulation, legal process, or enforceable governmental, court, or law-enforcement request; to enforce our Terms of Use and related policies; or to protect the rights, property, or safety of Mazedly, our users, or the public. We may also, at our discretion, report information (including content) to law enforcement where we believe it is appropriate to do so. This mirrors the corresponding clause in our Terms of Use. Where we are permitted to do so, we aim to be judicious about such disclosures.

How long we keep information

We keep information only as long as it is useful for the purposes above or as the law requires.

  • Saved mazes, masks, and share links: kept for as long as the owning session or account exists, so your work stays available to you. Deleting a maze removes its share links and the mask stored with it.
  • Account information (email, display name, linked sign-in identities, enrolled passkeys): kept while your account is open. Closing your account keeps it in a suspended state so you can return; a permanent deletion erases it (see Your choices and rights).
  • Anonymous session cookie: expires roughly thirty days after issuance.
  • Generation log: retained for about 90 days, then dropped or archived; it is also erased for a session that has become a permanently deleted account.
  • In-flight sign-in requests (for example, a pending magic link): very short-lived, single-use, and then gone.
  • Transactional email: delivery runs through Azure Communication Services; we do not retain message bodies beyond that send pipeline.
  • Analytics data: retained by Google Analytics per its standard retention window (Mazedly’s setting is 14 months), in anonymized, aggregate form.

Your choices and rights

You have meaningful control over your information regardless of where you live.

Use without an account. You can keep using Mazedly anonymously and never provide personal information.

Control analytics. Opt out in the cookie banner, or send a Global Privacy Control signal, and we will not collect analytics from your visit.

Control what is public. Choose per maze whether to Share, Publish, or keep private, and change your mind at any time (see Public content and the Share / Publish choice). Manage attribution — whether your username appears on public mazes — in your account settings.

Delete your content. Delete saved mazes and revoke share links whenever you like. Deleting a maze also removes its share links and any mask stored with it.

Close or delete your account. If you have an account, you can close it — a reversible suspension that keeps your data so you can come back — or permanently delete it. A permanent deletion is an irreversible cascade: we erase your saved mazes and their masks and share links, your enrolled passkeys, any pending sign-in requests, and your account record and linked sign-in identities, and we email a confirmation to the address on file.

Access, correct, and export. Depending on where you live, you may have rights to access a copy of your personal information, correct it, or receive it in a portable form, in addition to deletion. To exercise any of these, email privacy@mazedly.com; we may need to verify your request to protect your account.

The US-specific and Europe-specific sections below add detail for residents of those places.

United States privacy rights (California and other states)

If you are a resident of California (under the CCPA, as amended by the CPRA) or of another US state with a comprehensive privacy law (such as Colorado, Connecticut, Virginia, Utah, and a growing list of others), you have specific rights, and this section is your notice at collection.

What we collect, and why. The categories we collect are described in Information we collect above: identifiers (an anonymous session identifier; and, if you sign in, an email address, display name, and sign-in identifiers); internet and device activity (technical request data such as IP address and user-agent, and anonymous analytics about site usage); the content you create (mazes, masks, share links); and our operational generation log. We collect these from you directly (what you provide and what your browser sends as you use the site) and from your chosen sign-in provider (if you use social sign-in). We use them for the business purposes described in How we use information — operating and securing the service, authenticating and communicating with you, improving the product through anonymous analytics, and legal compliance.

Who we share it with. We disclose personal information only to the sub-processors listed above, each for the limited purpose shown, and to law enforcement or other parties where the Legal requests and law enforcement section applies.

We do not sell or share your personal information. We do not sell your personal information for money or other valuable consideration, and we do not share it for cross-context behavioral advertising, as those terms are used under California and other US state laws. We run no ad networks and no ad pixels. Because we do not sell or share, there is nothing for you to opt out of on that front — but we still honor the Global Privacy Control signal as a valid opt-out preference.

Your rights. Subject to the applicable law and reasonable verification, you have the right to know and access the personal information we hold about you; to delete it; to correct inaccurate information; and to be free from discrimination for exercising any of these rights — we will not deny you service, charge a different price, or give you a lesser experience for doing so. You may use an authorized agent where the law allows.

How to exercise. Email privacy@mazedly.com. We will verify your request as appropriate (for account holders, typically by confirming control of the account email) and respond within the timeframe the law requires. If we decline a request, we will explain why, and you may appeal by replying to our response.

Europe, the UK, and Switzerland (GDPR / UK GDPR / FADP)

If you are in the European Economic Area, the United Kingdom, or Switzerland, this section applies to you and Sevensoft LLC is the controller of your personal data.

Legal bases. We process your personal data on these bases: performance of a contract, to provide the studio and run your account and its features when you sign in; our legitimate interests, to keep the service secure, reliable, and free from abuse, and to understand aggregate, anonymous usage so we can improve the product (balanced against your rights); consent, where we ask for it; and compliance with a legal obligation, where the law requires us to process or disclose data.

Your rights. Subject to the applicable law, you have the right to access your personal data; to have it corrected or erased; to restrict or object to certain processing (including processing based on our legitimate interests); to data portability; and, where we rely on consent, to withdraw that consent at any time without affecting processing already carried out. To exercise any of these, email privacy@mazedly.com.

International transfers. Mazedly is operated from the United States, and our sub-processors may process data in the United States or other countries. Where personal data is transferred out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards recognized under the applicable law — such as the European Commission’s Standard Contractual Clauses (and the UK Addendum or Swiss equivalent) — or another lawful transfer mechanism.

Complaints. You have the right to lodge a complaint with your local data protection supervisory authority (in the UK, the Information Commissioner’s Office). We would appreciate the chance to address your concern first, so please consider contacting us at privacy@mazedly.com before you do.

Security

We take reasonable technical and organizational measures to protect your information, and we reduce risk by collecting little in the first place. These measures include encryption of data in transit (HTTPS), an HTTP-only and host-only session cookie so it cannot be read by scripts or sent to other sites, support for phishing-resistant passkeys, storing sign-in tokens only as one-way hashes rather than recoverable secrets, and data minimization throughout — for example, re-encoding uploaded mask images to strip embedded metadata. No method of transmission or storage is ever completely secure, but we work to protect your data and to limit what we hold.

Children’s privacy

Mazedly is intended for people aged 13 and older, and the service is not directed to children. By using Mazedly you represent that you are at least 13 (or the minimum age of digital consent where you live). We do not ask for a date of birth, so we do not verify age; we simply do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact privacy@mazedly.com and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time, including as we complete the legal review of this draft, add features, or change vendors. When we make material changes, we will update the Effective date above and, where appropriate, give you additional notice. Your continued use of Mazedly after an update takes effect means you accept the revised policy.

Contact us

Questions about privacy, or a request to exercise your rights? Email privacy@mazedly.com. For content or abuse reports, use abuse@mazedly.com; for copyright matters, see our Copyright & DMCA Policy and copyright@mazedly.com. You can also review our Terms of Use, which incorporates this Privacy Policy, along with our Acceptable Use Policy, Copyright & DMCA Policy, and Community & Content Guidelines.

Sevensoft LLC
privacy@mazedly.com
mazedly.com