ZenitZenit/Privacy Policy

Privacy Policy

Last updated: May 2026 · Effective immediately

1. Who We Are

Zenit (“we”, “us”, “our”) operates the AI marketing platform at app.zenit.ai. We are the data controller for personal information collected through the Platform. For privacy-related queries, contact us at sanjanareddych14@gmail.com.

2. Information We Collect

a) Information you provide directly:

  • Account details: name, email address, password (hashed)
  • Brand information: brand name, niche, tone, target audience, weekly goals
  • Business information: website URL, Instagram handle
  • Payment information: processed securely by Razorpay (we do not store card data)
  • Creator Marketplace profile: category, description, portfolio links, pricing

b) Information collected automatically:

  • Usage data: features accessed, content generated, credits used, session duration
  • AI token usage: model used, token counts (for cost tracking and analytics)
  • Device and browser information for security and performance
  • IP address (for fraud prevention and rate limiting)

3. How We Use Your Information

  • To operate, maintain, and improve the Platform and its AI features
  • To process subscription payments and manage your account
  • To generate AI content personalised to your Brand Brain configuration
  • To send transactional emails (receipts, password resets, plan updates)
  • To provide customer support and respond to your enquiries
  • To enforce our Terms of Service and prevent abuse
  • To analyse aggregate usage patterns and improve platform performance
  • To comply with applicable legal obligations under Indian law

We do not sell your personal data to third parties.

4. Third-Party Service Providers

We share minimum necessary data with trusted third-party processors to operate the Platform:

OpenAI

AI content generation using your brand information

Razorpay

Payment processing for subscriptions and Creator listings

Supabase

Database hosting for your account and brand data

Amazon Web Services

API hosting and server infrastructure

Vercel

Frontend hosting and content delivery

Each provider operates under their own privacy policy and applicable data protection agreements. We have data processing agreements in place with each provider where required.

5. Cookies & Session Data

We use HTTP-only session cookies to keep you securely logged in. These are essential for the Platform to function and are not used for advertising.

  • Session cookies: Maintain your login state across page loads
  • Theme preference: Stored in localStorage (light/dark mode)
  • No third-party tracking cookies are used on the Platform

You can disable cookies in your browser settings, but this will prevent you from logging in to the Platform.

6. Data Storage & Retention

Your data is stored on servers located in the United States and European Union via our infrastructure providers (Supabase, AWS, Vercel). We retain your account data for as long as your account is active.

  • Account data is retained for the lifetime of your account
  • AI-generated content and credit usage logs are retained for 12 months
  • Payment records are retained for 7 years as required by Indian financial regulations
  • After account deletion, personal data is removed within 30 days (except where legally required to retain)

7. Your Rights

Under applicable data protection laws (including the IT Act, 2000 and the Digital Personal Data Protection Act, 2023), you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and associated personal data
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your data in certain circumstances
  • Withdrawal of consent: Withdraw consent where processing is based on consent

To exercise any of these rights, email us at sanjanareddych14@gmail.com. We will respond within 30 days.

8. Children’s Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.

9. Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • HTTP-only, Secure cookies to prevent XSS attacks
  • Bcrypt password hashing
  • Role-based access control (RBAC)
  • Rate limiting on all API endpoints
  • Regular security reviews

No system is perfectly secure. Please use a strong, unique password and contact us immediately if you suspect unauthorised access to your account.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Platform. The “Last updated” date at the top of this page reflects the most recent revision.

11. Contact & Grievance Officer

For privacy-related questions, complaints, or to exercise your data rights, contact our designated Grievance Officer as required under the IT Act, 2000:

Zenit — Data Grievance Officer

Email: sanjanareddych14@gmail.com

Platform: app.zenit.ai

We aim to resolve all grievances within 30 days of receipt.