Privacy Policy

Last updated: May 2025

This Privacy Policy explains how ZONN.ai ("we", "our", or "us") collects, uses, shares, and protects information about you when you use our AI content detection platform at zonn.ai(the "Service"). By using ZONN.ai, you agree to the practices described in this policy.

Note

Using the ZONN Chrome extension? See the extension-specific privacy policy for a detailed breakdown of what the extension processes locally vs. sends to our servers.

1. Information We Collect

We collect information you provide directly, information generated as you use the Service, and limited technical data to operate and improve our platform.

Account Data

When you create an account using Google OAuth, we receive and store the following information from Google:

  • Email address (used as your unique account identifier)
  • Display name (shown on your public profile and community posts)
  • Profile avatar/photo URL (for display purposes)

We do not receive or store your Google account password. Authentication is handled entirely through Google's OAuth 2.0 flow via Supabase Auth.

Content Submitted for Analysis

When you use the ZONN.ai detection tool, you may submit text, images, or URLs for AI-generated content analysis. This content is processed server-side in real-time by our detection services. Submitted content is not permanently storedunless you explicitly choose to post your analysis result to the community feed (see the "Content You Submit for Analysis" section below for details).

Usage Data

We automatically collect certain information about how you interact with the Service, including:

  • Pages and features accessed, and the time spent on each
  • Actions taken (e.g., submitting content for analysis, voting, commenting)
  • Device type, operating system, and browser type
  • IP address and approximate geographic location (country/region level)
  • Referral source (e.g., how you arrived at the site)

This data is used to monitor service health, improve features, and ensure platform security. We do not build individual behavioral profiles for advertising purposes.

Cookies & Local Storage

ZONN.ai uses cookies and browser local storage for the following purposes:

  • Session tokens: Secure, HTTP-only cookies set by Supabase Auth to maintain your login session across page loads.
  • Onboarding state: A cookie storing your user ID to track whether you have completed the onboarding flow and prevent repeated prompts on shared devices.
  • UI preferences: Local storage values for display preferences such as theme or layout settings (where applicable).

We do not use third-party advertising cookies or cross-site tracking cookies.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Running AI content detection on your submitted text, images, and URLs; displaying analysis results; and operating the community feed.
  • Account management: Creating and maintaining your account, linking your Google identity, and displaying your profile information within the community.
  • Community features: Enabling posts, votes, and comments associated with your account.
  • Security & integrity: Detecting and preventing abuse, fraud, spam, and violations of our Terms of Service; applying rate limiting to protect the platform.
  • Service improvements: Analyzing aggregated usage patterns to improve detection accuracy, user experience, and platform reliability.
  • Communication: Sending essential service-related notifications (e.g., security alerts). We do not send marketing emails.

3. Content You Submit for Analysis

Understanding how your submitted content is handled is important to us. Here is a clear breakdown:

Real-time Processing (Private)

When you submit text, an image, or a URL through the detection tool or browser extension, your content is sent to our servers and processed in real-time by our detection services (running on Hetzner infrastructure in the EU). The analysis result is returned to you immediately. The content itself and its analysis result are not permanently stored in our database when used as a private, one-time analysis.

Community Posts (Public)

If you choose to share your analysis result to the ZONN.ai community feed, the following data is stored in our database and becomes publicly visible:

  • Your display name and avatar (linked to your account)
  • The post title and optional description you provide
  • The analysis result (detection scores, band label, detector breakdown)
  • Metadata such as content type (text/image/URL) and submission timestamp

Community posts are publicly accessible to all visitors. Any votes or comments added to your post are also stored and publicly visible. You may request deletion of your posts by contacting us at contact@zonn.ai.

Browser Extension

The ZONN.ai browser extension communicates exclusively with the ZONN.ai API (zonn.ai/api/...) to perform content analysis. The extension does not send data to any third-party services and does not store content locally beyond your active browser session. The same data handling rules described above apply to content analyzed via the extension.

4. Data Sharing & Third Parties

We do not sell your personal data to third parties. We work with the following service providers to operate ZONN.ai:

Supabase

Supabase provides our database (PostgreSQL) and authentication services. Your account data (email, display name, avatar), community posts, votes, and comments are stored in a Supabase-managed PostgreSQL database. Supabase processes data in accordance with their own privacy policy and data processing agreements. Data is stored in the EU region.

HuggingFace

ZONN.ai uses AI models published on HuggingFace (under the zonn-ai organization). These models are downloaded and run entirely on our own Hetzner servers. No user-submitted content is ever sent to HuggingFace. Model inference is performed locally on our infrastructure using ONNX Runtime and Python FastAPI services. HuggingFace only provides model weights storage, not inference infrastructure.

Hetzner

Our servers, detection services, and application are hosted on Hetzner Cloud infrastructure located in Germany (EU). Hetzner acts as a data processor and does not access your personal data except as required for server operation and maintenance. Hetzner complies with EU data protection standards.

Cloudflare

Cloudflare manages our DNS and domain registration for zonn.ai. As DNS provider, Cloudflare may process connection metadata (IP addresses, request times) as part of DNS resolution. Cloudflare has its own privacy policy and acts as a data processor under applicable data protection law.

Legal Disclosures

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of ZONN.ai, our users, or the public.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service:

  • Account data (email, display name, avatar): Retained for the lifetime of your account. Deleted upon account deletion request.
  • Community posts: Retained until you delete them or request account deletion. Publicly visible while active.
  • Votes & comments: Retained while the associated post exists. Deleted when the post is deleted or upon account deletion.
  • Analysis content (private, non-posted): Not stored permanently. Exists in server memory only for the duration of request processing (seconds).
  • Server logs: Retained for up to 30 days for security and debugging purposes, then automatically deleted.
  • Session tokens: Expire according to Supabase Auth session configuration (typically 1 hour, refreshed automatically while active).

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users regardless of jurisdiction.

Access

You have the right to request a copy of the personal data we hold about you, including your account information and any community content you have posted.

Correction

You may update your display name and profile information via your account settings. For email changes, contact us at contact@zonn.ai.

Deletion (Right to Be Forgotten)

You may request deletion of your account and all associated personal data at any time by emailing contact@zonn.ai. We will process deletion requests within 30 days. Note that anonymized or aggregated data that cannot be traced back to you may be retained for analytical purposes.

Portability

Upon request, we will provide your personal data in a structured, machine-readable format (JSON) so you can transfer it to another service.

Objection & Restriction

You may object to or request restriction of certain processing activities. We will evaluate such requests and respond within 30 days. Where processing is based on legitimate interest, we will balance your rights against our operational needs.

CCPA Rights (California Residents)

California residents have the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at contact@zonn.ai.

To exercise any of these rights, please email us at contact@zonn.ai. We may need to verify your identity before processing requests. We will not discriminate against you for exercising your privacy rights.

7. Children's Privacy

ZONN.ai is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has created an account or provided personal information to us, please contact us immediately at contact@zonn.ai. We will promptly delete the account and any associated data upon verification.

Users between 13 and 18 should review this policy with a parent or guardian before using the Service.

8. Security Measures

We take the security of your data seriously and implement the following measures to protect it:

  • Encryption in transit: All communication between your browser and our servers is encrypted using TLS (HTTPS). API communications between services use encrypted channels.
  • Encryption at rest: Database storage is encrypted at rest by Supabase and Hetzner infrastructure defaults.
  • Authentication security: We use secure, HTTP-only session cookies and delegate authentication entirely to Supabase Auth with Google OAuth. We never store passwords.
  • Row-Level Security (RLS): Our database enforces row-level security policies to ensure users can only access their own data.
  • Rate limiting: API endpoints are protected by rate limiting (backed by Redis) to prevent abuse and denial-of-service attacks.
  • Server isolation: AI detection services run in isolated containers. User-submitted content is processed in memory and never written to persistent storage for private analyses.
  • Principle of least privilege: Service-to-service communication uses scoped credentials. The Supabase service role key is never exposed to client-side code.

While we implement these safeguards, no system is completely secure. If you discover a security vulnerability, please disclose it responsibly to contact@zonn.ai.

9. International Data Transfers

ZONN.ai operates primarily from servers located in Germany (EU) via Hetzner Cloud. Your data is stored and processed within the European Union. If you access the Service from outside the EU, your data will be transferred to and processed in the EU.

For users in the European Economic Area (EEA), data transfers are governed by EU data protection law. Where data is processed by third-party providers (e.g., Supabase) that may operate across regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms as required by applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. For significant changes, we may provide additional notice (e.g., a notice on the platform the next time you log in). Your continued use of ZONN.ai after any changes take effect constitutes your acceptance of the updated policy.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

  • Email: contact@zonn.ai
  • Platform: zonn.ai

We aim to respond to all privacy-related inquiries within 14 business days. For data deletion or access requests, please allow up to 30 days for processing.