Privacy Policy

Last updated: May 1, 2026

This Privacy Policy explains how [YOUR BUSINESS NAME] (“we”, “us”) collects, uses, and protects information when you use Zivro (the “Service”).

1. Data we collect

We collect only what is needed to operate the Service:

  • Account information: email address and (optionally) name and avatar from Google Sign-In, when you create an account.
  • Plan and usage data: which plan you purchased, when, the number of AI requests you have made in the current 30-day period, and your payment status.
  • Prompts and outputs: the text prompts you submit and the responses the AI providers return. Optionally stored as chat history if you enable that setting.
  • Contact form submissions: name, email, message type, and message text when you fill out our contact form.
  • Technical data: standard server logs (IP address, user-agent, timestamps) used for security and abuse prevention. Retained for up to 30 days.

We do not collect payment card details. Card data is handled exclusively by SafePay; we receive only a payment confirmation token and status.

2. How we use your data

  • To create and authenticate your account.
  • To process your payments and grant access to the plan you purchased.
  • To forward your prompts to the AI provider you selected and return their response to you.
  • To send you service-related emails (payment confirmations, expiry reminders, security alerts).
  • To respond to your contact-form messages and support requests.
  • To detect, prevent, and respond to fraud, abuse, or violations of our Terms.

3. Third parties we share data with

We share the minimum data necessary with the following service providers:

  • Supabase — stores your account, plan, and (if enabled) chat history. Hosted in the EU/US. supabase.com/privacy
  • SafePay — processes your payments. Receives your email and a randomly generated user identifier. getsafepay.com/privacy
  • Resend — delivers our outbound emails (payment receipts, contact form forwards). resend.com privacy
  • AI model providers — when you submit a prompt, the prompt text is sent to the provider you chose (OpenAI, Google, Anthropic, DeepSeek, or Perplexity). Each provider has its own privacy policy and data-retention practice. We do not control how those providers store or use the data you send them. Review each provider’s policy before submitting sensitive content.

We do not sell your personal data to anyone, ever. We do not use your data to train AI models.

4. Data retention

  • Account data: retained while your account is active, plus 90 days after deletion.
  • Plan and usage data: retained for 7 years for tax and accounting purposes.
  • Chat history: retained until you delete it, or your account, whichever comes first.
  • Server logs: 30 days.

5. Your rights

You may, at any time, request:

  • Access to a copy of the data we hold about you;
  • Correction of inaccurate data;
  • Deletion of your account and personal data (subject to legal retention obligations);
  • Export of your data in a portable format.

Email [YOUR CONTACT EMAIL] with the subject line “Data Request”. We respond within 30 days.

6. Security

We use TLS for all data in transit and rely on Supabase’s row-level security to ensure that one user’s data cannot be accessed by another. Passwords are not stored by us; authentication is delegated to Supabase Auth. Despite reasonable safeguards, no system is perfectly secure. If we become aware of a breach affecting your data, we will notify you within 72 hours of confirming the incident.

7. Children

The Service is not directed at children under 18 and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

8. International users

Zivro is operated from Pakistan. Data may be processed by service providers located outside Pakistan (e.g. Supabase regions in the EU/US). By using the Service, you consent to such processing.

9. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or in-app notice at least 30 days before they take effect.

10. Contact

Questions about your privacy or this Policy? Email [YOUR CONTACT EMAIL] or write to [YOUR REGISTERED ADDRESS].