Privacy Policy

ZephyrCode Labs ("we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect when you use our AI coding assistant platform (the "Service"), how we use it, and the choices you have regarding your data. We are transparent about our practices and design our systems to collect the minimum data necessary to provide the Service. We never sell your personal data to third parties — this is a foundational principle of how we operate.

We collect the following categories of data: (a) Account Information — your name and email address, obtained via OAuth through Google or GitHub when you sign in; (b) Conversation Content — your prompts and the AI's responses, which are stored locally in your browser's localStorage and never transmitted to our servers except during active AI generation requests; (c) Voice Cloning Data — audio you upload for voice cloning is processed in real-time and is NOT stored on our servers after processing completes; (d) Usage Telemetry — anonymized, aggregate metrics about feature usage, performance, and errors, used to improve the Service; (e) Technical Data — IP address, browser type, and device information, collected automatically when you access the Service.

We use your data to: (a) authenticate your identity and manage your account; (b) process your AI generation requests and return responses; (c) provide team (guild) collaboration features; (d) maintain your conversation history (in your browser, not our servers); (e) generate anonymous leaderboard statistics for guild competition; (f) detect, prevent, and address technical issues, fraud, and abuse; (g) improve our models, features, and user experience based on aggregate, de-identified usage patterns; and (h) comply with our legal obligations. We do NOT use your conversation content to train AI models — your code and prompts remain private to your session.

We do NOT sell, rent, or trade your personal data. We share data only in these limited circumstances: (a) AI Inference Providers — your prompts are transmitted to our LLM inference partners during active generation requests to produce AI responses; these partners are contractually prohibited from using your data for training; (b) Authentication Providers — Google and GitHub receive authentication requests when you sign in via OAuth, under their respective privacy policies; (c) Infrastructure Providers — cloud hosting and CDN providers process your requests to deliver the Service; (d) Legal Compliance — we may disclose data when required by law, court order, or government regulation, or to protect our rights, property, or safety. A complete list of sub-processors is available on request.

We implement industry-standard security measures to protect your data, including: (a) HTTPS/TLS encryption for all data in transit; (b) OAuth 2.0 with PKCE for authentication, avoiding the storage of passwords; (c) JWT-based session management with 30-day expiry; (d) rate limiting and abuse detection on all API endpoints; (e) regular security reviews and dependency updates; (f) strict access controls limiting internal access to production systems. However, no system is 100% secure. We cannot guarantee the absolute security of your data, and you acknowledge that you provide information to us at your own risk. If we become aware of a security breach, we will notify affected users within 72 hours in accordance with applicable regulations.

We retain your data only as long as necessary to provide the Service: (a) Conversation content is stored in your browser's localStorage and is deleted when you clear browser data or sign out (for guest accounts); (b) Account information is retained while your account is active and for 30 days after account deletion (to allow for recovery); (c) Voice cloning audio is processed in real-time and deleted immediately after processing — we do not store voice samples; (d) Anonymized telemetry may be retained indefinitely in aggregate form, as it cannot be linked back to you; (e) Server logs are retained for 90 days for security and debugging purposes, then automatically purged.

Depending on your jurisdiction (GDPR, CCPA, and similar regulations), you may have the right to: (a) Access — request a copy of the personal data we hold about you; (b) Rectification — request correction of inaccurate or incomplete data; (c) Deletion — request that we delete your personal data ("right to be forgotten"); (d) Restriction — request that we limit the processing of your data; (e) Portability — request your data in a structured, machine-readable format; (f) Objection — object to certain types of processing; (g) Withdrawal — withdraw consent to data processing at any time. To exercise any of these rights, contact us at hackerkk826@gmail.com. We will respond to verified requests within 30 days.

ZephyrCode Labs operates globally, and your data may be processed in countries other than your own. When we transfer your data across borders, we take steps to ensure it receives the same level of protection as in your home jurisdiction. For transfers from the European Economic Area (EEA) and United Kingdom, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other valid transfer mechanisms. By using the Service, you acknowledge that your data may be transferred to and processed in countries with data protection laws that differ from those in your jurisdiction.

The Service is not directed to children under the age of 13 (or the minimum age required for digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete that information and terminate the account. If you are a parent or guardian and believe your child has provided us with information, please contact us immediately at hackerkk826@gmail.com so we can take appropriate action. Children aged 13-17 may use the Service only with the consent of a parent or legal guardian.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at hackerkk826@gmail.com. Our Data Protection Officer (or designated privacy contact) will respond to your inquiry within 30 days. We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this page periodically to stay informed about how we protect your data.