1. Introduction
Zovik ("we," "us," "our") operates the Zovik web application and related services ("Service"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.
2. Information We Collect
We collect information in several ways:
- Authentication: Email address, hashed password, OAuth provider ID (if using SSO)
- Profile: First name, last name, bio, avatar image
- Content: Tasks, goals, habits, focus session notes, coaching messages
- Usage: API calls, feature usage, AI model invocations, timestamps
- Billing: Plan type, subscription status, Lemon Squeezy customer ID
- Technical: IP address, browser type, device type (via logs)
3. How We Use Your Information
- Provide and improve the Service
- Authenticate users and enforce access control
- Process AI requests (sent to Anthropic Claude API)
- Track usage for billing and feature limits
- Monitor for abuse and enforce Terms of Service
- Respond to support requests
- Send transactional emails (signup, billing, password reset)
4. Data Sharing & Third Parties
We share data with:
- Anthropic: Prompts + context sent to Claude API for AI features
- Lemon Squeezy: Customer ID, plan status for billing
- Supabase: All user data stored in their Postgres database + authentication
- Sentry: Error logs and performance traces (PII filtered)
We do not sell your data to third parties.
5. Data Retention
We retain your data for the duration of your account. After account deletion (see Section 8):
- Profile: Permanently deleted within 7 days
- Content: All tasks, goals, habits deleted immediately
- Usage Events: Deleted after 90 days (unless account is active)
- Deletion Requests: Archived for 30 days, then deleted
See Cookies Policy for cookie retention.
6. Your Rights (GDPR)
If you are in the EU, you have the right to:
- Access: Download a copy of all your data at /settings/account → Export Data
- Correction: Update your profile or content via the app
- Deletion: Request account deletion (see Section 8)
- Portability: Export your data as JSON
- Objection: Opt out of marketing emails (no unsubscribe link needed — we don't send them)
7. Security
We protect your data with:
- HTTPS encryption in transit (TLS 1.3)
- Row-level security (RLS) in Supabase — users can only access their own data
- Passwords hashed with bcrypt (never stored in plaintext)
- Session tokens stored only in HttpOnly cookies
- Regular security audits and monitoring via Sentry
No security system is 100% secure. If you discover a vulnerability, please report it privately to security@zovik.com.
8. Account Deletion
To delete your account and all associated data:
- Go to /settings → Account
- Click "Request Account Deletion"
- An admin will review your request within 24 hours
- Once approved, your data will be permanently deleted
This is irreversible. Your account and all content will be deleted.
9. Cookies
For details on cookies and how to manage them, see our Cookies Policy.
10. Contact Us
If you have questions about this Privacy Policy or how we handle your data, email us at:
privacy@zovik.com
11. Policy Changes
We may update this Privacy Policy. Changes take effect 30 days after posting. Continued use of the Service implies acceptance.
Last updated: 2026-07-04 | Terms of Service