Effective: June 1, 2026 · Last updated: June 1, 2026
Account Data: When you sign up via email, Google, or GitHub, we store your email address, a hashed password (email signup only), and OAuth provider identifier (Google/GitHub). We do NOT see or store your Google or GitHub password.
Usage Data: We log API calls — model used, token counts, cost. We store IP addresses for rate limiting and fraud prevention (retained 72 hours).
Payment Data: USDT TRC-20 transactions via NOWPayments. We store order IDs, transaction hashes, and credited amounts. We NEVER receive or store your private keys or wallet seed phrases.
We do NOT collect: Real name, physical address, phone number, government ID, credit card numbers, or biometric data.
Service Delivery: Your API key authenticates requests. Your prompt data is forwarded to upstream AI providers (OpenAI, Anthropic, Google, DeepSeek) to fulfill API calls. We do not log prompt or response content beyond token counts.
Billing: Token usage determines credit consumption. Payment records are retained for accounting.
Security: IP addresses are monitored for abuse (rate limiting, credential stuffing detection).
We do NOT: Sell your data. Train models on your data. Share your data with advertisers. Use your prompts for any purpose other than fulfilling your API request.
Your API calls are routed to upstream model providers (OpenAI, Anthropic, Google, DeepSeek, Replicate). Each provider has its own privacy policy. We do not control how they handle your data. By using Zetta API, you also agree to those providers' terms.
Payment processing: NOWPayments (USDT). They receive your wallet address (public) and transaction amount. They do not receive your Zetta account credentials.
Authentication: Google OAuth and GitHub OAuth. We receive only your email and a unique identifier from these providers.
Account data: Retained while your account is active. Deleted within 30 days of account closure request.
Usage logs: Retained for 90 days (billing audit). Older logs are purged automatically.
IP logs: Retained for 72 hours (rate limiting).
Payment records: Retained for 7 years (legal requirement for financial records).
You may request at any time:
We respond within 14 business days. Identity verification may be required.
We use a single session cookie for authentication (JWT token, 72h expiry). No tracking cookies. No third-party cookies. No advertising cookies.
All traffic is encrypted via HTTPS (TLS 1.3). Passwords are hashed with SHA-256 + salt. API keys are stored hashed. We do not have access to your plaintext API key after initial generation. Webhook signatures are verified with HMAC-SHA512.
Zetta API is not intended for users under 13. We do not knowingly collect data from children.
Material changes to this policy will be announced via email (if provided) and a notice on our website 14 days before taking effect.
Data Protection: privacy@zetta-api.com
Operator: Sellox C.A., Venezuela