Privacy Center

Privacy Policy

Last Updated: February 25, 2026 · Effective: February 13, 2026

Data Controller: Zizka AI · Contact: founder@zizka.ai

This Privacy Policy explains how Zizka AI ("we", "us", "our") collects, uses, stores, and protects your personal data when you use zizka.ai. We are committed to full compliance with the General Data Protection Regulation (GDPR), the EU AI Act, and Google's API Services User Data Policy.

Google API Services — Limited Use Disclosure

🔵 Google API Limited Use Policy Compliance

Zizka AI's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

All Scopes — Complete List

Scope	Type	Why we need it
userinfo.profile	Non-sensitive	Read your basic Google profile (name, email) to identify your account during sign-in. Standard OAuth authentication only.
gmail.send	Sensitive	Send emails on your behalf when you explicitly instruct. We cannot read, list, search, delete, or modify your inbox in any way.
calendar.events	Sensitive	Create, view, update, and delete calendar events when you explicitly instruct. No background scanning or automated access.

📬 Email reading (gmail.readonly) is NOT requested — it is a Google-restricted scope. Reading support is planned pending security verification.

🔒 No restricted scopes are registered with our application.

How We Use Google Data — Limited Use Commitment

Google user data is used ONLY to provide the specific feature you explicitly request in your chat message.
We do NOT use Google data to serve advertising or for any marketing purpose.
We do NOT allow humans to read your Gmail or Calendar data except to provide or improve the service, for security review, or as required by law.
We do NOT transfer Google user data to third parties except as necessary to provide the service (e.g. AI interpretation), subject to the Limited Use requirements.
We do NOT use Google user data to train AI or machine learning models.
Google API access is read-on-demand only — no background scanning, no continuous sync, no automated access without your instruction.

Scope Justification

We request only gmail.send (a Google Sensitive scope — no security assessment required). We do not request gmail.readonly, gmail.modify, or any restricted Gmail scope. This means we have zero ability to read, search, list, delete, label, archive, or modify your inbox in any way — we can only send emails you explicitly instruct us to compose.

Data Controller & Contact

Data Controller: Zizka AI

Contact: founder@zizka.ai

Data Protection Inquiries: For GDPR rights requests, data deletion, or privacy concerns, email us at founder@zizka.ai. We respond within 30 days.

Information We Collect

Account Information

When you create an account: name, company name, website, work email address, phone number (optional).

We do not store passwords. Authentication uses time-limited verification codes sent to your email.

Conversation History (AI Memory)

Your chat messages and summarised AI responses are stored in a vector database (Pinecone) to provide conversation context. When you send a message, we use your recent conversation (e.g. the last 30 messages) to interpret your request; we may apply an optional token cap and truncate older messages to keep context within limits. Important: we store only intent summaries for AI responses that retrieved tool data — raw email content, invoice details, CRM records, and third-party personal data are never persisted to our databases. Conversation data is automatically deleted after 7 days (weekly cleanup).

AI Usage Metrics

We log anonymised request metadata (tool used, action type, response time, token estimate, cost estimate) to operate and improve the service. This data is linked to your account for billing and support purposes.

Integration Connection Data

When you connect services (Gmail, Google Calendar, Asana, Jira, Notion, ClickUp, Xero, HubSpot), we store only encrypted OAuth tokens to maintain your authorised connection. We do not store the content of your data from these services.

Consent Records

We record the timestamp at which you accepted these Terms of Use and Privacy Policy, as required for GDPR Article 7 compliance.

✅ What We Store

Account profile (name, email, company)
OAuth tokens (AES-256 encrypted)
Conversation intent summaries (7-day TTL)
AI usage logs (anonymised metrics)
Consent acceptance timestamp
Incident reports (if triggered)

❌ What We Never Store

Email bodies or attachments
Invoice or financial record details
CRM contact or deal data
Calendar event descriptions
Notion page content
Task descriptions from Jira/Asana/ClickUp
Any third-party personal data

Data Protection & Security

🔒 Encryption in Transit

All data between your browser and our servers uses TLS 1.3 / HTTPS encryption.
All API calls to third-party services (Google, Jira, HubSpot, Xero, etc.) use encrypted HTTPS connections.
No data is ever transmitted over unencrypted channels.

🔐 Encryption at Rest

OAuth access tokens and refresh tokens are encrypted using AES-256-CBC before storage.
Encryption keys are stored separately from encrypted data.
Database connections use encrypted channels.

📧 Gmail Data Handling

We do NOT read, store, or access any email content — incoming or outgoing — beyond what is necessary to send the email you compose.
We have NO access to your inbox, drafts, sent items, or any stored email data.
Only encrypted OAuth tokens are stored to maintain your Gmail send connection.
When you disconnect Gmail, all OAuth tokens are permanently and immediately deleted.
Gmail action available (only when you explicitly instruct): sending emails. We cannot read, search, list, reply, modify, archive, delete, label, or star emails.
Scope used: gmail.send only. This is a Sensitive scope (not Restricted). No security assessment is required.
Outbound emails sent via zizka.ai include a one-line AI disclosure footer by default (toggleable in settings).
Email reading is coming soon, pending Google Restricted Scope security verification.

📅 Google Calendar Data Handling

We do NOT store your calendar events or meeting details.
Calendar data is fetched in real-time when you request it — no background syncing occurs.
Event information is displayed in your chat and never saved to our databases.
Scope used: calendar.events — minimum required for create, view, update, delete calendar events on your instruction.

🛡️ Access Control

User-level data isolation: each user can only access their own data.
OAuth tokens are user-specific and cannot be accessed by other users.
Session tokens expire after inactivity.
Rate limiting prevents abuse (60 requests/minute per user).
All requests require authenticated sessions.

⏱️ Conversation Memory & 30-Day Auto-Deletion

Conversation history is stored in Pinecone (vector database) with a 7-day expiry timestamp on every record.
A weekly automated cleanup (Sunday 00:00) permanently deletes all conversation data older than 7 days.
You can also delete your entire conversation history on demand at any time — see Your Rights below.
AI responses containing fetched tool data (emails, invoices, contacts) are sanitised before storage — only an intent summary is saved, never the raw data.

AI System Transparency — EU AI Act Compliance

🤖 You are interacting with an AI system

In accordance with EU AI Act Article 52, we disclose that zizka.ai is an AI-powered assistant. You are interacting with artificial intelligence, not a human.

EU AI Act Risk Classification

zizka.ai is classified as a Limited Risk AI system under the EU AI Act (Article 52 — transparency obligations apply). It does not fall under high-risk categories: no employment decisions, no credit scoring, no biometric surveillance, no critical infrastructure.

How Our AI Works — 6-Layer Architecture

Layer 0 — Tool Intelligence Layer: Hardcoded expert knowledge base for all connected tools. Fires before the FAQ check. Provides instant concept explanations, onboarding guides, cross-tool comparisons, and guided workspace setup templates. Zero AI inference — all answers are static and deterministic.
Layer 1 — FAQ Pre-Check: Regex-based hardcoded answers for common questions. AI never called.
Layer 2 — Semantic Interpreter: GPT-4o-mini reads your intent and extracts structured parameters. Returns JSON only.
Layer 3 — Guardrails: Validates and constrains actions; the AI cannot bypass this layer. In multi-step flows we may use try-then-ask (attempt then clarify if needed) rather than blocking on every missing parameter.
Layer 4 — Decision Service: Our backend (not the AI) executes validated actions via tool APIs. The AI has zero direct access to your tools.
Layer 5 — Response Sanitizer: Strips machine markers and formats responses as natural language.

Human Oversight (EU AI Act Article 14)

The AI never executes actions autonomously. Every action requires your explicit instruction. Multi-step actions require your explicit confirmation before execution. You can cancel any pending action at any time by saying "no" or "stop".

AI-Generated Email Disclosure (EU AI Act Article 52(3))

When you ask zizka.ai to send an email on your behalf, the outbound email includes the following footer by default: "This message was drafted with AI assistance (Zizka)." You can disable this in your account settings. This disclosure ensures recipients of AI-drafted communications are informed as required by Article 52(3).

No Autonomous or Background Processing

zizka.ai takes no action on your connected tools without your direct, real-time instruction. There is no background processing, no scheduled automation, no AI-initiated actions. If you are not in an active chat session, nothing happens.

Data Minimisation (GDPR Article 5(1)(c))

Email list operations use Gmail's metadata-only format — full email bodies are never fetched during list/search operations.
AI responses containing fetched tool data are sanitised before storing in our vector database — raw data from third parties is never persisted.
Only data visible in your active chat session is passed to the AI model for interpretation.
We do NOT use your data to train AI or machine learning models.

Incident Reporting

We maintain an internal incident log that captures tool failures and user-reported issues. If an AI response is problematic, you can report it directly from your chat interface. Incident records are used solely for service improvement and security review.

How We Use Your Information

We use personal data solely to:

Provide, operate, and maintain the zizka.ai service.
Authenticate users and manage accounts.
Respond to your AI chat requests and execute tool actions you explicitly instruct.
Enable user-authorised third-party integrations (Gmail, Calendar, Jira, etc.).
Maintain conversation context so the AI remembers recent messages within a session.
Ensure platform security, reliability, rate limiting, and performance.
Record and respond to data rights requests (erasure, export, consent).
Maintain internal incident logs for service quality and security.

We do not sell personal data. We do not use data for advertising. We do not use data to train AI models.

Legal Bases for Processing (GDPR Article 6)

Performance of Contract (Art. 6(1)(b))

Account creation, authentication, delivering AI responses, executing tool actions you request.

Consent (Art. 6(1)(a))

Connecting Google integrations (Gmail, Calendar) and other OAuth-based tools. Consent recorded at onboarding with timestamp.

Legitimate Interests (Art. 6(1)(f))

Security monitoring, fraud prevention, rate limiting, incident logging, anonymised usage analytics.

Legal Obligation (Art. 6(1)(c))

Retaining limited records for legal compliance and responding to valid legal requests.

Automated Decision-Making (GDPR Article 22)

zizka.ai does not make automated decisions that produce legal or similarly significant effects on individuals. All actions on your connected tools are executed only in direct response to your explicit real-time instruction. You retain full control at all times.

Sub-Processors & International Transfers

✅ No data extraction by AI or vector providers

We are legally bound with OpenAI and Pinecone so that they do not extract, use for training, or retain your data beyond the processing we instruct. We do not share your data with them for any purpose other than providing the service; contractual and data processing terms prohibit extraction or secondary use.

We use the following trusted sub-processors. Each is contractually bound to data protection obligations consistent with GDPR:

Sub-Processor	Purpose	Location	Data Transferred
OpenAI	AI intent interpretation (GPT-4o-mini)	USA	Chat messages + conversation summaries. No raw tool data. Contractually bound not to extract or use for training.
Pinecone	Conversation vector memory	USA	Sanitised conversation summaries (7-day TTL). Contractually bound not to extract or use data beyond our instructions.
Amazon Web Services	App server (EC2) + database (RDS)	EU (eu-central-1)	All application data.
Google APIs	Gmail (send) + Calendar integration	USA/Global	OAuth tokens only. Content used on-demand per user instruction.

Where data is transferred outside the EU (OpenAI, Pinecone), Standard Contractual Clauses (SCCs) or equivalent GDPR-compliant transfer mechanisms apply. Our primary application database is hosted within the EU (AWS eu-central-1).

We may disclose data if required by applicable law or a valid legal request from competent authorities.

Data Retention

Data Type	Retention Period	Deletion Method
Conversation history (Pinecone)	7 days	Automatic weekly cleanup (Sunday 00:00) + on-demand via settings
OAuth tokens	Until disconnected or account deleted	Immediate on disconnect or account deletion
AI usage logs (AiRequest)	Until account deleted (on-demand: immediate)	DELETE /api/user/delete-data or account deletion
Account profile (name, email)	1 year after account deletion	Automatic after 1-year retention period
Financial/legal records	Up to 7 years (legal obligation)	As required by applicable law
Anonymised usage statistics	Indefinite (no PII)	Non-identifiable — not subject to erasure
Consent records	Duration of account + 1 year	Deleted with account after retention period

Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights. All rights below can be exercised directly from your account settings or by contacting us at founder@zizka.ai. We respond to all verified requests within 30 days.

Right of Access (Art. 15)

Request a complete copy of all data we hold about you.

How to exercise: Account Settings → Export My Data (downloads structured JSON)

GET /api/user/export-data

Right to Erasure (Art. 17) — Conversation History

Delete your AI conversation history from Pinecone and our databases without deleting your account.

How to exercise: Account Settings → Delete Conversation History

DELETE /api/user/delete-data

Right to Erasure (Art. 17) — Full Account

Permanently delete your account. OAuth tokens, conversation data, and personal preferences are deleted immediately. Account profile retained for 1 year for legal compliance then permanently deleted.

How to exercise: Account Settings → Delete Account

DELETE /api/user/delete-account

Right to Data Portability (Art. 20)

Receive all data we hold about you in machine-readable JSON format.

How to exercise: Account Settings → Export My Data

GET /api/user/export-data

Right to Withdraw Consent (Art. 7)

Withdraw consent for AI data processing at any time. You may disconnect any Google integration from Settings, or revoke access directly from your Google Account.

How to exercise: Settings → Integrations → Disconnect

DELETE /api/integrations/disconnect

Right to Rectification (Art. 16)

Correct inaccurate account information.

How to exercise: Account Settings → Edit Profile

PATCH /api/user/profile

Right to Lodge a Complaint

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection supervisory authority.

How to exercise: Contact your national DPA (e.g. CNIL, BfDI, ICO)

Security Measures

AES-256-CBC encryption for all OAuth tokens stored at rest.
TLS 1.3 for all data in transit.
Rate limiting: 60 requests per minute per user.
Input validation and injection protection on all API endpoints.
Session token enforcement with single active session per user.
User-level data isolation — no cross-user data access possible.
Automated nightly cleanup of expired conversation data from Pinecone.
Internal incident logging for all tool failures and user-flagged AI responses.
No raw secrets, tokens, or PII written to application logs.
Regular software dependency updates and security patching.

Contact & Data Protection Requests

For any questions about this Privacy Policy, to exercise your GDPR rights, or to report a privacy concern:

Email: founder@zizka.ai

We respond to all verified requests within 30 days. For urgent security or data breach concerns, we aim to respond within 72 hours in line with GDPR Article 33.

Google OAuth & Data Deletion

To revoke zizka.ai's access to your Google account, visit myaccount.google.com/permissions and remove Zizka AI from your authorised apps. Your OAuth tokens will be automatically invalidated.