Zyloozyloo.io
Legal

Privacy Policy.

We treat your data the way we'd want ours treated — collect the minimum, store it only when needed, and let you take it back at any time.

Introduction

Zyloo Labs (“Zyloo”, “we”, “us”) operates a unified API gateway for third-party AI models. This policy explains what personal data we handle when you sign up, browse our site, or send requests through the API.

If anything below is unclear, write to us at privacy@zyloo.io and we will respond within seven days.

What we collect

We only collect what we need to run the service:

  • Account information — name and email from your Google sign-in.
  • Usage metadata — request timestamps, model id, token counts, latency and HTTP status. We do not log prompt or completion content by default.
  • Technical data — IP address, user agent and referrer, used for fraud prevention and rate limiting.

How we use it

  • Operate, secure and improve the API gateway.
  • Bill you for the tokens you consume and prevent abuse.
  • Notify you about service-critical events such as outages or pricing changes.
  • Comply with legal obligations and respond to lawful requests.

We do not sell, rent or share your personal data with advertisers. We do not use your prompts or completions to train models — ours or anyone else's.

Data retention

  • Request payloads (prompt + completion) — not stored. Discarded as soon as the response is sent.
  • Request metadata — kept for 30 days for analytics, then aggregated and the raw rows deleted.
  • Account and billing records — kept for the lifetime of the account, plus the period required by tax law.

Enterprise customers can opt into custom data residency and shorter retention windows from the dashboard.

Third-party providers

When you call a model, we forward the request to the upstream provider you selected (OpenAI, Anthropic, Google, xAI, DeepSeek, Moonshot or Zhipu). Each provider has its own privacy policy that governs the request once it leaves our infrastructure. We negotiate zero-retention enterprise terms with every provider where they offer them.

Sharing

We share personal data only with:

  • Sub-processors that operate the service (cloud hosting, email, error tracking).
  • Legal or regulatory bodies when compelled by a valid legal process.
  • An acquirer in the unlikely event of a merger or acquisition, under equivalent privacy commitments.

Security

Data in transit is protected by TLS 1.3. Data at rest is encrypted with AES-256. We follow SOC 2 Type II controls, run continuous vulnerability scanning, and require hardware keys for production access. Despite our efforts, no system is invulnerable — if we discover a breach affecting you we will notify you without undue delay.

Your rights

Depending on where you live, you may have the right to access, correct, export, restrict or delete the personal data we hold about you. You can exercise most of these rights directly from the dashboard. For anything else, email privacy@zyloo.io.

Cookies

We use a small number of strictly necessary cookies for authentication and load balancing. We do not use third-party advertising cookies. You can disable cookies in your browser, but core features such as signing in will stop working.

Children

Zyloo is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided personal information, contact us and we will delete it.

Changes to this policy

When we make material changes we will post the new policy here and notify active users by email. Your continued use of the service after a change means you accept the updated policy.

Contact

Questions, complaints or data requests? Email privacy@zyloo.io. You may also escalate to your local data protection authority.

Have a question?

We answer privacy emails within seven days.

privacy@zyloo.io