Zilpo AI
Last updated · 25 May 2026

Privacy Policy

This Privacy Policy explains how Zilpo AI ("Zilpo", "we", "our", "us") — operating from India under the brand name Zilpo AI — collects, uses, stores, and shares information when you use our website (thezilpo.com) and our product. This policy is written to be consistent with India's Digital Personal Data Protection Act, 2023 ("DPDP Act") and the EU GDPR for users in those regions.

1. What we collect

Account information

When you sign up, we collect your email address. We use email-based magic-link sign-in via Supabase, so we do not store passwords.

Business profile ("Brain")

You may voluntarily share information about your business — name, niche, customer description, brand voice, locations, competitors, and support channels. This is stored only to let Zilpo perform tasks on your behalf without re-asking each session.

Connected services

If you connect third-party services (e.g. Meta Ads, LinkedIn, Zoho CRM, Razorpay), we store the access tokens those services give us. Tokens are encrypted before being written to our database and decrypted only on the server when running a task you asked for. We do not store the underlying credentials (passwords) for any third-party service.

Usage data

We log the prompts you send to the AI, the actions Zilpo takes, and basic technical data (IP, user agent, timestamps) for security and abuse prevention.

Cookies

We use a session cookie set by Supabase to keep you signed in. We do not use third-party advertising or analytics cookies on the marketing site.

2. Why we collect it

  • To provide the service you signed up for.
  • To run AI tasks you request (sending prompts to our LLM provider on your behalf).
  • To operate connected services on your behalf (e.g. posting to LinkedIn when you ask us to).
  • To prevent abuse, fraud, and security incidents.
  • To comply with our legal obligations.

3. Who we share it with

We never sell your data. We share the minimum necessary data with the following categories of processors:

  • Infrastructure: Supabase (hosting database + auth), Vercel (hosting the web app), Cloudflare (DNS).
  • AI model providers: the prompts and context you send to Zilpo are forwarded to our AI model provider for inference. These providers process your input transiently and, per their published policies, do not use it to train their models.
  • Email: Resend (transactional email such as magic-link sign-in).
  • Connected services you authorize: when you ask Zilpo to perform an action on a connected service, we send the necessary data to that service to complete the action.
  • Legal disclosures: if required by a valid legal order from an Indian or other competent authority.

4. Where we store it

Personal data is stored on Supabase's ap-south-1 region (Mumbai, India). Backups may be encrypted and retained for up to 30 days.

5. Your rights

Under the DPDP Act and applicable laws you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated personal data.
  • Withdraw consent at any time.
  • Lodge a complaint with the Data Protection Board of India.

To exercise any of these rights, email team@thezilpo.com. We respond within 30 days.

6. Data retention

We keep your account and Brain data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required by law to retain certain records (e.g. transaction records for tax compliance).

7. Children

Zilpo is not for users under 18. We do not knowingly collect personal data from children. If you believe a child has registered, write to us at team@thezilpo.com and we will delete the account.

8. Grievance Officer (DPDP requirement)

Designation: Grievance Officer, Zilpo AI
Email: team@thezilpo.com
Postal address: Available on request at the email above.

9. Changes to this policy

We may update this policy. If we make material changes, we will notify you by email and post a notice on this page before the change takes effect.

10. Contact

Questions about this policy? Email team@thezilpo.com.

Zilpo AI is operated from India. Our legal entity details (proprietor name, registered address, MSME / Udyam registration number) are being formalised and will be added to this page when registration is complete. For any data-protection question in the meantime, write to team@thezilpo.com — we respond within one business day.