Privacy Policy

What We Collect

When you use Zeno, we collect the following information:

• Your email address (used for authentication and account communications)
• Chat messages you send and receive (used to provide AI responses)
• Memories extracted from conversations (preferences, facts, expertise — used to personalise your experience)
• Usage counts (daily message totals — used for rate limiting and subscription enforcement)
• Build projects and generated website files (used to provide the website builder feature)
• Push notification tokens on mobile (used to deliver notifications about replies to your questions)

How We Use Your Data

Your data is used to provide and improve the service:

• AI responses — your messages are sent to third-party LLM providers to generate responses
• Personalisation — extracted memories are used to tailor Zeno's responses to your preferences and context
• Crowd memory — anonymised topic data is aggregated across the community to surface recommendations and personalised "Zeno Suggests" suggestions. Individual messages are never exposed to other users
• Website building — when you ask Zeno to build a website, your request and memories are used to generate personalised HTML/CSS/JS files
• Community Q&A — questions you post to Ask Members are visible to other members. Replies may trigger push notifications
• Image and diagram generation — your descriptions are sent to image generation models (Black Forest Labs Flux) to create visual content
• Service improvement — usage patterns help us improve routing and model selection

Data Storage

All data is stored on Cloudflare's global edge network using D1 (SQLite). Your data is encrypted in transit and at rest. We do not store data in a centralised data centre — it lives close to you on Cloudflare's distributed infrastructure.

Third-Party AI Providers

To generate AI responses, your data is routed through an API gateway to a specialist model chosen for your query, with a fallback provider if the gateway is unavailable. The canonical list below is the same list shown in the in-app consent screen (Settings → AI Data Sharing) and is the source of truth for what providers may receive your data:

• OpenRouter (gateway) — routes each request to the specialist model chosen for your query. Privacy policy
• xAI (Grok) (specialist) — query routing classifier and general-purpose answers. Privacy policy
• OpenAI (specialist) — reasoning, writing, and coding tasks. Privacy policy
• Google (Gemini) (specialist) — image understanding and multimodal analysis. Privacy policy
• Alibaba (Qwen) (specialist) — title generation, summarisation, and analysis. Privacy policy
• MiniMax (specialist) — long-form document generation. Privacy policy
• Black Forest Labs (Flux) (specialist) — image generation from your prompts. Privacy policy
• Cloudflare Workers AI (fallback) — used when OpenRouter is unavailable, and for embeddings. Privacy policy

These providers process your data solely to generate responses to your queries. They do not use your data to train their models. Each provider maintains data protection standards equivalent to our own, as required by our data processing agreements.

What Data Is Shared With AI Providers

When AI data sharing is enabled, the following categories may be sent to the AI providers listed above, depending on the query:

• The messages you type
• Images and documents you attach
• Your conversation history — earlier messages from the same conversation used for context
• Saved memories about you — preferences, facts, and expertise extracted from your conversations
• Your onboarding responses — the self-description and preferences you provide during onboarding

We do not share your email address, payment information, or account details with AI providers.

Consent is required. No data is sent to any AI provider unless you have explicitly agreed to AI data sharing during onboarding, or enabled it later via Settings → AI Data Sharing. If you decline or revoke consent, AI features are disabled app-wide and no user data is transmitted to AI providers, although you can still use your account, view your memories, and manage your subscription.

• Community Q&A posts — questions you choose to post are visible to other members with your initials (not full name or email)

Consent and Forced Re-consent (April 2026)

An earlier version of this app described a shorter list of AI providers than it actually used. In April 2026 we reset every user's AI data-sharing consent so that each user makes a fresh decision with the corrected list above. On your next sign-in after the update you will see the current consent screen and must either agree or decline before AI features are used on your behalf.

Other Third Parties

• Payment processor — subscription payments are handled by Stripe and RevenueCat. We do not store your card details
• Push notifications — Expo push notification service delivers mobile notifications
• Infrastructure — Cloudflare provides hosting, database, and edge computing services

Your Rights

You have the right to:

• Access your data — view your memories and conversation history in the app
• Correct your data — edit or update memories directly from the Settings page
• Delete your data — remove individual memories from Settings, exclude conversations from memory, or delete your account entirely from the Settings page
• Control AI data sharing — revoke or grant your AI data-sharing consent at any time from Settings → AI Data Sharing. Revoking disables all AI features app-wide and blocks any further transmission to AI providers. You can also exclude individual conversations from memory extraction using the conversation menu.

Cookies & Local Storage

We do not use tracking cookies. The only data stored in your browser is:

• A JWT authentication token (to keep you signed in)
• UI preferences (such as sidebar state)
• Cached suggestion data and conversation lists (for faster load times)
• Build project data

No third-party analytics or advertising cookies are used.

Children

Zeno is not directed at anyone under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Contact

If you have questions about this privacy policy or your data, contact us at hello@zenoknows.com.