Privacy Policy

Effective Date: March 7, 2026 | Last Updated: March 12, 2026

ZSky AI ("ZSky," "we," "us," or "our") operates the website located at zsky.ai and its associated services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

By accessing or using ZSky AI, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

1. Information We Collect

1.1 Information You Provide

Account Information: When you create an account, we collect your email address and encrypted password (managed through our authentication provider).
Payment Information: When you purchase credits or subscriptions, payment is processed by Stripe, Inc. We do not store your full credit card number, CVV, or bank account details. We receive and store transaction identifiers, plan type, and billing status.
User-Generated Prompts: Text prompts you submit for image or video generation are processed by our systems. Prompts may be logged for content moderation and safety enforcement purposes.
Support Communications: If you contact us for support, we collect the information you provide in your correspondence.

1.2 Information Collected Automatically

Usage Data: We collect information about how you interact with the Service, including pages visited, features used, generation requests made, timestamps, and referring URLs.
Device Information: Browser type and version, operating system, screen resolution, and device identifiers.
IP Address: Collected for security, fraud prevention, and approximate geolocation purposes.
Generated Content Metadata: We store metadata associated with content you generate, including generation parameters, model used, timestamps, and content identifiers. Actual generated content (images/videos) is stored temporarily as described in Section 5.

1.3 Cookies and Local Storage

ZSky AI uses the following browser storage mechanisms:

Age Verification: We store a flag in localStorage to remember that you have confirmed you are 18 years of age or older, so you are not prompted on every visit.
Authentication Tokens: Session tokens are stored in localStorage to keep you signed in across visits. These tokens are issued and managed by Supabase (our authentication provider).
Preferences: User interface preferences (such as selected generation mode) may be stored locally.

We do not use third-party advertising cookies or tracking pixels. We do not participate in cross-site behavioral advertising.

2. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service: Processing your generation requests, managing your account, and delivering purchased credits and subscriptions.
Safety and Moderation: Scanning prompts and generated content for prohibited material, enforcing our Content Policy, and complying with legal obligations including reporting requirements under 18 U.S.C. § 2258A.
Service Improvement: Analyzing usage patterns to improve performance, reliability, and user experience.
Security: Detecting and preventing fraud, abuse, and unauthorized access.
Communications: Sending transactional emails related to your account, billing, or material changes to our policies. We do not send unsolicited marketing emails.
Legal Compliance: Responding to lawful requests from law enforcement, regulatory authorities, or as otherwise required by applicable law.

3. Third-Party Services

We rely on the following third-party service providers to operate ZSky AI. Each provider has its own privacy policy governing the data it processes:

Supabase (Privacy Policy) — Authentication, user account management, and database services.
Stripe, Inc. (Privacy Policy) — Payment processing. Stripe receives your payment card details directly; we never have access to your full card number.
Cloudflare, Inc. (Privacy Policy) — Content delivery network (CDN), DDoS protection, and DNS services. Cloudflare processes connection metadata (IP addresses, request headers) to deliver and secure our Service.

We do not sell your personal information to any third party. We do not share personal information with third parties for their own marketing purposes.

4. Data Sharing and Disclosure

We may disclose your information in the following circumstances:

Legal Obligations: When required by law, subpoena, court order, or governmental regulation. This includes mandatory reporting of suspected child sexual abuse material (CSAM) to the National Center for Missing & Exploited Children (NCMEC) and cooperating with law enforcement investigations.
Safety and Rights Protection: When we believe disclosure is necessary to protect the safety of any person, to protect our rights or property, or to investigate potential violations of our Terms of Service.
Service Providers: With the third-party providers listed in Section 3, solely to the extent necessary for them to perform services on our behalf.
Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

5. Data Retention

Generated Content: Images and videos you generate are stored on our servers for 30 days from the date of creation, after which they are automatically and permanently deleted. You may download your content at any time during this retention period.
Account Data: Your account information (email, preferences, credit balance, generation history metadata) is retained for as long as your account remains active. Upon account deletion, we will remove your personal information within 30 days, except where retention is required by law.
Moderation Logs: Records of content moderation actions (flagged prompts, policy violations) may be retained for up to 3 years for legal compliance and safety purposes.
Payment Records: Transaction records are retained for 7 years to comply with tax and financial reporting obligations.

6. Your Rights

6.1 All Users

Regardless of your location, you have the right to:

Access: Request a copy of the personal information we hold about you.
Deletion: Request that we delete your personal information and account. Note that we may retain certain information where required by law (e.g., CSAM reporting records, financial records).
Export: Request an export of your data in a portable, machine-readable format.
Correction: Request that we correct inaccurate personal information.
Objection: Object to certain processing of your personal information.

To exercise any of these rights, contact us at privacy@fastlabtech.com. We will respond to verified requests within 30 days.

6.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You may request the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share your information.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale: We do not sell your personal information. There is no need to opt out.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of Personal Information Collected (CCPA Disclosure): Identifiers (email, IP address), commercial information (transaction records, credit balances), internet activity (usage data, browsing history on our Service), and inferences (content preferences).

6.3 European Economic Area and UK Residents (GDPR)

If you are located in the EEA or the United Kingdom, the following applies:

Legal Basis for Processing: We process your personal data based on (a) your consent, (b) contractual necessity (to provide the Service you requested), (c) our legitimate interests (security, fraud prevention, service improvement), and (d) legal obligation (safety reporting, financial record-keeping).
Data Transfers: Your data may be transferred to and processed in the United States. We rely on appropriate safeguards to protect your data during such transfers.
Additional Rights: You have the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local supervisory authority.

7. Security

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

Encryption of data in transit (TLS/HTTPS) and at rest.
Access controls limiting employee access to personal information on a need-to-know basis.
Regular security assessments and monitoring.
Secure authentication through Supabase with support for strong passwords.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Children's Privacy

ZSky AI is intended exclusively for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If we discover that a user is under 18, we will immediately terminate their account and delete all associated data. If you believe a minor is using our Service, please contact us at safety@zsky.ai.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via email or through a prominent notice on the Service. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, you may contact us at:

Email: privacy@fastlabtech.com
General Inquiries: support@zsky.ai
Safety Concerns: safety@zsky.ai