Privacy Policy

Last updated: May 23, 2026

This Privacy Policy explains how the individual operator of Ziv ("Ziv," "we," "us") collects, uses, and shares personal data when you use useziv.com (the "Service"). The operator currently runs the Service as a sole proprietor; once incorporated, the data controller will be the new entity and this Policy will be updated. By using the Service, you agree to this Policy.

1. Data We Collect

Identity and account data. When you sign in we collect your email address and basic identity information from your chosen sign-in method (Google OAuth or email one-time code), handled by Clerk; we do not collect or store passwords. Conversation content. We store the messages you submit and the AI-generated replies, including any side chats you open, so you can return to past chats. Usage and analytics data. We collect behavioral analytics events plus technical data such as device/browser type, approximate location derived from IP, and timestamps. Billing data. For Ziv Plus, payment is handled by Stripe; we do not store full card numbers.

2. How We Use Your Data

We use personal data to: provide and maintain the Service (including generating replies and saving conversations); authenticate and secure your account; process payments and manage credit; understand and improve usage through analytics; detect and prevent abuse, fraud, and security incidents; communicate with you (sign-in codes, service notices, support); and comply with legal obligations. We do not train AI models on your conversation content — it is sent to our AI provider (Anthropic) solely to generate replies in real time. We may use aggregated or de-identified usage statistics (not your conversation text) to improve the Service. Where GDPR applies, our legal bases are contract performance, legitimate interests (security, analytics, improvement), legal obligation, and/or consent.

3. Third-Party Sub-Processors and Sharing

We share data with providers who process it on our behalf: Anthropic (AI replies — your messages), Clerk (auth — email, identity, session), Google (sign-in and analytics — identity, usage data, cookies), Vercel (app hosting), Render (backend hosting), Amazon Web Services / S3 (storage), and Stripe (payments). We do not sell your personal data. We may disclose data when required by law, to enforce our Terms, or to protect users; and as part of a merger, acquisition, or sale of assets.

4. Cookies and Analytics

We use Clerk session cookies (strictly necessary to keep you signed in) and Google Analytics (GA4) cookies (to measure usage). Because we accept EU/UK users, we present a cookie-consent banner that gates non-essential cookies: analytics cookies are not set until you consent, and you can change or withdraw consent at any time. Strictly necessary cookies are used without consent because the Service cannot function without them.

5. Data Retention

Account and conversation content — retained until you delete your account or the content, after which it is hard-deleted within 30 days. Analytics data — retained for 14 months. Minimal anti-abuse, anti-fraud, and security records — retained for 12 months even after account deletion, to the extent permitted or required by law.

6. Your Rights

You can access your conversations in the Service and delete your account at any time, which triggers a hard-delete (subject to the minimal retained records above). Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to processing, and to withdraw consent. California (CCPA/CPRA) residents have rights to know, delete, correct, and opt out of "sale"/"sharing" (we do not sell personal data). EU/UK/EEA (GDPR) individuals have the rights above and may complain to their local data-protection authority. To exercise a right, contact us at support@useziv.com.

7. Children

The Service is for adults 18 and older. We do not knowingly collect data from anyone under 18. If you believe someone under 18 has provided us data, contact us and we will delete it.

8. International Data Transfers

We and our sub-processors may process data in countries other than where you live, including the United States. Where required, we rely on appropriate safeguards (such as the EU Standard Contractual Clauses). By using the Service you understand your data may be transferred to and processed in these locations.

9. Security

We take reasonable technical and organizational measures to protect personal data, including encryption in transit, access controls, and reputable infrastructure providers. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will update the "Last updated" date and, where appropriate, notify you.

11. Contact

Questions or requests about this Policy or your data? Contact us at support@useziv.com. We accept EU/UK users but do not yet have an establishment there; appointing a GDPR Article 27 representative is a known deferred item.