Privacy Policy
Last updated 2026-07-11
This document is provided in English.
1. Overview
This Privacy Policy explains how Zeplik, Inc. ("Zeplik", "we", "us"), 1111B S Governors Ave, Dover, DE 19904, United States, collects, uses, and shares personal data when you use the Zeplik website, applications, and related services (the "Service"). Zeplik, Inc. is the data controller for the personal data described here.
For privacy questions or requests, contact [email protected].
2. Definitions
- Personal data: any information relating to an identified or identifiable person.
- Account data: the information tied to your account, such as email address, display name, and authentication identifiers.
- Conversation data: the prompts, files, and voice input you submit and the AI output generated in response, together with related metadata such as the model used and token counts.
- Usage data: technical and analytics information about how the Service is accessed, such as device and browser type, IP address, pages viewed, and feature usage.
- Processor: a third party that processes personal data on our behalf and under our instructions.
3. Data we collect
Data you provide
- Account data when you sign up (email, name, password or sign-in provider).
- Conversation data when you chat: text prompts, attached files, voice recordings you choose to dictate or speak, and the resulting AI output.
- Settings and preferences, including memory entries you allow the Service to keep about your interests and instructions.
- Payment-related data when you subscribe. Card details are collected directly by Stripe; we receive only tokenized identifiers, card brand, last four digits, and billing status.
- Communications you send us, such as support requests.
Data collected automatically
- Usage data and device information, including IP address, browser type, locale, and timestamps.
- Service telemetry such as error logs, request identifiers, and credit consumption records.
- For visitors who are not signed in and use the limited free preview: a random identifier stored in a cookie and a hashed form of your IP address, used solely to enforce free usage limits and prevent abuse.
Data from third parties
- If you sign in with a third-party identity provider (for example Google), we receive your email address and basic profile information from that provider.
- If you connect an optional connector (for example Google Drive or GitHub), we access the data you authorize, only to provide the feature you requested.
4. How we use data
We use personal data to:
- provide, operate, and maintain the Service, including generating AI responses;
- authenticate you and keep your account secure;
- process payments, meter credit usage, and manage subscriptions;
- provide optional features you enable, such as memory, connectors, and voice;
- monitor, debug, and improve the reliability and performance of the Service;
- enforce our Terms, prevent fraud and abuse, and comply with legal obligations;
- communicate with you about the Service, including transactional emails.
Where the GDPR or similar laws apply, our legal bases are: performance of a contract (providing the Service), legitimate interests (security, abuse prevention, improvement), consent (where you enable optional features or where required), and legal obligation.
We do not sell your personal data, and we do not use your conversations to train our own or third-party foundation models.
5. AI processing of your conversations
To generate a response, your prompt and relevant conversation context are transmitted to the AI model you selected. Models are operated by third-party providers and reached through routing infrastructure (OpenRouter). These providers process your conversation data to generate the response and, per their own policies, may retain it for a limited period for abuse monitoring. We route requests without attaching your name or email; conversations are associated with internal identifiers.
If you use voice features, your audio is transmitted to a speech provider (ElevenLabs) for transcription or speech synthesis and is processed per that provider's data protection terms.
8. Retention and deletion
We keep personal data for as long as your account is active or as needed to provide the Service. Conversation data remains available in your history until you delete it or delete your account. Billing records are retained as required by tax and accounting law.
You can delete individual conversations at any time, and you can delete your account from settings. When you delete your account, your account and conversation data are deleted or irreversibly de-identified within 30 days, except for records we must keep to comply with law, resolve disputes, or enforce agreements. Backup copies are purged on a rolling schedule.
9. Security
We protect personal data with technical and organizational measures, including encryption in transit, encryption at rest for stored data, access controls, and separation between production systems. No system is completely secure; if we learn of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.
10. International transfers
We are based in the United States, and our processors may process data in the United States and other countries. Where data about persons in the EU, UK, or Switzerland is transferred to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses with our processors.
11. Your rights
Depending on where you live, you may have the right to access, correct, delete, or receive a copy of your personal data, to object to or restrict certain processing, to withdraw consent, and to lodge a complaint with your local data protection authority. US state laws may give you similar rights, including the right not to be discriminated against for exercising them.
You can exercise most rights directly in settings (export, correction, deletion). For anything else, email [email protected]. We respond within the timelines required by applicable law and may need to verify your identity before acting on a request.
12. Children
The Service is not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child under 13 has provided us personal data, contact [email protected] and we will delete it.
13. Changes and contact
We may update this Privacy Policy from time to time. For material changes we will give you notice through the Service or by email before the change takes effect. The "Last updated" date above shows the current version.
Contact: [email protected], or write to Zeplik, Inc., 1111B S Governors Ave, Dover, DE 19904, United States. Phone: +1 (838) 221-7030.