Privacy Policy

1. Who We Are

Zlyqor is operated by Pristren. For the purposes of the General Data Protection Regulation (GDPR) and equivalent data protection legislation, Pristren acts as the Data Controller for all personal data processed through the Zlyqor platform. If you have any questions about how we handle your data, contact us at privacy@zlyqor.com.

2. Information We Collect

We collect the following categories of information:

• Account data: your name, email address, and password (stored as a bcrypt hash — never in plaintext)
• Usage data: features used, timestamps of actions, session duration, and error logs for debugging
• Desktop agent data: active application name, window title, and idle/active time durations — no screenshots, no keystrokes, no screen content of any kind
• Communication data: messages, tasks, files, and other content you create within the Service
• Payment data: handled entirely by our payment processor; we store only the last 4 digits of your card and your billing address for record-keeping
• Google Calendar data (optional): if you connect your Google account, we access calendar event details as described in §5 below. This connection is entirely optional and can be revoked at any time.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and improve the Service
• To send transactional communications (account confirmation, receipts, security alerts, and critical service updates)
• To personalise your experience and surface relevant features
• To detect, prevent, and investigate abuse, fraud, and security incidents
• To comply with applicable legal obligations

We will never use your data to train AI or machine learning models without your explicit, informed consent.

4. Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

• With service providers (hosting, email delivery, payment processing) under strict Data Processing Agreements that bind them to equivalent data protection standards
• With law enforcement or regulatory authorities when we are legally required to do so
• With a successor entity in the event of a merger, acquisition, or sale of assets — you will be notified before any such transfer occurs

5. Google Calendar Integration

Zlyqor offers an optional integration with Google Calendar. When you choose to connect your Google account, we request the following OAuth permission:

• Scope: https://www.googleapis.com/auth/calendar.events — allows Zlyqor to read, create, update, and delete events on your primary Google Calendar

What we access: event titles, start and end date-times, time zones, descriptions, locations, attendee names and email addresses, and event status (confirmed / tentative / cancelled).

How we use it: solely to display your calendar events in Zlyqor's My Plan view and to propagate any edits you make back to your Google Calendar. We do not use Google Calendar data for advertising, profiling, or to train any AI or machine-learning models.

Storage: we store a long-lived OAuth refresh token, encrypted at rest (AES-256), so you do not need to re-authorise on every login. Short-lived access tokens are obtained on-demand and are never persisted. Event data is fetched in real time from Google's servers and is not permanently stored in our database beyond what you explicitly create or edit through our interface.

Sharing: your Google Calendar data is never shared with third parties, sold, or used for any purpose beyond operating the calendar sync feature described above.

Visibility within your organization: When you connect Google Calendar, event titles, dates, times, and attendee information are visible to other members of your Zlyqor workspace through collaboration features such as the My Plan view and team scheduling. This sharing happens within your organization only — it is never exposed to external parties or other organizations. You control which events are synced. To prevent others from seeing your events, disconnect Google Calendar from my plan → calendar → disconnect.

Revoking access: you can disconnect Google Calendar at any time from my plan → calendar → disconnect. This revokes our OAuth token at Google and removes your refresh token from our database. You can also revoke access directly at myaccount.google.com/permissions.

Zlyqor's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data Retention

We retain personal data for as long as your account is active. When you delete your account, your data is permanently purged within 30 days. Database backups are rotated on a 90-day cycle, so residual copies may persist in encrypted backups for up to 90 days after deletion. Audit logs are retained for 12 months for security purposes. Payment records are retained for 7 years to meet our legal obligations.

7. Your Rights (GDPR / CCPA)

Depending on your location, you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Rectification: ask us to correct inaccurate or incomplete data
• Erasure: request deletion of your personal data (subject to legal retention requirements)
• Portability: receive your data in a structured, machine-readable format (JSON or CSV)
• Withdraw consent: at any time, for processing based on consent
• Object: to processing carried out on the basis of legitimate interest

To exercise any of these rights, email privacy@zlyqor.com. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies to manage your session and protect against CSRF attacks. We also use optional, first-party analytics cookies to understand how the Service is used and to improve it. We do not use any third-party advertising or tracking cookies. You can disable optional analytics cookies in your browser settings or from your account preferences at any time.

9. Security

We use TLS 1.3 to encrypt all data in transit between your browser or desktop app and our servers. Data stored in our database is encrypted at rest using AES-256. Passwords are hashed using bcrypt with a cost factor of 12 and never stored in plaintext. For full technical details, see our Encryption & Security page.

10. Children's Privacy

Zlyqor is not directed at children under the age of 16 and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16 without verified parental consent, we will take immediate steps to delete that data. If you believe we may have collected data from a child, please contact us at privacy@zlyqor.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the date of the most recent revision. For material changes — such as new data uses or changes to your rights — we will notify you by email before the changes take effect. Your continued use of the Service after changes have been posted constitutes your acceptance of the updated Policy.