Privacy Policy

Account Information

• Email address (used for account identification and communications)
• Name (if provided)
• Account preferences and settings
• Authentication data (passwords are securely hashed)

Payment Information

• Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full payment card details.
• We retain: transaction IDs, purchase amounts, and timestamps
• Billing address (for tax calculation purposes)

Usage Information

• API request logs (model used, token counts, timestamps)
• Credit transaction history
• Device information (for authorized device management)
• IP addresses (for security and fraud prevention)

Code and Prompts

We do not permanently store the content of your code or prompts. Request content is processed in real-time and not retained after the response is delivered. Only metadata (timestamps, token counts, model used) is logged for billing and service improvement purposes.

We use collected information for the following purposes:

• Service Delivery: Processing your AI requests, managing your account, and providing customer support
• Billing: Processing payments, calculating taxes, and maintaining financial records as required by law
• Communications: Sending transaction receipts, service updates, and account notifications (you may opt out of marketing communications)
• Security: Detecting and preventing fraud, unauthorized access, and abuse of our services
• Improvement: Analyzing aggregate usage patterns to improve our service (never using individual code content)
• Legal Compliance: Meeting our obligations under applicable laws and regulations

We retain your personal information for the following periods:

Under PIPEDA, GDPR, and other applicable privacy laws, you have the following rights regarding your personal information:

Right to Access

You can request a copy of all personal data we hold about you. We will provide this information in a commonly used, machine-readable format (JSON or CSV) within 30 days of your request.

Right to Data Portability

You can export your data at any time through your account dashboard. This includes your usage history, transaction records, and account information.

Right to Rectification

You can update or correct your account information at any time through your account settings.

Right to Deletion

You can request deletion of your account and associated personal data. Please note:

• Financial records must be retained for 7 years due to legal requirements
• Deletion requests are processed within 30 days
• Account deletion is irreversible and any remaining credit balance will be forfeited

Right to Object

You can opt out of marketing communications at any time by clicking the unsubscribe link in any email or updating your preferences in your account settings.

We implement appropriate technical and organizational measures to protect your personal information:

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Payment processing is PCI-DSS compliant through our partner Stripe
• Regular security audits and penetration testing
• Access controls and authentication for all systems
• Employee training on data protection practices

We use the following third-party services that may process your data:

• Stripe — Payment processing (Privacy Policy)
• Resend — Email delivery (Privacy Policy)
• AI Model Providers — Your prompts are sent to AI providers (OpenAI, Anthropic, Google, etc.) for processing. These providers have their own privacy policies regarding data handling.

We use industry-standard cloud infrastructure providers for hosting and data storage. All providers are bound by data processing agreements and contractual obligations to protect your data.

We do not sell your personal information to third parties.

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected.
• Right to Delete: You can request deletion of your personal information (subject to legal retention requirements).
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Do Not Sell: We do not sell personal information. If this ever changes, we will provide an opt-out mechanism.

Zoo Code is operated from Canada. If you are accessing our services from outside Canada:

• Your data may be transferred to and processed in Canada or the United States
• We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required
• Canada has been recognized by the European Commission as providing adequate data protection

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page
• Sending an email notification for significant changes
• Updating the "Effective Date" at the top of this policy

We encourage you to review this policy periodically for any updates.

For questions or concerns about this Privacy Policy or our data practices:

• Privacy inquiries: privacy@zoocode.dev
• General support: support@zoocode.dev
• Response time: Within 30 days for privacy-related requests

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority:

• Canada: Office of the Privacy Commissioner of Canada
• EU: Your local supervisory authority
• UK: Information Commissioner's Office (ICO)