Privacy Policy
This Privacy Policy explains how Zvario collects, uses, discloses, and protects information when you use zvario.com and related services (the "Service"). It also describes your rights and choices.
By using the Service, you acknowledge that you have read and understand this Privacy Policy.
1. Who We Are
The Service is operated by Zvario LLC, a South Dakota limited liability company.
Contact: [email protected]
2. Information We Collect
2.1 Information You Provide
We collect information you provide directly to us, including:
- Account information: email address and password (password is stored as a cryptographic hash, not in plain text).
- Brand profile information: company/business name, website URL, tagline, business description, products/services list, target audiences, tone and marketing goal. Changes to your brand profile (such as updates to your website URL or business description) are logged for administrative and policy enforcement purposes.
- Generation request information: topics and any other content you submit for a generation request, including any URLs you provide.
- Communications: information you include if you contact us (e.g., support requests).
2.2 Information Collected Automatically
When you use the Service, we automatically collect certain information:
- Server and security logs: IP address, browser type, operating system, pages viewed, referring/exit pages, timestamps, and diagnostic data. We use this for security, abuse prevention, and debugging.
- Timezone: your timezone as detected by your browser, stored for display and scheduling purposes.
- Cookies and similar technologies: we use an authentication cookie (or similar session mechanism) to keep you logged in and maintain your session. We do not use advertising cookies or third-party analytics cookies for cross-site behavioral tracking.
2.3 Information We Do Not Intentionally Collect
We do not intentionally collect:
- Social media account credentials (except as described in Section 6 regarding optional social media integrations)
- Precise location data (beyond what may be inferred from IP address)
- Device fingerprinting identifiers (for advertising/tracking purposes)
Payments: payment details (such as card numbers) are handled by our billing provider as described in Section 6.
3. How We Use Information
We use information for the following purposes:
- Provide and operate the Service: generate Outputs tailored to your brand profile and deliver them to you.
- Account authentication and management: login, session management, account recovery, and account administration.
- Service communications: transactional emails, delivery of generated content, account notices, and important administrative messages.
- Support: respond to questions and provide customer support.
- Security and abuse prevention: monitor, detect, investigate, and prevent fraud, unauthorized access, spam, and misuse. This includes enforcing brand profile change policies and detecting usage patterns inconsistent with single-entity use.
- Service improvement: evaluate performance and improve the Service using aggregated and de-identified usage metrics where feasible.
- Legal and compliance: comply with legal obligations and enforce our Terms of Use and policies.
No selling / advertising profiling: We do not sell personal information to third parties, and we do not use your information for behavioral advertising or to build third-party marketing profiles.
No training on brand-specific data (Zvario): We do not use your brand profile information or generation request content to train Zvario models.
4. Content Generation Data Practices
The Service generates content (including carousel slides/images, branded graphics, thought leadership text posts, captions, and hashtags) using your Inputs.
- Output storage and availability: To improve reliability and access (including in cases where email delivery is delayed or filtered), Outputs (including images, files, and text) may be stored and made available in your dashboard for up to seven (7) days after generation. After this period, Outputs may no longer be available for download or viewing. Outputs may be retained for up to thirty (30) days for operational, customer support, and troubleshooting purposes before being deleted or de-identified where feasible.
- Inputs for troubleshooting: Inputs associated with a generation request (including topics and brand context) may be retained for up to thirty (30) days for troubleshooting and support.
- Operational metadata: we may retain limited metadata and logs related to generation requests (e.g., timestamps, request identifiers, success/failure status, rate-limiting events) for security, troubleshooting, billing administration, and service integrity.
- Brand profile: your brand profile remains stored while your account is active so we can generate personalized Outputs.
5. Legal Bases for Processing (EU/UK and Similar Jurisdictions)
If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a lawful basis, we process your personal information under one or more of the following bases:
- Contract necessity: to provide the Service and perform our contract with you (e.g., generating and delivering content, maintaining your account).
- Legitimate interests: to secure and improve the Service, prevent abuse, and maintain reliability (balanced against your rights).
- Legal obligation: to comply with applicable laws and lawful requests.
- Consent: in limited situations where consent is required by law (for example, certain cookie uses in some jurisdictions). Where we rely on consent, you may withdraw it at any time as described in Section 9.
6. Third-Party Services and Subprocessors
We use third-party service providers ("subprocessors") to help operate the Service. Depending on how you use the Service, we may share certain information with these providers to provide functionality.
AI Providers (content generation): we may send generation request data (topics and relevant brand context) to one or more AI providers to generate text and/or content used in Outputs, such as:
- Anthropic (Claude API)
- OpenAI (GPT API)
- Google (Gemini API)
Image generation (carousel images and branded graphics): we may use image-generation providers to generate images for Outputs, including Stable Diffusion-based services. We may share generation prompts and relevant brand context as needed to produce the images. For image generation, we currently use a Stable Diffusion API through a third-party provider, and we may change image-generation providers or models over time. Our provider selection and generation methods may evolve as part of how we deliver and improve the Service.
Email delivery provider: we share your email address and generated content to deliver Outputs and transactional emails.
Billing provider (Merchant of Record): payments are processed by our designated Merchant of Record. We do not store your card number. We may receive subscription status and related billing metadata (e.g., plan type, renewal status, transaction identifiers) needed to manage access.
Social media platforms (optional integrations): the Service may include optional integrations with third-party social media platforms such as LinkedIn, Instagram, Facebook, and X. If you choose to connect a social media account:
- We collect limited account identifiers (such as profile ID and display name) needed to facilitate posting on your behalf.
- Access tokens are stored securely and are used only to post content you initiate through the Service.
- We do not read, store, or analyze your social media feed, contacts, messages, or other account content.
- You may revoke access and disconnect any connected account at any time through your dashboard or by contacting [email protected].
Provider terms and retention: these third parties process data under their own terms and privacy practices and any contractual or technical controls we have in place. We share only what is reasonably necessary to provide the Service.
Changes to subprocessors: we may update our service providers over time. If we make material changes to how we share or process personal information, we will update this Privacy Policy and provide notice where required by law.
7. Data Storage, Security, and Safeguards
We use reasonable administrative, technical, and organizational measures designed to protect information, including:
- Passwords stored as cryptographic hashes
- Encryption in transit via HTTPS/TLS
- Access controls limiting production access to authorized personnel
- Social media access tokens stored with encryption at rest
No security method is perfect. We cannot guarantee absolute security.
8. Data Retention
We retain information as follows (unless a longer period is required by law, accounting, or dispute resolution):
| Data | Retention Period |
|---|---|
| Active account data (including brand profile) | Retained while your account is active |
| Brand profile change history | Retained while your account is active; deleted on account deletion |
| Cancelled account data | Retained up to 90 days after cancellation to support reactivation, support requests, and operational needs, then deleted or de-identified where feasible |
| Terminated account data (for policy violations) | Deleted within 30 days unless required for legal compliance or dispute resolution |
| Server/security logs | Retained up to 90 days |
| Outputs (user-facing availability) | Available in your dashboard for up to seven (7) days after generation |
| Outputs and Inputs (operational retention) | Retained up to thirty (30) days for operational, support, and troubleshooting purposes, then deleted or de-identified where feasible |
| Social media access tokens | Retained while the integration is connected; deleted promptly upon disconnection or account deletion |
You may request deletion as described in Section 9.
9. Your Rights and Choices
Depending on your location, you may have the right to:
- Access: request a copy of the personal information we hold about you.
- Correction: update or correct certain information through your dashboard or by contacting us.
- Deletion: request deletion of your account and associated personal information (handled on a best-effort basis subject to legal and operational requirements, including security, fraud prevention, dispute resolution, and backup retention).
- Data portability: request your data in a portable format.
- Objection / restriction (EEA/UK): object to or request restriction of certain processing.
- Withdraw consent: where we rely on consent, you can withdraw it at any time.
To exercise these rights, email [email protected]. We will respond within 30 days, subject to legal requirements and verification of your request.
Complaints (EEA/UK): you may also have the right to lodge a complaint with your local data protection authority.
10. International Data Transfers
Zvario is based in the United States. Your information may be processed in the United States and other countries where we or our service providers operate.
Where required by law (including for EEA/UK transfers), we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms, and we take reasonable steps designed to protect information regardless of processing location.
11. Cookies and "Do Not Track"
We use an authentication cookie or similar technology required to operate the Service (e.g., to keep you logged in). We do not use cross-site tracking cookies for behavioral advertising.
The Service does not respond to "Do Not Track" signals. We do not engage in cross-site behavioral advertising.
12. Children's Privacy
The Service is not intended for anyone under 18. We do not knowingly collect personal information from individuals under 18. If we learn we have collected such information, we will delete it promptly.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice via email and/or through the Service. Your continued use of the Service after the effective date of an updated policy constitutes acceptance of the updated policy.
14. Contact
For privacy questions or requests, contact:
- Email: [email protected]
- Entity: Zvario LLC, South Dakota