Privacy Policy

ZenonAI ("we", "us", or "our") operates the website zenon.ai and provides the open-source AI agent Samantha. This Privacy Policy explains what information we collect when you visit our website, create an account, subscribe, or make a donation, how we use it, and your rights regarding that information.

Samantha itself runs entirely on your local machine. We have no access to your conversations, voice data, files, or any other information processed by the agent software.

2.1 Information you provide directly

• Account information — when you sign up, we collect details such as your email address and authentication metadata needed to operate your account.
• Payments, subscriptions, and donations — checkout is handled by Paddle. We do not store your full card details on this website. We may receive transaction metadata such as your name, email address, country, billing status, amount, subscription status, invoice identifiers, and Paddle transaction identifiers.
• Contact enquiries — if you email us or open a GitHub issue, we retain the content of that communication to respond to you.

2.2 Information collected automatically

• Server logs — our hosting provider (Vercel) automatically records standard HTTP request logs including IP addresses, browser type, and pages visited. These logs are retained for up to 30 days for security and debugging.
• Authentication and preference storage — we use first-party browser storage for theme preference and sign-in state needed to keep users logged in across refreshes and OAuth redirects.

2.3 Information we do NOT collect

• We do not run analytics trackers (no Google Analytics, Mixpanel, etc.).
• We do not use advertising cookies or third-party tracking pixels.
• We do not collect data from the Samantha agent running on your machine.

• To provide account access, authentication, and customer support.
• To process subscriptions and donations through Paddle.
• To respond to support enquiries or GitHub issues.
• To maintain security and diagnose technical problems using server logs.
• To comply with legal obligations.

We do not sell, rent, or share your personal data with third parties for marketing.

Paddle (Billing, subscriptions, and donations)

Subscription payments and donations are processed by Paddle. Based on Paddle's current legal notice, Paddle acts as an authorised reseller / Merchant of Record for purchases made through its checkout. Paddle's handling of payment and buyer data is governed by Paddle's own Privacy Policy. We receive the transaction information needed to fulfil purchases, manage subscriptions, reconcile donations, prevent fraud, and meet accounting or legal obligations.

Supabase (Authentication)

We use Supabase Authentication for sign-in methods such as email/password, Google, and Microsoft. Supabase processes authentication-related data as part of the sign-in flow.

Vercel (Hosting)

This website is hosted on Vercel. Vercel processes request logs in accordance with their Privacy Policy.

GitHub

Our source code and issue tracker are hosted on GitHub. Interactions with our GitHub repository are subject to GitHub's Privacy Statement.

• Server logs: retained for up to 30 days then automatically deleted.
• Account records: retained while your account is active and for a limited period afterward where needed for security, fraud prevention, dispute handling, or legal compliance.
• Payment and donation records: transaction IDs, billing events, and related accounting records are retained for as long as needed to comply with tax, bookkeeping, chargeback, and legal retention obligations.
• Support correspondence: retained until the issue is resolved, then deleted within 12 months.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate data.
• Deletion — ask us to delete your data ("right to be forgotten"), subject to legal retention requirements.
• Objection — object to certain types of processing.
• Portability — receive your data in a structured, machine-readable format.

To exercise any of these rights, email us at privacy@zenon.ai. We will respond within 30 days.

If your request relates specifically to payment information processed by Paddle, Paddle may also need to handle part of that request directly under its own privacy process.

Our website and services are not directed at children under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us at privacy@zenon.ai and we will delete it promptly.

We implement reasonable technical and organisational measures to protect your data, including HTTPS encryption for all web traffic and strict access controls on any stored information. However, no method of internet transmission is 100% secure, and we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of the website after changes constitutes acceptance of the updated policy.

For any privacy-related questions or requests, contact us at: privacy@zenon.ai

For payment privacy questions handled by Paddle, you can also review Paddle's legal notice at paddle.com/legal/privacy.