← Back to Home

Privacy Policy

Last updated: February 28, 2026

1. Introduction

Zib (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered knowledge management platform (“the Service”). By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

Account Information: When you register, we collect your email address, username, and password (stored as a salted bcrypt hash). If you sign in via Google or Apple, we receive your name and email from the provider. We never receive or store your social sign-in passwords.

Your Content: Files you upload (documents, images, code, etc.), collections you create, memories you save, and chat messages with the AI agent. This content is stored on our servers to provide the Service.

Usage Data: We collect server logs including IP addresses, request timestamps, and feature usage patterns for security, performance monitoring, and debugging. We also track storage usage, AI token consumption, and API request counts for plan enforcement.

Payment Information: Payment processing is handled entirely by Stripe, Inc. We do not store credit card numbers, bank account details, or other payment credentials on our servers. We only store your Stripe customer ID and subscription ID for billing management.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process and store your files, generate AI embeddings, and enable semantic search
  • Operate the AI agent (playground) and MCP API integration
  • Manage your account, enforce plan limits, and process payments
  • Send transactional communications (account verification, password reset, billing notifications)
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations

4. AI Processing and Third-Party Providers

To provide AI-powered features, Your Content may be processed by third-party AI services including:

  • Google (Gemini API): For AI agent conversations, text generation, and content analysis
  • OpenAI: For optional AI agent model selection (when configured by user)
  • Embedding models: For generating semantic search embeddings from your text and image content

When your content is sent to these providers, it is transmitted securely via encrypted connections. These providers process data according to their own privacy policies and data processing agreements. We do not send your content to AI providers for purposes other than fulfilling your direct feature requests.

5. Data Storage and Security

Your data is stored on secure servers with encryption at rest and in transit. We implement industry-standard security measures including: encrypted passwords (bcrypt with salt rounds), HTTPS/TLS for all communications, secure API key generation and hashing, and access controls that restrict data access to authorized users only. Despite these measures, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or Your Content. We may share information only in the following circumstances:

  • With your consent: When you share files or collections with other users
  • Service providers: With trusted third parties who assist in operating the Service (Stripe for payments, AI providers for processing), bound by confidentiality obligations
  • Legal requirements: When required by law, subpoena, or other legal process, or to protect our rights, property, or safety
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users

7. Data Retention

We retain your account information and content for as long as your account is active. When you delete your account, it enters a 30-day deactivation period during which you may reactivate it. After 30 days, all your data — including files, collections, memories, embeddings, chat history, API keys, and account information — is permanently and irreversibly deleted from our systems. Server logs are retained for up to 90 days for security and debugging purposes.

8. Your Rights and Choices

You have the following rights regarding your data:

  • Access: You can view and download your files and data at any time through the Service
  • Correction: You can update your account information (email, username) through Settings
  • Deletion: You can delete individual files, memories, and collections at any time, or close your entire account
  • Portability: You can download your files from the Service at any time
  • Restriction: You can revoke MCP API keys to restrict AI access to your data

For GDPR, CCPA, or other regional privacy rights requests, please contact us at [email protected].

9. Cookies and Tracking

The Service uses essential cookies and local storage for authentication (JWT tokens) and user preferences. We do not use third-party advertising cookies or tracking pixels. We do not participate in cross-site tracking or ad networks.

10. Children’s Privacy

The Service is not intended for users under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we learn that we have collected information from a child under the applicable age, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to these countries. We take steps to ensure your data is treated securely and in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. We encourage you to review this page periodically for the latest information on our privacy practices.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at [email protected].