Privacy Policy

This Privacy Policy explains how Zellige AI Labs ("Zellige", "we", "us", or "our") collects, uses, and shares information when you use our website, AI chat product, APIs, and related services (the "Services"). We designed the Services to collect only what we need to operate them well.

1. Information We Collect

Information you provide

• Account information: your name, email address, password (hashed), and, where applicable, information from your third-party sign-in provider (Google, GitHub, etc.).
• Chat content: the prompts, files, and images you submit; the conversations you create; titles and metadata you associate with them.
• Billing information: if you subscribe to a paid plan, our payment processor (such as Stripe) collects your payment details. We receive limited information (the last four digits of your card, billing status, plan) but not full card numbers.
• Communications: if you contact us (support, feedback, legal requests), we receive the content of your message and any attachments.

Information collected automatically

• Usage data: token counts, request volume, model selected, timestamps, error codes, feature interactions. We use this for rate limiting, billing, and reliability.
• Device and connection data: IP address, browser type, operating system, general location (country or region, derived from IP), and session identifiers.
• Cookies and similar technologies: we use essential cookies to keep you signed in and remember preferences. We may use privacy-friendly analytics (such as Plausible or Fathom) that do not track you across sites.

Information from third parties

If you sign in through a third-party provider, we receive the information that provider shares according to your privacy settings (typically: email, name, avatar). Our payment processor shares limited billing information as described above.

2. How We Use Information

• Provide the Services: authenticate you, process your chat requests, store your conversation history, display your account and usage.
• Billing and compliance: process payments, prevent fraud, meet tax and accounting obligations.
• Security and abuse prevention: detect and respond to attacks, rate abuse, or terms violations.
• Service reliability and quality: monitor errors, measure latency, diagnose outages. We use aggregated, de-identified signals where possible.
• Communications: send transactional messages (sign-up confirmations, security alerts, billing receipts). We send marketing messages only with your consent, and you can unsubscribe at any time.
• Legal compliance: respond to lawful requests, enforce our Terms, and protect rights.

What we do not do

We do not sell your personal information. We do not use your chat content to train our foundation models unless you explicitly opt in. We do not share your conversation history with third parties for their own marketing.

3. How We Share Information

We share information only in these cases:

• Service providers: we use vendors to help us operate (authentication, payment processing, model hosting infrastructure, email delivery, error monitoring, analytics). They receive only the information they need, process it on our behalf, and are bound by confidentiality and data protection commitments.
• Legal and safety: we may disclose information to comply with a lawful subpoena, court order, or other legal process; to protect our rights, property, and users; or to prevent serious harm.
• Corporate events: if we are involved in a merger, acquisition, or asset sale, information may be transferred as part of that transaction, subject to continued privacy protection.
• With your consent: for anything else, we ask first.

4. Data Retention

We retain your account and conversation history for as long as your account is active. If you delete a conversation, it is removed from our active systems within a reasonable period (typically 30 days) and from backups within 90 days. If you delete your account, we delete or anonymize your personal information except where retention is required for legal, accounting, or security reasons (for example: financial records, fraud prevention).

Aggregated or de-identified data that no longer identifies you may be retained indefinitely.

5. Your Rights

Depending on your location, you may have the following rights:

• Access: see what personal information we hold about you.
• Correction: fix inaccurate information.
• Deletion: ask us to delete your information, subject to legal retention requirements.
• Portability: receive a copy of your information in a portable format.
• Objection and restriction: object to or restrict certain processing.
• Consent withdrawal: withdraw consent for processing based on consent.
• Opt-out of "sale" or "sharing": although we do not sell personal information, you may opt out at any time.
• Non-discrimination: we will not discriminate against you for exercising these rights.

To exercise any of these, email privacy@zellige.ai. We will verify your identity (reasonably, without excessive burden) and respond within the timeframe required by applicable law. You can also manage much of this directly from your account settings.

U.S. residents (CCPA/CPRA)

California residents and residents of other U.S. states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Utah, and others) have the rights listed above. You may designate an authorized agent to act on your behalf. We do not use or disclose "sensitive personal information" for purposes that would require an opt-out right under the CPRA.

EEA, UK, and Switzerland (GDPR/UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, our lawful bases for processing are:

• Contract: to provide the Services you requested.
• Legitimate interests: to secure the Services, prevent abuse, and improve reliability — balanced against your interests.
• Legal obligation: to comply with laws.
• Consent: for optional processing (such as marketing emails or model training opt-in).

You have the right to lodge a complaint with your local data protection authority. We transfer data internationally using appropriate safeguards (such as Standard Contractual Clauses) where required.

6. Security

We use industry-standard safeguards: encryption in transit (TLS), encryption at rest for sensitive data, access controls, audit logging, and regular security reviews. No system is perfectly secure — you should use a strong, unique password and enable multi-factor authentication if your provider supports it.

If we become aware of a breach that affects your personal information, we will notify you as required by applicable law.

7. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with information, contact us and we will delete it. Users between 13 and 18 should have a parent or legal guardian's permission to use the Services.

8. International Users

Zellige is operated from the United States. If you access the Services from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or in other countries where our service providers operate. We use appropriate safeguards for international transfers.

9. Cookies and Tracking

We use cookies and similar technologies for authentication, security, preferences, and privacy-friendly analytics. You can control cookies through your browser settings, but disabling essential cookies may prevent the Services from working correctly. We honor Global Privacy Control (GPC) signals where applicable.

10. Changes to This Policy

We may update this Privacy Policy. For material changes, we will provide notice (updated effective date and, where appropriate, in-product or email notification). Your continued use after changes take effect constitutes acceptance of the updated Policy.

11. Contact

Privacy questions or requests? Email privacy@zellige.ai.