English 简体中文 繁體中文 日本語 한국어 Русский Türkçe Deutsch Français Español Português
Get Started
FeaturesPricingBlogGuest Demo
English 简体中文 繁體中文 日本語 한국어 Русский Türkçe Deutsch Français Español Português
Get Started

Privacy Policy

Last updated: 2025-01-01

Your privacy is important to us. This Privacy Policy explains how ZShip ("we", "us", or "our") collects, uses, discloses, and safeguards your personal information when you use our website and services (collectively, the "Service"). Please read this policy carefully.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you register, we collect your email address, display name, and profile picture (if using third-party sign-in such as Google).
  • Payment Information: When you make a purchase, payment details are collected and processed by our third-party payment processors (e.g., Stripe, Creem). We do not store your full credit card number, CVV, or banking details on our servers.
  • Support Communications: When you contact us for support, we collect the content of your messages, your email address, and any attachments you provide.
  • User Content: Prompts, generation parameters, and preferences you submit when using the Service.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, generation history, time spent on the Service, and interaction patterns.
  • Device Information: Browser type and version, operating system, device type, screen resolution, and language preference.
  • Log Data: IP address, access timestamps, referring URLs, and error logs.
  • Cookies and Similar Technologies: See Section 7 for details.

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contractual Necessity: Processing required to perform our contract with you (e.g., providing the Service, processing payments).
  • Legitimate Interests: Processing for our legitimate business interests (e.g., improving the Service, preventing fraud), where your rights do not override those interests.
  • Consent: Where you have given explicit consent (e.g., marketing communications, optional analytics).
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Service.
  • To process transactions, manage subscriptions, and handle billing.
  • To authenticate your identity and secure your account.
  • To send transactional communications (e.g., order confirmations, security alerts).
  • To provide customer support and respond to your inquiries.
  • To analyze usage trends and improve the Service's performance and features.
  • To detect, investigate, and prevent fraudulent or unauthorized activity.
  • To comply with legal obligations and enforce our terms.

We will not use your personal data for purposes materially different from those described above without providing you with notice and, where required, obtaining your consent.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:

  • Service Providers: Third-party vendors who assist us in operating the Service, including:
    • Payment processors (Stripe, Creem) for transaction processing.
    • Cloud infrastructure providers (Cloudflare) for hosting and content delivery.
    • AI model providers for content generation.
    • Analytics services (Google Analytics, Microsoft Clarity) for usage analysis.
    • Email service providers for transactional communications.
    These providers are contractually bound to use your data only for the purposes we specify and to maintain appropriate security measures.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Protection of Rights: When we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

5. Data Storage and Security

Your data is stored on secure infrastructure provided by Cloudflare, with data centers distributed globally. We implement industry-standard security measures, including:

  • Encryption in transit (TLS/SSL) and at rest.
  • Access controls and authentication for internal systems.
  • Regular security assessments and monitoring.
  • Secure password hashing (never stored in plain text).

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including countries that may not provide the same level of data protection. When we transfer data internationally, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by relevant regulatory authorities, to protect your personal information.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

We use httpOnly, secure cookies for authentication and session management. These cookies are strictly necessary for the Service to function and cannot be disabled.

7.2 Analytics Cookies

With your consent (where required by law), we may use analytics tools such as Google Analytics and Microsoft Clarity to understand how users interact with the Service. These tools may collect anonymized usage data.

7.3 Managing Cookies

You can control cookies through your browser settings. Please note that disabling essential cookies may prevent you from using the Service. For analytics cookies, you may opt out through your browser or through the respective provider's opt-out mechanism.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. Specifically:

  • Account Data: Retained for the duration of your account. Upon account deletion, personal data is removed within 30 days.
  • Transaction Records: Retained for up to 7 years as required by financial and tax regulations.
  • Usage Logs: Retained for up to 90 days for security and debugging purposes.
  • Support Communications: Retained for up to 2 years after resolution.

Where retention is required by law, we will retain the minimum data necessary for the legally required period.

9. Your Rights

9.1 General Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we restrict the processing of your data.
  • Portability: Request a machine-readable copy of your data.
  • Objection: Object to the processing of your data based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

9.2 European Economic Area (EEA) Residents

If you are located in the EEA, you have the rights listed above under the General Data Protection Regulation (GDPR). You also have the right to lodge a complaint with your local Data Protection Authority if you believe your rights have been violated.

9.3 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information is collected, used, shared, or sold.
  • The right to delete personal information held by us.
  • The right to opt-out of the sale or sharing of personal information. We do not sell your personal information.
  • The right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days (or as required by applicable law).

10. Do Not Track

"Do Not Track" (DNT) is a browser preference. While there is no industry standard for responding to DNT signals, we respect your preference and limit non-essential tracking when DNT is enabled.

11. Children's Privacy

The Service is not directed at children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly. If you believe your child has provided us with personal data, please contact us at [email protected].

12. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities in accordance with applicable data protection laws. Notification will typically be provided within 72 hours of becoming aware of the breach and will include the nature of the breach, the data affected, and the steps we are taking to mitigate it.

13. Third-Party Links

The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a prominent notice on the Service at least 30 days before they take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. We recommend reviewing this page periodically.

15. Contact

For privacy-related inquiries, data subject requests, or to exercise your rights, contact us at: