Skip to main content
Zeyn
Get Early Access

Zeyn – Privacy Policy (EN)

Effective date:
14 September 2025
Last updated:
14 September 2025

1) Who we are (Controller)

Controller: RAFAŁ PIEKARA (sole proprietor, CEIDG)
NIP: 8733262929 · EU VAT: PL8733262929 · REGON: 367682802
Registered office: 106b Jodłówka-Wałki, 33-150, Małopolskie, Poland
Privacy contact: rafal@piekara.me (Owner & privacy contact)
Data Protection Officer: Not appointed.

This Policy explains how we handle personal data when you use Zeyn (the desktop editor), our website zeyn.ink, and related services now and in the future (e.g., cloud sync, mobile app, AI features).

2) Scope & Services Covered

  • Apps & sites: Zeyn desktop app; website zeyn.ink.
  • User touchpoints: waitlist/newsletter, contact email, feedback & feature-request forms, and payments.
  • Planned features: Google sign-in; cloud storage/sync (Supabase + Cloudflare); mobile app; AI-powered assist.
  • Territory: Service offered worldwide except Russia and Israel.
  • Audience/age: B2C (individual writers). Minimum age 16.

3) Data We Process (by context)

A. Desktop app (current v1: local-first)

  • Stored locally on your device: manuscripts/chapters/notes, project structure, stats/history (word/character counts), editor settings, caches. Stored in SQLite, local storage, and Markdown files.
  • By default, this content does not leave your device unless you enable sync, use AI features, or share/export.

B. Telemetry & crash reports (app)

  • Vendors: PostHog (product analytics) and Sentry (errors/crashes), cloud-hosted by the vendors.
  • Typical data: app version, OS/device info, timestamps, feature usage/events, pseudonymous IDs (e.g., device/install/license IDs), IP (may be collected by vendors), crash stack traces and breadcrumbs.
  • We do not need your writing content for telemetry. We aim to avoid sending file names/paths or content in analytics/crash logs.
  • Default & controls: telemetry is enabled by default; an in-app toggle lets you opt out where feasible.
  • Retention: kept per vendor defaults (and our settings) for monitoring and security; see vendor privacy notices.

C. Cloud sync & storage (planned / opt-in)

  • What may sync: manuscripts/chapters/notes, stats/history, settings, attachments, backups/exports, account profile, license/usage data needed to operate sync/AI.
  • Regions: data-at-rest hosted in the EU (Supabase, Cloudflare; potential admin Postgres app also in the EU).
  • Backups: routine cloud backups kept 30 days.
  • Deletion: account/content deletion available in-app; 30-day rollback by default; immediate delete option removes data without rollback.

D. AI features (planned / optional)

  • Providers: OpenAI, Google, Anthropic, DeepSeek, Qwen, ElevenLabs (text/voice where applicable).
  • What we send: your prompt and selected context (e.g., a chapter or fragment you choose). We do not send the whole novel unless you explicitly choose to.
  • Model training: we do not allow third-party providers to train their models on your content.
  • Improving Zeyn: we may store prompts and outputs to improve Zeyn’s features (quality, safety, context-building). Enabled by default with an in-app opt-out.
  • Retention: we keep AI prompts/outputs for as long as your account exists (or until you delete them or opt out); providers may retain logs per their policies.
  • Redaction: we aim to avoid sending personal data; you control what content is shared with AI.

E. Website & marketing

  • Analytics & A/B testing: Google Analytics 4, PostHog, A/B tests; Meta Pixel for ads/retargeting.
  • Cookies/consent: We use a consent banner in the EU to manage analytics/ads cookies.
  • Email marketing (ActiveCampaign): waitlist/newsletters use double opt-in; we track opens and clicks.
  • Transactional emails (MailerSend): e.g., sign-ups, purchase receipts, service alerts, release notes.

F. Payments & billing

  • Processor: EasyCart using Stripe “under the hood.” We never see full card details.
  • Checkout data: email, name, billing address, company name, VAT ID, country, purchase details.
  • What we store: Stripe/EasyCart customer IDs, subscription/plan status, invoice IDs and metadata, VAT country, refund history (and possibly last-4/brand/expiry tokens if provided by Stripe).
  • Retention: accounting records kept 5 years from the end of the tax year (or longer if law requires).

G. Support & forms

  • Tools: Typeform, Notion, and in-app forms.
  • Data: contact details (email/name), message content, attachments; used to respond and improve the service.

4) Purposes & Legal Bases (GDPR)

  • Provide the Service (editor, sync, AI at your request): Art. 6(1)(b) contract.
  • Telemetry & security (fraud/abuse prevention, reliability, troubleshooting): Art. 6(1)(f) legitimate interest.
  • Improving Zeyn via AI prompts/outputs (opt-out): Art. 6(1)(f).
  • Analytics/A-B tests/ads (cookies/pixels): Art. 6(1)(a) consent.
  • Newsletter/waitlist: Art. 6(1)(a) consent.
  • Transactional emails: Art. 6(1)(b) contract.
  • Payments/taxes/accounting: Art. 6(1)(c) legal obligation.
  • Claims/rights: Art. 6(1)(f).

Special-category data: We discourage storing sensitive content in cloud/AI. If you process it, ensure a valid basis (e.g., explicit consent — Art. 9(2)(a)). You can remain local-first, disable sync, and avoid sending such content to AI.

5) Cookies and online tracking

We use necessary cookies (site/forms operation) and — with consent — analytics/advertising (GA4, PostHog, Meta Pixel) and A/B testing tools. In the EU/EEA, a consent banner lets you accept/reject categories. You can unsubscribe from emails at any time.

6) Recipients / Processors

We use processors handling data on our behalf (DPAs/SCCs where needed):
Supabase, Cloudflare, Hetzner, DigitalOcean; PostHog, Sentry; OpenAI, Anthropic, Google, DeepSeek, Qwen, ElevenLabs; ActiveCampaign, MailerSend; EasyCart/Stripe; Typeform, Notion.

7) International transfers

For transfers outside the EEA, we use Standard Contractual Clauses (SCCs) and appropriate supplementary measures.

8) Security

  • Cloud: encryption in transit and at rest with server-side managed keys (not zero-knowledge/E2EE).
  • Local: files are not encrypted by Zeyn — secure your device (disk encryption, password, backups).
  • Access: limited to owner/authorized team (support, diagnostics, compliance, legal requirements).
  • Backups: 30 days.

9) Retention periods

  • Local files: until you delete them.
  • Account/cloud: while active; after deletion request 30 days rollback, or immediate deletion.
  • AI prompts/outputs: as long as the account exists (or until opt-out/deletion).
  • Telemetry: per vendor defaults.
  • Marketing: until you unsubscribe or the list is closed.
  • Payments/accounting: 5 years from end of tax year (or longer if required by law).

10) Your rights (GDPR)

You have the right to access, rectification, erasure, restriction, portability, and object to processing based on legitimate interests (including telemetry/improving Zeyn). Where processing relies on consent (cookies, newsletter), you may withdraw at any time.
Requests: rafal@piekara.me. You may also lodge a complaint with your supervisory authority.

11) Children

The Service is not directed to individuals under 16.

12) Territorial availability

The service is not offered in Russia or Israel.

13) Automated decisions

We do not make decisions producing legal effects solely based on automated processing.

14) Changes to this Policy

We may update this document — we will publish a new “Last updated” date and, for material changes, notify you in-app or via email.

15) Contact

Questions/requests: rafal@piekara.me
Controller: RAFAŁ PIEKARA, 106b Jodłówka-Wałki, 33-150, Małopolskie, Poland