Privacy Policy
Last updated: May 2026 · Effective immediately
1. Who We Are
Zenit (“we”, “us”, “our”) operates the AI marketing platform at app.zenit.ai. We are the data controller for personal information collected through the Platform. For privacy-related queries, contact us at sanjanareddych14@gmail.com.
2. Information We Collect
a) Information you provide directly:
- Account details: name, email address, password (hashed)
- Brand information: brand name, niche, tone, target audience, weekly goals
- Business information: website URL, Instagram handle
- Payment information: processed securely by Razorpay (we do not store card data)
- Creator Marketplace profile: category, description, portfolio links, pricing
b) Information collected automatically:
- Usage data: features accessed, content generated, credits used, session duration
- AI token usage: model used, token counts (for cost tracking and analytics)
- Device and browser information for security and performance
- IP address (for fraud prevention and rate limiting)
3. How We Use Your Information
- To operate, maintain, and improve the Platform and its AI features
- To process subscription payments and manage your account
- To generate AI content personalised to your Brand Brain configuration
- To send transactional emails (receipts, password resets, plan updates)
- To provide customer support and respond to your enquiries
- To enforce our Terms of Service and prevent abuse
- To analyse aggregate usage patterns and improve platform performance
- To comply with applicable legal obligations under Indian law
We do not sell your personal data to third parties.
4. Third-Party Service Providers
We share minimum necessary data with trusted third-party processors to operate the Platform:
OpenAI
AI content generation using your brand information
Razorpay
Payment processing for subscriptions and Creator listings
Supabase
Database hosting for your account and brand data
Amazon Web Services
API hosting and server infrastructure
Vercel
Frontend hosting and content delivery
Each provider operates under their own privacy policy and applicable data protection agreements. We have data processing agreements in place with each provider where required.
5. Cookies & Session Data
We use HTTP-only session cookies to keep you securely logged in. These are essential for the Platform to function and are not used for advertising.
- Session cookies: Maintain your login state across page loads
- Theme preference: Stored in localStorage (light/dark mode)
- No third-party tracking cookies are used on the Platform
You can disable cookies in your browser settings, but this will prevent you from logging in to the Platform.
6. Data Storage & Retention
Your data is stored on servers located in the United States and European Union via our infrastructure providers (Supabase, AWS, Vercel). We retain your account data for as long as your account is active.
- Account data is retained for the lifetime of your account
- AI-generated content and credit usage logs are retained for 12 months
- Payment records are retained for 7 years as required by Indian financial regulations
- After account deletion, personal data is removed within 30 days (except where legally required to retain)
7. Your Rights
Under applicable data protection laws (including the IT Act, 2000 and the Digital Personal Data Protection Act, 2023), you have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your account and associated personal data
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to processing of your data in certain circumstances
- Withdrawal of consent: Withdraw consent where processing is based on consent
To exercise any of these rights, email us at sanjanareddych14@gmail.com. We will respond within 30 days.
8. Children’s Privacy
The Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.
9. Security
We implement industry-standard security measures including:
- HTTPS encryption for all data in transit
- HTTP-only, Secure cookies to prevent XSS attacks
- Bcrypt password hashing
- Role-based access control (RBAC)
- Rate limiting on all API endpoints
- Regular security reviews
No system is perfectly secure. Please use a strong, unique password and contact us immediately if you suspect unauthorised access to your account.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Platform. The “Last updated” date at the top of this page reflects the most recent revision.
11. Contact & Grievance Officer
For privacy-related questions, complaints, or to exercise your data rights, contact our designated Grievance Officer as required under the IT Act, 2000:
Zenit — Data Grievance Officer
Email: sanjanareddych14@gmail.com
Platform: app.zenit.ai
We aim to resolve all grievances within 30 days of receipt.