Z

Zura

Privacy Policy

Effective date: June 1, 2025  ·  Last updated: June 1, 2025

This Privacy Policy explains how Zura ("we", "us", "our") collects, uses, stores, and shares your personal information when you use our platform at zura.live. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Zura is the data controller responsible for your personal data. For privacy-related inquiries, contact us at privacy@zura.live.

2. Data We Collect

We collect the following categories of personal data:

• Account data: name, email address, password (hashed), profile photo (optional).
• Usage data: chat conversations, AI entity configurations, knowledge base content, prompts, and settings you create.
• Technical data: IP address, browser type, device information, session data, and access logs.
• Payment data: billing address and payment method details (processed and stored securely by Stripe; we never store full card numbers).
• Communications: emails you send to our support or via the platform.

3. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve the Service.
• Process your transactions and manage your subscription.
• Send transactional emails (account verification, password reset, billing receipts).
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.
• Analyze aggregated, anonymized usage patterns to improve our Service (no individual profiling).

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

• Contract performance: to deliver the Service you have signed up for.
• Legitimate interests: security, fraud prevention, and service improvement.
• Legal obligation: to comply with applicable laws (tax records, anti-fraud requirements).
• Consent: for optional communications (marketing emails). You may withdraw consent at any time.

5. Data Sharing

We do not sell your personal data. We share it only with:

• AI providers (e.g., OpenAI, Google Gemini): your prompts and conversation context are sent to these providers to generate responses. Their data handling is governed by their respective privacy policies.
• Stripe: for payment processing. Governed by Stripe's Privacy Policy.
• Infrastructure providers: cloud hosting and database services necessary to operate the platform (data processed within the EU/EEA where possible).
• Law enforcement: when required by a valid legal order, court order, or to protect the rights, property, or safety of Zura, our users, or the public.

6. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the Service. When you delete your account:

• Your profile data and conversation history are deleted within 30 days.
• Billing records are retained for 7 years as required by tax law.
• Anonymized, aggregated analytics data may be retained indefinitely.

7. Cookies and Tracking

We use the following cookies:

• Essential cookies: session tokens and CSRF protection — required for the Service to function. Cannot be disabled.
• Preference cookies: storing your theme (dark/light mode) and UI preferences. No personal data is shared with third parties.

We do not use advertising or cross-site tracking cookies.

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure ("right to be forgotten"): request deletion of your data (subject to legal retention requirements).
• Restriction: request that we limit processing of your data in certain circumstances.
• Data portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: for consent-based processing, at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@zura.live. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Data Security

We implement industry-standard security measures including:

• TLS/HTTPS encryption for all data in transit.
• Passwords stored using strong one-way hashing (bcrypt/PBKDF2).
• Access controls and audit logs for sensitive operations.
• Regular security reviews and dependency updates.

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. International Transfers

Your data may be processed by AI providers located outside the EEA (e.g., the United States). Such transfers are made with appropriate safeguards, including Standard Contractual Clauses (SCCs) as approved by the European Commission.

11. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a child has provided us data, please contact us at privacy@zura.live and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or a prominent notice in the platform at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.

13. Contact Us

For privacy-related questions, requests, or complaints:

Email: privacy@zura.live
Website: https://zura.live

Back to sign up