Privacy Policy
This Privacy Policy explains how Zeplyn ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our platform at zeplyn.in and admin.zeplyn.in.
1. Data We Collect
When you create an account and use Zeplyn, we collect the following categories of data:
- Account information: Your email address, company name, and plan type, collected at registration.
- Source files: PDFs, DOCX files, URLs, and text content you upload or submit as source material for content generation.
- Generated content logs: Records of the content Zeplyn has generated for you, including grounding scores and claim tags, so you can access your generation history.
- Usage data: Credit consumption, feature usage, login timestamps, and general platform activity.
- Billing data: Processed by our payment processor (Stripe). We do not store your card details directly.
2. How We Use Your Data
We use the data we collect strictly to:
- Provide and operate the Zeplyn content generation service.
- Process billing and generate GST-compliant invoices.
- Respond to support requests and account enquiries.
- Maintain platform security and detect abuse.
- Improve the product based on aggregated, anonymised usage patterns.
We do not sell your personal data to third parties, and we do not use your data for advertising purposes.
3. AI Processing Disclosure
To generate content, Zeplyn sends your source material and prompts to third-party AI providers:
- Anthropic (Claude): Used for content generation, completeness checking, and grounding verification.
- OpenAI (GPT Image 2): Used for image generation when you request a visual asset.
Your source material is sent to these providers solely to fulfil your generation request. It is never used to train their models, and is processed under each provider's enterprise data-handling terms, which prohibit retention for training purposes.
4. Data Storage
Zeplyn's infrastructure is hosted on Supabase, with primary data storage in the Mumbai (ap-south-1) region to keep Indian user data within India where possible. All data at rest is encrypted using AES-256. Data in transit is encrypted using TLS 1.2 or higher.
5. File Deletion Policy
Source files you upload (PDFs, DOCX, etc.) are processed to extract facts and are deleted from our storage immediately after extraction is complete. We do not retain your original uploaded files long-term. Extracted text snippets may be cached temporarily to avoid re-processing the same source, but raw files are not kept.
6. Your Rights (DPDP & GDPR)
Under India's Digital Personal Data Protection Act (DPDP) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the following rights:
- Right to Access: You may request a copy of the personal data we hold about you.
- Right to Deletion: You may request deletion of your account and associated personal data. We will process deletion requests within 14 business days. Some data may be retained for legal and billing compliance purposes.
- Right to Export: You may request an export of your generated content history and account data in a portable format.
- Right to Correction: You may correct inaccurate personal data through your account settings or by contacting us.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
To exercise any of these rights, contact us at privacy@zeplyn.in. We aim to respond to all privacy requests within 5 business days.
7. Cookie Policy
Zeplyn uses a minimal set of cookies to operate the platform. We do not use advertising or tracking cookies.
- Session cookies: Required for authentication. Expire when you close your browser or log out.
- Preference cookies: Store UI preferences such as your last selected plan or content format. These are not shared with third parties.
8. Data Sharing
We share data only with service providers necessary to operate Zeplyn: Anthropic and OpenAI (for AI processing, as described above), Supabase (hosting), and Stripe (billing). We do not sell, rent, or trade your data with any other party. We may disclose data if legally required to do so by a valid court order or regulatory request.
9. Data Retention
We retain account data for as long as your account is active. After account closure, we retain billing records for 7 years as required under Indian tax law, and delete all other personal data within 90 days unless a longer retention period is legally required.
10. Children's Privacy
Zeplyn is a B2B platform intended for use by professionals in the biotech and life sciences industry. We do not knowingly collect data from individuals under the age of 18.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact
For any privacy-related questions or to exercise your data rights, contact us at privacy@zeplyn.in.