Zonko

Privacy Policy

Effective date: 3 December 2025

1. Who we are

This Privacy Policy describes how Zonko Labs Pvt Ltd, a company incorporated in India with its registered office in Mumbai, Maharashtra, India ("Zonko", "we", "us", "our"), collects, uses, discloses and protects personal data when you use:

  • the website located at zonko.ai and any subdomains;
  • our AI-native products, including design tools, AI assistants, AI-native social and any other applications, browser extensions or interfaces we release;
  • any other services that link to this Privacy Policy (collectively, the "Services").

For purposes of India's Digital Personal Data Protection Act, 2023 and the rules made thereunder, Zonko acts as a Data Fiduciary when it determines the purposes and means of processing personal data.

For purposes of the EU/UK General Data Protection Regulation ("GDPR"), Zonko acts as a data controller for the processing activities described in this Policy.

Contact email for privacy and data protection matters: founders@zonko.ai.

2. Scope

This Privacy Policy applies to personal data we process about:

  • visitors to our websites;
  • users of our Services, whether logged-in or not;
  • individuals who communicate with us, apply for roles, or interact with us in other ways (for example, via email, social media or events).

This Policy does not apply to information that cannot reasonably identify an individual (aggregated, anonymised or de-identified data).

3. Personal data we collect

Depending on how you interact with the Services, we may collect the following categories of personal data.

3.1 Data you provide directly

  • Account and profile data: name, username, display name, photo or avatar, email address, password or authentication credentials, bio, preferences, time zone.
  • Usage content and prompts: text prompts, messages, files, images, videos, designs, documents, code, feedback, instructions, and other content you input into or generate through the Services, and associated metadata.
  • Communications: emails, support requests, survey responses, feedback, bug reports, and other communications.
  • Payment and billing data (if and when paid plans are activated): billing name, billing address, partial payment card details tokenized via payment processors, transaction identifiers and related information.
  • Recruitment data: CVs, LinkedIn profiles, employment history, skills, references and any other information you choose to share when applying to work with us.

3.2 Data we collect automatically

When you use the Services, we may automatically collect:

  • Device and log data: IP address, browser type and version, operating system, device identifiers, language, time zone, referring and exit pages, clickstream data, pages viewed, date and time of access, session identifiers, and other standard server log information.
  • Usage analytics: feature usage, interaction events (clicks, taps, scrolls), time on page, navigation paths, content categories interacted with, frequency and recency of use, crash dumps, performance metrics.
  • Approximate location: derived from your IP address or system locale, at the city/region or country level.

3.3 Data from cookies and similar technologies

We use cookies, local storage, pixels, SDKs and similar technologies to:

  • authenticate users;
  • remember preferences;
  • understand usage patterns;
  • measure performance;
  • secure the Services;
  • support experiments and product improvements.

You can manage cookies through your browser settings. Blocking certain cookies may impact functionality.

3.4 Data from third parties

We may receive personal data from:

  • authentication providers (for example, if you log in with a third-party account);
  • payment processors and billing providers;
  • analytics and crash-reporting tools;
  • marketing and attribution tools;
  • social media platforms (if you interact with our accounts);
  • business partners and service providers;
  • publicly available sources.

The categories of data depend on what the third party chooses to share with us.

4. How we use personal data

We process personal data for purposes including:

1. Providing and operating the Services

  • Creating and managing accounts;
  • Processing prompts, files and other content to generate outputs and results;
  • Running AI models, workflows and features;
  • Providing collaboration and sharing features;
  • Providing support and responding to communications.

2. Improving and developing the Services

  • Monitoring and analysing usage and performance;
  • Debugging, fixing, and preventing errors;
  • Training, fine-tuning, evaluating and improving models, systems and features, including via human review, where legally permitted and consistent with this Policy;
  • Running experiments, A/B tests and new product explorations.

3. Safety, security and abuse prevention

  • Detecting and preventing fraud, abuse, security incidents and harmful behaviour;
  • Enforcing terms, policies and acceptable use restrictions;
  • Protecting the rights, property and safety of users, Zonko and others.

4. Legal and compliance

  • Complying with applicable laws, regulations and legal processes;
  • Responding to lawful requests from public authorities;
  • Establishing, exercising or defending legal claims.

5. Business operations

  • Billing, accounting, audit and internal administration;
  • Business intelligence and reporting;
  • Corporate transactions (for example, reorganisation, merger or acquisition).

6. Marketing and communication

  • Sending service-related communications;
  • Sending marketing communications where permitted by law;
  • Personalising content and communications.

5. Legal bases for processing (EEA/UK and similar jurisdictions)

Where GDPR or similar laws apply, we rely on one or more of the following legal bases for processing:

  • Performance of a contract: to provide and operate the Services you request.
  • Consent: for certain optional cookies, marketing communications and other processing as required.
  • Legitimate interests: to improve the Services, ensure security, prevent abuse, understand usage, and support business operations, provided these interests are not overridden by your rights.
  • Legal obligations: to comply with applicable laws, regulations and legal processes.

6. How we use AI and your data

The Services involve AI systems that generate content based on your inputs and other data. In connection with these systems, we may:

  • process your prompts, content, files and usage data to generate outputs;
  • temporarily store inputs and outputs for delivery, caching and safety checks;
  • log interactions for abuse monitoring, debugging and security;
  • use certain data (for example, de-identified or aggregated usage patterns) to improve models and features, where permitted by applicable law and this Policy.

If specific AI features offer additional choices (for example, toggles controlling whether your data is used to train models), those feature-specific controls will govern in case of conflict with this general description.

7. Sharing of personal data

We do not sell personal data. We may share personal data in the following circumstances:

1. Service providers and processors

With companies and individuals who provide services on our behalf, such as cloud hosting, data storage, AI model providers, analytics, logging, customer support, email delivery, payment processing and security. These providers may access personal data only to perform services for us under appropriate contractual safeguards.

2. Affiliates and group companies

With our current or future affiliates where necessary for provision, improvement, administration and support of the Services, subject to similar protections.

3. Third-party integrations

When you choose to connect the Services with third-party tools or platforms, we share data as necessary to enable that integration, under your direction or consent.

4. Legal and compliance

With governmental authorities, regulators, law enforcement or other parties where required by applicable law or in connection with legal processes, or where we believe disclosure is necessary to protect our rights, users or the public.

5. Business transfers

In connection with a merger, acquisition, reorganisation, sale of assets, or similar transaction involving Zonko, personal data may be transferred as part of that transaction, subject to this Privacy Policy or a comparable policy.

6. With your instruction or consent

With third parties where you instruct us to share or where you have consented to such sharing.

We may share aggregated or de-identified data that does not reasonably identify individuals without restriction.

8. International data transfers

Given the global nature of modern infrastructure and AI systems, your personal data may be processed in countries other than the country in which you are located.

Where required by law, we implement appropriate safeguards for international transfers, such as:

  • contractual protections consistent with applicable law (for example, standard contractual clauses where recognized);
  • transfer mechanisms and safeguards as may be specified by Indian law, including under the Digital Personal Data Protection Act, 2023 and rules.

The specifics of cross-border transfers may change as regulations evolve.

9. Data retention

We retain personal data:

  • for as long as necessary to fulfill the purposes described in this Privacy Policy;
  • for the duration required or permitted by applicable law;
  • for the limitation periods during which legal claims may be brought.

Criteria used to determine retention periods include: the nature of the data, the risks of retention, the purposes of processing, and legal requirements including obligations under Indian IT rules and DPDP-based regulations.

We may retain aggregated or de-identified information for longer.

10. Data security

We implement reasonable technical and organisational measures designed to protect personal data from unauthorised access, use, disclosure, alteration or destruction, consistent with Indian law requirements for "reasonable security practices and procedures" and international best practices.

No system is completely secure. The level of protection depends on the state of technology, implementation costs, the nature of the data, and associated risks.

11. Children

The Services are not intended for individuals under 18 years of age. Zonko does not knowingly collect personal data from such individuals. If we become aware that personal data of a minor has been collected in violation of applicable law, we will take appropriate steps, which may include deletion, subject to legal retention requirements and verifiable parental or guardian requests under relevant DPDP rules.

12. Your rights

Your rights depend on where you live and which laws apply.

12.1 Rights under Indian law

Subject to conditions and exceptions under the Digital Personal Data Protection Act, 2023 and applicable rules, Data Principals in India may have rights including:

  • right to access information about personal data processed;
  • right to correction and completion of inaccurate or incomplete personal data;
  • right to erasure of personal data in certain circumstances;
  • right to withdraw consent where processing is based on consent;
  • right to grievance redressal;
  • right to nominate another individual to exercise rights in certain situations.

12.2 Rights under GDPR and similar laws

Where GDPR or similar data protection laws apply, you may have rights including:

  • access to your personal data;
  • rectification of inaccurate data;
  • erasure ("right to be forgotten") in certain circumstances;
  • restriction of processing;
  • data portability;
  • objection to processing based on legitimate interests or direct marketing;
  • withdrawal of consent where processing is based on consent;
  • complaint to a supervisory authority.

12.3 Exercising your rights

Requests to exercise rights or raise grievances can be sent to: founders@zonko.ai.

We may need information to verify your identity and your relationship with Zonko before responding, and may decline certain requests where permitted by law.

13. Grievance officer and complaints

Zonko designates a Grievance Officer in accordance with Indian law.

Contact details for grievances and complaints related to personal data and this Privacy Policy:

Email: founders@zonko.ai

Subject line: "Attention: Grievance Officer – Data Protection"

Where applicable, you may also lodge complaints with the relevant data protection authority in your jurisdiction.

14. Third-party links and services

The Services may link to third-party websites, apps or services that are not controlled by Zonko. This Privacy Policy does not apply to such third parties. Their own terms and privacy policies govern their handling of personal data.

15. Changes to this Privacy Policy

We may modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. When we make changes, we will update the "Effective date" at the top. In cases where changes are material under applicable law, we will provide additional notice as required.

16. Contact

For any privacy-related communication:

Zonko Labs Pvt Ltd

Email: founders@zonko.ai