Start free trial

Privacy Policy.

Zaraftis monitors how AI search engines mention your brand. Doing that responsibly means we collect only the data we need, store it carefully, and give you straightforward control over it. This policy explains exactly how.

Last updated May 31, 2026

01Overview

Zaraftis Inc. ("Zaraftis," "we," "us," "our") provides a SaaS platform that scans how AI search engines (including ChatGPT, Google AI Overviews, Google AI Mode, Perplexity, Gemini, Microsoft Copilot, and Claude) describe, cite, and recommend brands. This Privacy Policy explains what personal information we collect when you visit our website, request a brand snapshot, contact us, or use the Zaraftis platform; how we use that information; and the rights you have over it.

Plain-English summary. We collect the minimum needed to run a brand-visibility scan, contact you about it, and operate our website. We do not sell your data. We use a small number of well-known sub-processors (listed in section 05). You can request access, correction, or deletion of your data at any time by emailing privacy@zaraftis.com.

02Information we collect

We collect personal information in three ways: information you provide directly, information collected automatically when you use our services, and information we receive from third-party sources.

2.1 Information you provide

  • Account & contact data: full name, work email, company name, role, company website, and (optionally) phone number when you contact us, request a demo, or create a Zaraftis workspace.
  • Brand-snapshot inputs: the company domains, brand names, competitor names, and prompt seeds you submit so the platform can run AI-engine scans on your behalf.
  • Billing details: billing contact, billing address, VAT/tax ID, and the last four digits of the payment card. Full card numbers are tokenized and stored by our payment processor (Dodo Payments), not by us.
  • Support & correspondence: the contents of any email, chat, or form submission you send to hello@zaraftis.com or our support team.

2.2 Information collected automatically

  • Device & browser data: IP address, device type, browser type and version, OS, screen size, and language setting.
  • Usage data: pages viewed on zaraftis.com and inside the app, referring URL, click events, time-on-page, search queries, error messages, and the timestamp of each event.
  • Diagnostics: anonymized stack traces and performance metrics when something breaks (so we can fix it).

2.3 Information from third parties

  • Public data about your company: domain registration data, structured data on your public web pages, public review sites, and the public outputs of the AI engines themselves. This is the data the AI engines see; it is also what we measure.
  • Authentication providers: if you sign in with Google, we receive your name, email, and profile picture from Google. We do not receive your Google password.

03How we use your information

We use the information described above for the following purposes:

  • To deliver the service: running brand visibility scans, populating dashboards, generating audit reports, sending notification emails about your scans.
  • To communicate with you: responding to support requests, sending product updates, sending billing receipts, and (if you opted in) sending occasional marketing emails. You can opt out of marketing email at any time using the unsubscribe link in the footer of any such email.
  • To improve the product: analyzing aggregate usage to decide which features to invest in, debugging crashes, training internal classifiers used to detect brand mentions in AI outputs.
  • To prevent abuse: detecting bot signups, brute-force login attempts, payment fraud, and abuse of our API rate limits.
  • To comply with the law: responding to lawful requests from regulators or law enforcement, and meeting tax and accounting requirements.

We do not sell your personal information. We do not share your inputs (your domain list, prompt seeds, or scan results) with any other Zaraftis customer. Your scans belong to you.

04Legal bases for processing (EEA / UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on one of the following bases under the GDPR / UK GDPR:

ActivityLawful basis
Providing the service to a paying customerContract: Article 6(1)(b)
Sending transactional emails (receipts, scan-complete notices)Contract: Article 6(1)(b)
Improving the product, debugging, fraud preventionLegitimate interest: Article 6(1)(f)
Sending marketing emailConsent: Article 6(1)(a) (you can withdraw at any time)
Meeting tax, accounting, or regulatory obligationsLegal obligation: Article 6(1)(c)

05Sharing & sub-processors

We share data only with vetted sub-processors that help us run the service. Each sub-processor is bound by a Data Processing Agreement that limits use of your data to the purposes we instruct.

Sub-processorPurposeRegion
SupabaseDatabase and object storageUS / EU
RailwayBackend application hostingUS
VercelFrontend and website hosting, CDNGlobal
UpstashCaching and rate limiting (Redis)US / EU
Dodo PaymentsPayment processing, tax complianceUS, EU, UK
ResendTransactional and notification email deliveryUS
MixpanelProduct analyticsUS
Firecrawl, Serper, DataForSEOPublic web crawling and search data for auditsUS
OpenAI, Anthropic, Google, Perplexity, MicrosoftAPI access for AI-engine scans (only public prompts you authorize)US

We may also disclose information when legally required (subpoena, court order), in connection with a business transfer (merger, acquisition, financing), or when necessary to protect the safety, rights, or property of Zaraftis, our users, or the public.

06Data retention

  • Account data: retained while your account is active. Deleted within 30 days of account closure (except where we are required to retain longer for tax or legal purposes).
  • Scan results & brand-snapshot data: retained for the lifetime of your subscription. Available for export for 90 days after cancellation, then permanently deleted.
  • Billing records: retained for 7 years to meet tax and accounting requirements.
  • Web analytics & logs: retained for 13 months in identified form, then aggregated.
  • Marketing leads: retained for 24 months from last interaction; deleted on opt-out.

07Security

We protect personal information using industry-standard administrative, technical, and physical safeguards. Concretely:

  • Data in transit is encrypted with TLS.
  • Data at rest is encrypted by our hosting and database providers.
  • Production access requires multi-factor authentication. No shared accounts.
  • We follow least-privilege access. Customer data is accessed only when you ask us to (support) or to resolve a critical incident.
  • We monitor our dependencies and keep them patched.

No system is perfect. If you believe your account has been compromised, email security@zaraftis.com immediately.

08International data transfers

Zaraftis is incorporated in Delaware, USA, and some of our sub-processors are based in the United States. Where data crosses borders (for example, when an EU customer's data is processed by a US sub-processor), we rely on the European Commission's Standard Contractual Clauses (SCCs) and supplementary measures, including encryption in transit, encryption at rest, and contractual restrictions on government-access requests.

09Your rights

Depending on where you live, you have the following rights over the personal information we hold about you:

  • Access: get a copy of the personal data we hold about you.
  • Correction: fix inaccurate or incomplete data.
  • Deletion: ask us to delete your data ("right to be forgotten").
  • Portability: get your data in a machine-readable format.
  • Restriction: limit how we use your data.
  • Objection: object to our use of your data for legitimate-interest purposes (including direct marketing).
  • Withdraw consent: for any processing that relied on consent.
  • Lodge a complaint: with your local data-protection authority.

To exercise any of these rights, email privacy@zaraftis.com from the address on file. We respond within 30 days. We will never charge you for a routine request.

California residents (CCPA / CPRA). You have the right to know what personal information we collect and disclose, the right to delete it, the right to correct it, the right to limit use of "sensitive personal information," and the right to opt out of "sales" or "sharing." We do not sell or share personal information as those terms are defined under the CCPA.

10Cookies & tracking

We use a small number of cookies and similar technologies on zaraftis.com:

CookieTypePurpose
zaraftis_sessionStrictly necessaryKeeps you logged in
zaraftis_themeFunctionalRemembers your light/dark preference
_ga, _ga_*AnalyticsAnonymous traffic measurement (Google Analytics)
mp_*AnalyticsAnonymous product analytics (Mixpanel)

You can refuse non-essential cookies through the consent banner shown on first visit, or by setting your browser to reject cookies. Refusing analytics cookies does not affect your ability to use the product.

11Children

Zaraftis is a B2B product intended for marketing teams at companies. It is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, email privacy@zaraftis.com and we will delete it.

12Changes to this policy

When we make material changes to this policy, we will post the updated version on this page, increment the version number at the top, and update the "effective" date. For significant changes, we will also email customers with active accounts at least 14 days before the new version takes effect. Your continued use of Zaraftis after the effective date constitutes acceptance of the updated policy.

13Contact us

If you have any questions about this Privacy Policy, want to exercise any of the rights described above, or want to talk to a human about how Zaraftis handles your data, please reach out: