Legal
Privacy Policy
Last updated: June 29, 2026 · Effective immediately
Short version: We collect only what we need to run ZyAI. We never sell your data. We never share it with advertisers. Your conversations are yours.
01
Information We Collect
We collect information in the following categories:
Account Information
- Email address (required to create an account)
- Password — stored only as a SHA-256 hash, never in plain text
- Account creation date
Usage Data
- Chat messages you send to ZyAI (stored only if you are logged in)
- Number of chats today and total (for rate limiting and your stats)
- API request counts (for rate limiting)
Payment Data
- Blockchain transaction hashes you submit for subscription verification
- We do not collect credit card numbers, wallet private keys, or any sensitive financial data
Files You Upload
- Files you attach to chat (PDF, Word, Excel, code, etc.) are processed in memory to answer your question
- File contents are not permanently stored — they exist only for the duration of the API call
What We Do NOT Collect
✗ IP addresses
✗ Browser fingerprints
✗ Location data
✗ Device identifiers
✗ Advertising IDs
✗ Browsing history
02
How We Use Your Information
We use the information we collect exclusively to:
- Authenticate you and keep your account secure
- Save and restore your chat history across sessions (logged-in users only)
- Enforce fair-use rate limits on chat and API usage
- Verify subscription payments via on-chain transaction data
- Display your usage statistics in your account dashboard
- Respond to support requests you send us
We do not use your data to train AI models, build advertising profiles, or share information with third-party marketers.
03
Data Storage & Security
All user data is stored in Cloudflare D1 — a serverless SQLite database operated by Cloudflare, Inc. on infrastructure distributed globally.
- Passwords are hashed with SHA-256 before storage — we cannot recover your password
- API keys are randomly generated 48-character hex strings prefixed with
zyai_
- All traffic between your browser and ZyAI is encrypted via HTTPS/TLS
- We do not operate our own servers — ZyAI runs entirely on Cloudflare Workers edge infrastructure
While we implement strong security practices, no system is 100% immune to breaches. In the unlikely event of a data breach affecting your account, we will notify you via email within 72 hours of discovery.
04
Third-Party Services
ZyAI routes your questions through AI providers to generate responses. Your message content may be processed by:
We do not pass your account email, name, or any identifying information to AI providers. Only your message text and attached file content are forwarded.
We also use Google Fonts to load the Inter typeface. Google may log your IP address when fonts are served. You can review Google's Privacy Policy for details.
05
Chrome Extension
The ZyAI Chrome Extension is designed with privacy as a default:
- ✓ Does not read or collect your browsing history
- ✓ Does not track which websites you visit
- ✓ Only sends text you explicitly select and submit to ZyAI
- ✓ Stores only your theme preference locally in your browser via
localStorage
- ✓ Does not share any data with third parties beyond what the main ZyAI service uses
- ✓ Requests only the minimum permissions required to function
06
Your Rights
You have the following rights regarding your personal data:
- Access: You can view your account email, join date, and usage statistics in your account dashboard at any time.
- Deletion: You may request deletion of your account and all associated data by emailing privacy@zyai.org. We will process your request within 30 days.
- Portability: You may request an export of your chat history and account data in JSON format.
- Correction: If your data is inaccurate, you may request a correction by contacting us.
- Opt-out: You may use ZyAI without creating an account. Guest usage does not store any personal data.
If you are located in the European Economic Area (EEA), United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or CCPA respectively. Contact us at privacy@zyai.org to exercise any of these rights.
07
Cookies & Tracking
ZyAI does not use cookies.
We use localStorage in your browser to remember:
- Your theme preference (dark/light)
- Your selected language
- Your preferred AI model
- Your login session (stored as JSON, never transmitted to third parties)
This data lives only in your browser and is never sent to our servers except as part of normal API authentication. You can clear it at any time by clearing your browser's site data for zyai.org.
We do not use analytics trackers, pixel tags, or third-party tracking scripts.
08
Data Retention
- Chat history: Retained as long as your account is active. Deleted upon account deletion request.
- Account data: Retained until you request deletion.
- API keys: Retained until you request deletion or regeneration.
- Subscription records: Retained for 3 years for accounting and fraud prevention purposes.
- File uploads: Not retained — processed in memory only.
09
Children's Privacy
ZyAI is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete it immediately. If you believe a child has provided us with their information, please contact us at privacy@zyai.org.
10
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Post the revised policy at zyai.org/privacy
- Where required by law, notify registered users by email
Your continued use of ZyAI after a policy update constitutes your acceptance of the revised terms. We encourage you to review this page periodically.
11
Contact Us
For privacy-related questions, requests, or concerns:
We are committed to resolving privacy concerns promptly and transparently.
12
AI Training Data
ZyAI is actively building its own AI model. With your consent, anonymized conversation data may be used to train ZyAI models. You can opt out at any time from Settings → Capabilities → Data & Privacy.
- Uploaded files are never stored or used for training
- Guest sessions are excluded
- Opted-out accounts are fully excluded
- Request deletion: privacy@zyai.org