Privacy Policy

Last updated: April 27, 2026

This Privacy Policy explains what data ZoloCreate collects, why we collect it, and what your rights are. Plain language, no dark patterns.

TL;DR — we store the minimum we need to run the IDE: your account, your projects, your chat history, and usage metering. We don't sell your data and we don't run third-party ads.

1. What we collect

Account data — username, email, hashed password, avatar, display name, bio, Google ID (if you sign in with Google), account type (personal / student), and timestamps.
Project data — files, folders, and project metadata you create inside the IDE. Stored in our database and (best-effort) on disk in your user folder.
ZoloAI chats — the messages you send to ZoloAI and the replies you receive, plus token counts for metering.
Usage metering — credits used per day, total lifetime spend in USD, last login, IP only during auth (not stored long-term).
Billing (Pro users) — Stripe customer ID and subscription status. We do not store your card number; Stripe does that.

2. How we use it

To run the IDE — save/load files, render your preview, display your chat history.
To meter AI usage fairly and enforce the lifetime spend cap.
To detect abuse and keep the platform safe.
To send transactional emails if you opt into them (account, billing, security). We do not send marketing spam.

3. Who we share it with

Anthropic — the AI provider that powers ZoloAI. Your prompts and files-in-context are sent to them to generate replies, subject to their own policies.
Stripe — for Pro subscription billing.
Google — only if you sign in with Google, and only the sign-in token.
Our hosting provider — infrastructure only; they do not access your content.

We do not sell your personal data to anyone, ever.

4. ZoloAI & your code

When you use ZoloAI, we send the AI provider:

Your message,
A limited slice of your project files (filename list and the active file content) for context,
System prompts that identify the session.

We do not train any AI model on your code. The provider's retention and training policies apply to what we send them; see Anthropic's policy for details.

5. Cookies

We use a session cookie to keep you logged in, and localStorage to cache your projects locally for a faster IDE. We do not use third-party tracking cookies or advertising pixels.

6. Children's privacy

ZoloCreate is not directed at children under 13. Student accounts (detected via school email) require that a parent or guardian has approved their use. We do not knowingly collect data from children under 13; if you believe we have, contact us and we will delete it.

7. Your rights

Access — request a copy of your data.
Correction — fix inaccurate data via your profile settings.
Deletion — delete your account from the IDE, or email us. We keep minimal billing records required by law.
Portability — download your projects as a ZIP at any time from the IDE.

8. Retention

We keep account data and project files for as long as your account is active. Deleted projects are hard-deleted after a short grace period. Chat history older than 12 months may be auto-pruned unless you opt in to keep it.

9. Security

Passwords are hashed with bcrypt. Sessions run over HTTPS. Database access is restricted to the application. No system is ever perfectly secure, but we treat security as a first-class concern.

10. Changes

Material changes will be posted here and flagged in the app. The "Last updated" date reflects the most recent revision.

11. Contact

Privacy questions: zolocreatesupport@gmail.com.