Privacy Policy

Last updated: March 21, 2026

1. Information We Collect

When you use Zebrafy, we collect:

  • Account information: Email address and authentication data via Clerk.
  • Brand data: Business names, URLs, brand voice preferences, and content you generate or score.
  • Usage data: Generation counts, score history, platform usage, and feature interactions.
  • Social connections: OAuth tokens for connected platforms (encrypted at rest). We never post on your behalf without your action.
  • Payment information: Processed securely by Stripe. We never store your credit card details.

2. How We Use Your Data

  • To provide and improve the Zebrafy service.
  • To generate on-brand content and score your writing using AI.
  • To build and refine your Brand DNA through the learning loop.
  • To process payments and manage your subscription.
  • To send transactional emails (account, billing, security).
  • To prevent abuse, fraud, and enforce rate limits.

3. Data Sharing

We do not sell your personal data. We share data only with:

  • Clerk: Authentication and user management.
  • Stripe: Payment processing.
  • Perplexity AI: Content generation and scoring (your brand context is sent to generate responses; no personally identifiable information is shared).
  • Railway: Hosting infrastructure.

4. Data Security

We take security seriously:

  • Social OAuth tokens are encrypted at rest using AES-256-GCM.
  • API keys are stored as salted hashes, never in plain text.
  • All traffic is encrypted via HTTPS with HSTS enabled.
  • We use Content Security Policy, rate limiting, and abuse detection.
  • Database access is restricted and credentials are never exposed client-side.

5. Data Retention

  • Unapproved generations are deleted after 90 days.
  • All generations (including approved) are deleted after 365 days.
  • Brand scores are deleted after 180 days.
  • Revoked API keys are deleted after 30 days.
  • Disconnected social connections are deleted after 90 days.
  • You can delete your account at any time via Clerk, which cascades to all your data.

6. Your Rights

You have the right to:

  • Access, correct, or delete your personal data.
  • Export your brand profiles and generation history.
  • Disconnect social accounts at any time.
  • Cancel your subscription and delete your account.

7. Cookies

We use essential cookies only for authentication (Clerk session) and OAuth state management. We do not use tracking or advertising cookies.

8. Changes

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.

9. Contact

Questions about privacy? Email us at hello@getzebrafy.com.