Privacy Policy
This Privacy Policy describes how Zunagen (“Zunagen,” “we,” “us,” or “our”) collects, uses, stores, and shares information when you use our website at zunagen.com, our applications (including the Agents workspace, DataIQ, NeuralForge training, Mac Agent, and Phone Agent), and related APIs and services (collectively, the “Services”).
By using the Services, you agree to the practices described in this policy. If you do not agree, please do not use the Services.
1. Who we are
Zunagen is an AI engineering platform. For privacy-related requests, contact us at hello@zunagen.com.
2. Information we collect
2.1 Account information
When you create an account, we collect:
- Email address and password (passwords are hashed and managed by our authentication provider)
- Name and, if provided, company name
- Subscription plan, usage limits, and billing-related identifiers
- API keys you generate for programmatic access
2.2 Content you provide
When you use the Services, we process content you submit, including:
- Prompts, messages, and conversation history in AI chats and agents
- Agent configurations, system prompts, personalities, and training instructions
- AI system builds, generated code, project files, and version history
- Datasets and files you upload (for example CSV data for analysis or model training)
- Marketplace listings, purchases, reviews, and seller payout details you provide
- Voice input, images, and other media you choose to share with agents
- Shared project links and snapshots you create
2.3 Device and agent data
If you use Mac Agent, Phone Agent, or connected devices, we may process:
- Device connection metadata and session information
- Commands, file paths, and tool actions requested through agents (for example shell commands or file reads on your Mac, when you authorize those capabilities)
- Approximate location, if you grant location permission in Phone Agent
- Microphone audio for speech features, when enabled
- Screen or vision snapshots when you use hardware/vision features
2.4 Payment information
Payments are processed by Stripe. We receive subscription status, customer IDs, transaction metadata, and billing event records. We do not store full payment card numbers on our servers.
2.5 Usage and technical data
- AI credit usage, API call counts, and product usage logs
- Authentication tokens stored in your browser for session management
- IP address, browser type, and standard server logs from our hosting providers
- Error and performance data needed to operate and secure the Services
2.6 Optional bring-your-own-key (BYOK)
If you choose to provide your own AI provider API key, we store it in your account (cloud database and, optionally, your browser local storage) so we can route requests on your behalf. You can remove it at any time.
3. How we use information
We use collected information to:
- Provide, operate, and improve the Services
- Authenticate you and manage your account
- Process AI requests, agent actions, training jobs, and marketplace transactions
- Enforce plan limits, prevent abuse, and maintain security
- Process payments and manage subscriptions
- Respond to support requests and communicate about the Services
- Comply with legal obligations
AI processing: To deliver AI features, your prompts and relevant context are sent to third-party AI inference providers to generate responses. Do not submit sensitive personal data unless you are comfortable with this processing.
4. Where we store data
4.1 Cloud storage
We store account data, projects, agents, datasets, marketplace records, and billing metadata in cloud databases and file storage, primarily through Supabase (hosted infrastructure). Our APIs run on Render and related cloud hosting.
4.2 Your browser and device
We use browser storage technologies including:
- localStorage — session tokens, cached profile data, agent conversations, marketplace state, and optional API keys
- sessionStorage — temporary data for OAuth and deployment flows
- IndexedDB — voice and media blobs in the Agents app
We do not use first-party cookies for authentication; sessions are managed via tokens in browser storage.
4.3 Local Mac / phone data
Mac Agent and Phone Agent may access data on your device only when you enable those features and issue commands through the agent. That data is processed to fulfill your requests and is not uploaded to our servers except as needed to operate the specific feature you invoked.
5. Data retention
We retain information for as long as your account is active or as needed to provide the Services, unless you delete it or we are required to delete it by law. Specific practices include:
- Account data — retained while your account exists
- Project versions — we may keep a limited number of recent versions per user
- Agent conversations (cloud sync) — trimmed to recent messages and size limits to manage storage
- Shared project links — may expire automatically (for example after 30 days)
- Billing records — retained as required for accounting, tax, and legal compliance
- Server session caches — short-lived in-memory data cleared when sessions end
When you delete content in the app (for example a project version or agent), we remove it from active systems within a reasonable period, though backups or logs may persist for a limited time.
6. How we share information
We do not sell your personal information. We share information only as described below:
6.1 Service providers (subprocessors)
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication, database, file storage | Account data, user content, files |
| Render | Application hosting | API traffic, server logs |
| AI inference providers | AI chat, code generation, analysis | Prompts, conversation context, system instructions |
| Stripe | Payments and subscriptions | Email, billing metadata, payment processing |
| NeuralForge | GPU model training | Datasets, training configs, model artifacts |
| ElevenLabs | Text-to-speech | Text submitted for voice synthesis |
| SerpAPI | Web and image search in agents | Search queries |
| Composio | Third-party tool integrations | Prompts and tool execution context |
| GitHub | OAuth for deployment flows | OAuth tokens when you connect GitHub |
6.2 Other disclosures
- Marketplace transactions — buyers and sellers may see information needed to complete a purchase (for example name or email on an order)
- Legal requirements — if required by law, court order, or to protect rights and safety
- Business transfers — in connection with a merger, acquisition, or sale of assets, with notice where required
7. International transfers
Your information may be processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.
8. Security
We use industry-standard measures to protect your information, including encrypted connections (HTTPS), access controls, and secure authentication. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
9. Your rights and choices
Depending on your location, you may have rights to:
- Access — request a copy of personal information we hold about you
- Correction — update inaccurate account information
- Deletion — request deletion of your account and associated data
- Portability — export certain project or agent data through in-app export features
- Objection / restriction — object to or restrict certain processing where applicable
- Withdraw consent — where processing is based on consent (for example device permissions)
To exercise these rights, email hello@zunagen.com. We will respond within the timeframe required by applicable law. You may also clear browser local storage to remove cached session data on your device.
California residents (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.
EEA/UK residents (GDPR): Our legal bases for processing include contract performance, legitimate interests (operating and improving the Services), consent (where required), and legal obligations.
10. Children
The Services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it.
11. Third-party links and integrations
The Services may link to or integrate with third-party websites, tools, or services. Their privacy practices are governed by their own policies. We are not responsible for third-party services you choose to connect.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the “Last updated” date. Material changes may be communicated by email or in-app notice where appropriate.
13. Contact us
Questions about this Privacy Policy or our data practices:
hello@zunagen.com
https://zunagen.com