Privacy Policy

Information you provide directly:

• Email address — collected when you create an account, subscribe to our newsletter, or contact us
• Payment information — billing details are collected and processed by Paddle; we do not store your full card number or payment credentials
• Account profile — name and profile photo if provided through your sign-in provider (Google, email)

Information collected automatically:

• Usage data — pages visited, tools viewed, search queries, comparison pages accessed, time spent on pages
• Device and browser data — IP address, browser type, operating system, referring URLs, and device identifiers
• Saved tools and preferences — tools you save, filters you apply, and subscription plan status

We use the information we collect to:

• Provide, operate, and improve the Service
• Process your subscription and manage your account
• Send you the weekly tools digest (if you subscribed) and transactional emails such as receipts and account notifications
• Respond to your inquiries and support requests
• Analyze usage patterns to improve the user experience and editorial content
• Detect, investigate, and prevent fraudulent transactions and abuse
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data to serve you targeted advertising from ad networks.

We use cookies and similar tracking technologies to operate and improve the Service:

• Essential cookies — required for authentication, session management, and security. These cannot be disabled without breaking the Service.
• Analytics cookies — used to understand aggregate usage patterns. We use privacy-respecting analytics and do not share individual-level data.
• Preference cookies — store your filter selections, saved view preferences, and similar UI settings.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service. We do not use third-party advertising cookies or cross-site tracking pixels.

We work with the following third-party services to operate ZorroUI. Each has its own privacy policy governing their data practices:

• Supabase — database and backend infrastructure. Stores your account data, tool preferences, and subscription records. supabase.com/privacy
• Clerk — user authentication and identity management. Handles sign-in, sign-up, and session management. clerk.com/privacy
• Paddle — payment processing and subscription management. Acts as the merchant of record for Pro plan billing. paddle.com/privacy
• Resend — transactional email delivery. Used to send weekly digests, receipts, and account notifications. resend.com/privacy
• Anthropic — AI platform used to generate tool summaries and review content. Content generation is server-side; your personal data is not sent to Anthropic. anthropic.com/privacy
• Vercel — hosting and deployment platform. Server logs and performance data are processed by Vercel. vercel.com/legal/privacy-policy

We retain your personal data for as long as your account is active or as needed to provide the Service:

• Account data — retained until you delete your account
• Email newsletter subscriptions — retained until you unsubscribe
• Payment records — retained for 7 years to comply with financial and tax regulations
• Usage logs — aggregated usage data is retained indefinitely; individually identifiable logs are deleted after 90 days

To delete your account and request removal of your personal data, email privacy@zorroui.com. We will process deletion requests within 30 days, subject to legal retention requirements.

If you are located in the European Economic Area (EEA), United Kingdom, or a jurisdiction with comparable privacy laws, you have the following rights with respect to your personal data:

• Right of access — you can request a copy of the personal data we hold about you
• Right to rectification — you can request correction of inaccurate or incomplete data
• Right to erasure — you can request deletion of your personal data in certain circumstances
• Right to restriction — you can request that we limit how we use your data in certain circumstances
• Right to data portability — you can request a machine-readable copy of your data
• Right to object — you can object to processing of your data for certain purposes, including direct marketing
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email privacy@zorroui.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

We take reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encrypted data transmission via HTTPS/TLS
• Database-level access controls and Row Level Security (RLS) through Supabase
• API keys and secrets stored as environment variables, never in source code
• Secure authentication managed by Clerk with industry-standard session handling

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by law.

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@zorroui.com and we will promptly delete that information.

Users between 13 and 18 years of age should review this policy with a parent or guardian before using the Service.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes that affect how we process your personal data, we will notify you by email (at the address associated with your account) at least 14 days before the changes take effect.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy. If you do not agree with the changes, you should stop using the Service and delete your account.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@zorroui.com

Website: zorroui.com