Back to Home

Privacy Policy

Last updated: January 25, 2026

1. Introduction

xix3D Inc. ("Company," "we," "us," or "our") operates Zeno Email Agent ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

Account Information:

  • Name (from Google account)
  • Email address (from Google account)
  • Profile picture (from Google account)

Email Data:

  • Email metadata (sender, recipient, subject, date)
  • Email content (for AI classification and draft generation)
  • Email labels and categories

Usage Data:

  • Features used and frequency
  • Email processing statistics
  • Draft creation counts
  • Log data (IP address, browser type, access times)

Payment Information:

  • Processed securely by Stripe
  • We do not store credit card numbers

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Process and categorize your emails using AI
  • Generate draft responses to emails
  • Apply labels to your Gmail account
  • Improve and personalize the Service
  • Process payments and manage subscriptions
  • Send service-related communications
  • Detect and prevent fraud or abuse

4. AI Processing

Your email content is processed by Anthropic's Claude AI for:

  • Email classification and categorization
  • Draft response generation
  • Analyzing writing style (if enabled)

Important:

  • Email content is processed in real-time and not stored permanently
  • We do not use your emails to train AI models
  • AI processing is solely for providing the Service to you

5. Google API Disclosure

Zeno Email Agent's use and transfer of information received from Google APIs to any other app adheres to Google API Services User Data Policy, including the Limited Use requirements.

We only access Gmail data necessary to:

  • Read incoming emails for classification
  • Apply labels to categorized emails
  • Create draft responses
  • Access sent emails for writing style analysis (if enabled)

You can revoke access at any time through your Google Account settings.

6. Data Sharing and Disclosure

We do NOT:

  • Sell your personal information
  • Share email content with advertisers
  • Use your data for targeted advertising
  • Share your data with third parties for their marketing

We DO share data with:

  • Anthropic (AI processing) - email content for classification
  • Stripe (payments) - payment information only
  • Supabase (database) - account and metadata storage
  • Vercel (hosting) - application hosting

We may also disclose information:

  • To comply with legal obligations
  • To protect our rights and safety
  • With your consent

7. Data Storage and Security

Your data is stored securely using:

  • Supabase (PostgreSQL database) with encryption at rest
  • Secure HTTPS connections for all data transmission
  • OAuth 2.0 for Google authentication (we never see your Google password)
  • Environment variables for API keys and secrets

We implement industry-standard security measures, but no method of transmission over the Internet is 100% secure.

8. Data Retention

  • Account data: Retained until you delete your account
  • Email metadata: Retained for analytics and history
  • Email content: Processed in real-time, not stored permanently
  • Payment records: Retained as required by law

Upon account deletion, we will delete your personal data within 30 days, except where retention is required by law.

9. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data (data portability)
  • Opt out of certain processing
  • Withdraw consent

To exercise these rights, contact us at support@xix3d.com.

10. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to delete personal information
  • Right to non-discrimination

We do not sell personal information as defined by CCPA.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under GDPR including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making

Our legal basis for processing is:

  • Contract performance (providing the Service)
  • Legitimate interests (improving the Service)
  • Consent (where specifically requested)

12. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • User preferences (e.g., dark mode)

We do not use:

  • Advertising cookies
  • Third-party tracking cookies
  • Cross-site tracking

13. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If we learn we have collected data from a child, we will delete it promptly.

14. International Data Transfers

Your data may be processed in countries other than your own, including Canada and the United States. We ensure appropriate safeguards are in place for international transfers.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date will be revised accordingly.

16. Contact Us

For privacy questions or to exercise your rights:

For privacy complaints, you may also contact your local data protection authority.