Privacy Policy

1. Who We Are

Zlyqor is operated by Pristren. For the purposes of the General Data Protection Regulation (GDPR) and equivalent data protection legislation, Pristren acts as the Data Controller for all personal data processed through the Zlyqor platform. If you have any questions about how we handle your data, contact us at privacy@zlyqor.com.

2. Information We Collect

We collect the following categories of information:

• Account data: your name, email address, and password (stored as a bcrypt hash — never in plaintext)
• Usage data: features used, timestamps of actions, session duration, and error logs for debugging
• Desktop agent data: active application name, window title, and idle/active time durations — no screenshots, no keystrokes, no screen content of any kind
• Communication data: messages, tasks, files, and other content you create within the Service
• Payment data: handled entirely by Paddle, our payment processor and Merchant of Record. We never see or store your full card number — Paddle passes us only the last 4 digits of your card and your billing address for our records
• Google Calendar data (optional): if you connect your Google account, we access calendar event details as described in §5 below. This connection is entirely optional and can be revoked at any time.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and improve the Service
• To send transactional communications (account confirmation, receipts, security alerts, and critical service updates)
• To personalise your in-product experience and surface relevant features within Zlyqor (we do not use your data, and in particular we do not use data received from Google APIs, for advertising, ad targeting, or building user profiles for advertising)
• To detect, prevent, and investigate abuse, fraud, and security incidents
• To comply with applicable legal obligations

AI and machine-learning use

We do not use data obtained from Google APIs (including Google Calendar) to develop, improve, or train generalized AI or machine-learning models — neither our own nor any third party's. Google Calendar data is never sent to any AI service.

Zlyqor's AI features (such as chat assistance, task and meeting summarization, and in-product writing help) are powered by third-party AI APIs operated by OpenAI, Anthropic, and Google (Gemini). When you use an AI feature, the relevant first-party content you have created inside Zlyqor (for example, the chat message, task, or meeting note you are working with) is sent to one of these providers solely to generate the requested response. These providers act as our sub-processors under Data Processing Agreements and are contractually prohibited under their standard API terms from training their models on data submitted through their APIs or from retaining that data beyond the short processing window required to return a response. We will never use your first-party content to train AI or machine-learning models — first-party or third-party — without your explicit, informed consent.

4. Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

• With service providers — including Cloudinary (media hosting), transactional email providers, Paddle (payment processing and Merchant of Record), and the third-party AI providers listed in §3 — under strict Data Processing Agreements that bind them to equivalent data protection standards
• With law enforcement or regulatory authorities when we are legally required to do so
• With a successor entity in the event of a merger, acquisition, or sale of assets — you will be notified before any such transfer occurs, and any data received from Google APIs will remain subject to the Limited Use commitments described in §5

5. Google Calendar Integration

Zlyqor offers an optional integration with Google Calendar. When you choose to connect your Google account, we request the following OAuth permission:

• Scope: https://www.googleapis.com/auth/calendar.events — allows Zlyqor to read, create, update, and delete events on your primary Google Calendar

What we access: event titles, start and end date-times, time zones, descriptions, locations, attendee names and email addresses, and event status (confirmed / tentative / cancelled).

How we use it: solely to display your calendar events in Zlyqor's My Plan view and to propagate any edits you make back to your Google Calendar. We do not use Google Calendar data for serving advertisements, for building user profiles for advertising, for any purpose unrelated to the user-facing calendar sync feature, or to develop, improve, or train generalized AI or machine-learning models. Google Calendar data is never sent to any third-party AI service (including OpenAI, Anthropic, or Google Gemini). The Google Calendar sync service and Zlyqor's AI features are independent code paths with no shared data flow.

Human access: no Zlyqor employee or contractor reads or otherwise accesses your Google Calendar data, except: (a) with your explicit consent (for example, when you contact support and ask us to look at a specific event), (b) where strictly necessary for security purposes such as investigating abuse or a suspected breach, (c) to comply with applicable law, or (d) when the data has been aggregated and de-identified for internal operations such as capacity planning.

Storage: we store a long-lived OAuth refresh token in our secured database so you do not need to re-authorise on every login. Short-lived access tokens are obtained on-demand and are never persisted. Google Calendar event data (titles, times, attendees, and locations) is cached in our database solely to power the My Plan view and enable team scheduling features. When you disconnect Google Calendar, you are given the choice to permanently delete all cached Google event data, or to keep it as local-only events inside Zlyqor. The OAuth refresh token is always deleted from our database immediately upon disconnection.

Sharing: your Google Calendar data is never sold, never shared with third-party advertisers, and never shared with any third-party AI service. It is processed only by the infrastructure sub-processors strictly necessary to operate the calendar sync feature (hosting and database providers bound by Data Processing Agreements).

Visibility within your organization: When you connect Google Calendar, event titles, dates, times, and attendee information are visible to other members of your Zlyqor workspace through collaboration features such as the My Plan view and team scheduling. This sharing happens within your organization only — it is never exposed to external parties or other organizations. You control which events are synced. To prevent others from seeing your events, disconnect Google Calendar from my plan → calendar → disconnect.

Revoking access: you can disconnect Google Calendar at any time from my plan → calendar → disconnect. This revokes our OAuth token at Google and removes your refresh token from our database. You can also revoke access directly at myaccount.google.com/permissions.

Zlyqor's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data Retention

We retain personal data for as long as your account is active. When you delete your account, your data is permanently purged within 30 days. Database backups are rotated on a 90-day cycle, so residual copies may persist in encrypted backups for up to 90 days after deletion. Audit logs are retained for 12 months for security purposes. Payment records are retained for 7 years to meet our legal obligations.

7. Your Rights (GDPR / CCPA)

Depending on your location, you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Rectification: ask us to correct inaccurate or incomplete data
• Erasure: request deletion of your personal data (subject to legal retention requirements)
• Portability: receive your data in a structured, machine-readable format (JSON or CSV)
• Withdraw consent: at any time, for processing based on consent
• Object: to processing carried out on the basis of legitimate interest

To exercise any of these rights, email privacy@zlyqor.com. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies to manage your session and protect against CSRF attacks. We also use optional, first-party analytics cookies to understand how the Service is used and to improve it. We do not use any third-party advertising or tracking cookies, and we do not include data received from Google APIs (including Google Calendar) in any analytics pipeline. You can disable optional analytics cookies in your browser settings or from your account preferences at any time.

9. Security

We use TLS 1.3 to encrypt all data in transit between your browser or desktop app and our servers. Data stored in our database is encrypted at rest using AES-256. Passwords are hashed using bcrypt with a cost factor of 12 and never stored in plaintext. For full technical details, see our Encryption & Security page.

10. Children's Privacy

Zlyqor is not directed at children under the age of 16 and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16 without verified parental consent, we will take immediate steps to delete that data. If you believe we may have collected data from a child, please contact us at privacy@zlyqor.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the date of the most recent revision. For material changes — such as new data uses or changes to your rights — we will notify you by email before the changes take effect. Your continued use of the Service after changes have been posted constitutes your acceptance of the updated Policy.