Privacy Policy
Last updated: February 9, 2026 · Applies to all Zarai AI services
This Privacy Policy describes how Zarai AI ("we," "us," or "our"), operated by EchoAI Labs, collects, uses, and protects your information when you use our website at zarai.ai and our products and services (collectively, the "Services").
1. Information We Collect
1.1 Account Information (via Logto Authentication)
When you create an account, we collect:
- Email address — for account identification and communication
- Name (if provided) — for personalization
- Google OAuth profile data (if you sign in with Google) — name, email, and profile picture as authorized by you
Authentication is handled by Logto, an open-source identity platform. Your password is never stored in plain text.
1.2 Payment Information (via Stripe)
When you make a purchase or subscribe to a membership, payment is processed by Stripe. We do not store your credit card number, CVV, or full payment details on our servers. Stripe provides us with:
- Transaction confirmation and subscription status
- Last four digits of your card (for your reference)
- Billing email address
See Stripe's Privacy Policy for details on how they handle your payment data.
1.3 Analytics (via Umami)
We use Umami, a privacy-friendly, open-source analytics platform. Umami:
- Does not use cookies
- Does not collect personal data
- Does not track users across websites
- Collects only anonymized page views, referrers, browser type, and country
- Is fully GDPR, CCPA, and PECR compliant
1.4 Ad Generator Usage
When you use the AI Ad Generator, we process:
- The business details you enter (title, description, category, location, price)
- The tier/template selection
This data is used solely to generate your ad. We do not store generated ads permanently or use your input to train models.
1.5 Information We Do NOT Collect
- We do not use tracking cookies or third-party advertising trackers on zarai.ai
- We do not sell, rent, or trade your personal information
- We do not collect location data, contacts, or device identifiers from the website
2. How We Use Your Information
- Provide Services: Process your requests, generate ads, manage subscriptions
- Account Management: Authentication, password recovery, subscription billing
- Improve Services: Anonymized analytics to understand which features are used
- Communication: Service updates, security alerts, and (only if opted in) product announcements
- Legal Compliance: Meeting applicable legal obligations
3. Data Sharing
We share data only with the following service providers, solely for the purposes described:
- Logto (self-hosted) — Authentication and user management
- Stripe — Payment processing
- Umami (self-hosted) — Anonymous analytics
- Cloudflare — CDN, DDoS protection, and SSL
We do not sell your data to third parties. We may disclose information if required by law.
4. Data Retention
- Account Data: Retained as long as your account is active. Deleted within 30 days of account deletion request.
- Payment Records: Retained as required by tax and financial regulations (typically 7 years).
- Analytics Data: Anonymized and retained for up to 14 months.
- Generated Ads: Not stored permanently. Temporary processing only.
5. Data Security
We implement industry-standard security measures including:
- TLS/SSL encryption for all data in transit
- Cloudflare origin pull authentication
- Bcrypt password hashing (via Logto)
- Database encryption at rest
- Regular security updates and monitoring
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data
- Portability: Request your data in a portable format
- Objection: Object to certain processing of your data
To exercise any of these rights, contact us at [email protected].
7. Children's Privacy
Our Services are not directed at children under 13. We do not knowingly collect personal information from children under 13. If we discover such data has been collected, we will delete it promptly.
8. SuperVolume Max (Android App)
SuperVolume Max has its own privacy considerations as a mobile application:
- All audio processing occurs entirely on your device — no audio is ever transmitted to our servers
- The app uses Firebase for authentication, crash reporting, and analytics
- Free-tier users see ads via Google AdMob
For the full SuperVolume Max privacy policy (as required by Google Play), see the in-app privacy disclosure or contact us.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of our Services after changes constitutes acceptance.
10. Contact Us
If you have questions about this Privacy Policy or our data practices:
- Company: Zarai AI (EchoAI Labs)
- Email: [email protected]
- Website: https://zarai.ai