Privacy Policy

Effective: June 1, 2026 · Last updated: June 1, 2026

1. Data We Collect

Account Data: When you sign up via email, Google, or GitHub, we store your email address, a hashed password (email signup only), and OAuth provider identifier (Google/GitHub). We do NOT see or store your Google or GitHub password.

Usage Data: We log API calls — model used, token counts, cost. We store IP addresses for rate limiting and fraud prevention (retained 72 hours).

Payment Data: USDT TRC-20 transactions via NOWPayments. We store order IDs, transaction hashes, and credited amounts. We NEVER receive or store your private keys or wallet seed phrases.

We do NOT collect: Real name, physical address, phone number, government ID, credit card numbers, or biometric data.

2. How We Use Data

Service Delivery: Your API key authenticates requests. Your prompt data is forwarded to upstream AI providers (OpenAI, Anthropic, Google, DeepSeek) to fulfill API calls. We do not log prompt or response content beyond token counts.

Billing: Token usage determines credit consumption. Payment records are retained for accounting.

Security: IP addresses are monitored for abuse (rate limiting, credential stuffing detection).

We do NOT: Sell your data. Train models on your data. Share your data with advertisers. Use your prompts for any purpose other than fulfilling your API request.

3. Third-Party Providers

Your API calls are routed to upstream model providers (OpenAI, Anthropic, Google, DeepSeek, Replicate). Each provider has its own privacy policy. We do not control how they handle your data. By using Zetta API, you also agree to those providers' terms.

Payment processing: NOWPayments (USDT). They receive your wallet address (public) and transaction amount. They do not receive your Zetta account credentials.

Authentication: Google OAuth and GitHub OAuth. We receive only your email and a unique identifier from these providers.

4. Data Retention

Account data: Retained while your account is active. Deleted within 30 days of account closure request.

Usage logs: Retained for 90 days (billing audit). Older logs are purged automatically.

IP logs: Retained for 72 hours (rate limiting).

Payment records: Retained for 7 years (legal requirement for financial records).

5. Your Rights

You may request at any time:

We respond within 14 business days. Identity verification may be required.

6. Cookies

We use a single session cookie for authentication (JWT token, 72h expiry). No tracking cookies. No third-party cookies. No advertising cookies.

7. Security

All traffic is encrypted via HTTPS (TLS 1.3). Passwords are hashed with SHA-256 + salt. API keys are stored hashed. We do not have access to your plaintext API key after initial generation. Webhook signatures are verified with HMAC-SHA512.

8. Children

Zetta API is not intended for users under 13. We do not knowingly collect data from children.

9. Changes

Material changes to this policy will be announced via email (if provided) and a notice on our website 14 days before taking effect.

10. Contact

Data Protection: privacy@zetta-api.com
Operator: Sellox C.A., Venezuela