Zipd

Privacy Policy

Last updated: 2026-05-02 · Version 2026-05-02

This Privacy Policy describes how Zipd Inc.("we", "us") handles personal data when you use Zipd(the "Service").

What we collect

We collect three categories of data:

  • Account data. When you sign in with Google or Microsoft we receive your email address, name, and a stable identifier from the upstream provider. We store an opaque internal user id, your email, and (if you set one) your public handle.
  • Run data.The briefs you submit, documents you attach, the chats you have about a run, and the artifacts the Service produces. Stored under your user id, never shared with other users without your action (e.g. clicking "Publish").
  • Operational data. Cost ledger entries (per run), rate-limit decisions (anonymized to IP hash on public surfaces), and basic request logs (timestamp, route, status, your user id when authenticated).

Why we collect it

  • To operate the Service and produce the deliverables you ask for.
  • To bill you accurately and to enforce per-run and account budget caps.
  • To detect and prevent abuse — runaway spend, prompt injection, credential stuffing, content-policy violations.
  • To respond to legal requests and to enforce our Terms.

What we don't do

  • We do not sell your data. Not to advertisers, not to data brokers, not to anyone.
  • We do not train models on your data. The third-party model providers we route to (currently OpenAI, Anthropic, and Amazon Bedrock) operate under their respective API terms; we use API endpoints that those providers commit not to use for training. Verify the current commitments at the provider links in our public source.
  • We do not read your runs by default. Operators can read run data when you explicitly file a support request, when investigating a security incident or content-policy violation, or when compelled by law.

Where data is stored

Account profiles and run manifests live in DynamoDB. Generated artifacts (PDFs, DOCX, dashboards) live in S3-compatible storage. Rate-limit counters and SSE event streams live in Redis (ephemeral). All three are operated in the same AWS region; we will name the region and provider in this section before public launch.

Sharing

We share data only with:

  • Subprocessors — the language-model providers that produce the actual outputs (we send the brief, chat messages, and run context to them per request); the authentication providers that verify your identity; and the infrastructure providers that host our database, storage, and compute.
  • Authorities — when required by valid legal process. We will notify you unless prohibited by law.

Published URLs (under /@your-handle/your-slug) are public. Once you click Publish, anyone with the URL can read the deliverable until you unpublish or delete it.

How long we keep it

  • Account profile — as long as your account is active.
  • Runs and artifacts — until you delete them. Soft-deleted runs sit in a Trash for at least 30 days before they are eligible for hard deletion.
  • Cost ledger — retained for at least 12 months for billing reconciliation, then deletable on request.
  • Operational logs — retained for at most 90 days unless flagged as part of a security investigation.

Your rights

You can:

  • Access your data by signing in. Each run page shows the inputs you submitted and the outputs we stored.
  • Export your data in machine-readable form via the account-export endpoint (see the Settings → Account surface inside the Service, or email us if it is not yet available in your region).
  • Delete individual runs from the UI; they enter the Trash and become eligible for permanent removal after 30 days.
  • Close your account entirely. Email support@zipd.example; we cascade-delete your manifests, cost events, balance row, library items, and stored artifacts within 30 days, with a 7-day grace period in which a request can be reversed.

If you are in the EU/EEA, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA, including the right to lodge a complaint with a supervisory authority.

Security

We follow standard security practices: TLS in transit, encryption at rest, scoped IAM credentials per service, and rate-limited public surfaces. The agent-runtime container runs with no privileges and no platform credentials beyond what is strictly required to call its configured language-model provider. We never claim a system is unbreakable; if you find a security issue, please email support@zipd.example.

Children

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe we have, contact us and we will delete it.

Changes

We will notify you of material changes by email and via a banner in the Service. Continued use after the effective date constitutes acceptance.

Contact

Privacy questions: support@zipd.example.