Privacy
Policy.

Zelosy Collaboration Inc. (“Zelosy,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our workspace application and related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

We use the information we collect to provide, maintain, and improve the Service; to process transactions and manage your account; to send notifications, updates, and security alerts; to respond to your requests and provide customer support; to monitor usage patterns and optimize performance; to detect, prevent, and address technical issues and security threats; and to comply with legal obligations.

We do not sell your personal information to third parties. We do not use your workspace content for advertising purposes.

Your data is stored in SOC 2-compliant data centers. All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Workspace data is isolated at the database level through row-level security (RLS) policies, ensuring that users can only access data within workspaces they are members of.

We implement two-factor authentication (TOTP), role-based access control with 7 granular roles, and audit logging to protect your account and workspace data. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

We share your information only with service providers who assist in operating the Service, including Supabase (database and authentication), Google Cloud / Gemini (AI processing), LiveKit (video and audio calls), and email delivery providers (transactional notifications). These providers are contractually obligated to protect your data and use it only for the purposes we specify.

We may also disclose your information if required by law, to protect our rights, to prevent fraud, or in connection with a merger, acquisition, or sale of assets (in which case you would be notified).

You have the right to access, correct, or delete your personal data at any time. You can export all your organization’s data through the Service. You can update your profile information, notification preferences, and security settings from your account. You may request deletion of your account by contacting us, and we will remove your data within 30 days, except where retention is required by law.

If you are located in the European Economic Area (EEA), you have additional rights under the GDPR, including the right to data portability, the right to restrict processing, and the right to object to processing. Contact us to exercise these rights.

The Service uses essential cookies and local storage for authentication, session management, and workspace preferences. We use analytics tools (such as PostHog and Vercel Analytics) to understand usage patterns. We do not use advertising cookies or tracking pixels.

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.