Privacy Policy

Introduction

Humanik Technologies ("Zylo," "we," "us," or "our") operates an AI-powered platform that enables users to build, edit, and deploy websites and applications using natural language. We are committed to protecting your privacy and complying with applicable privacy laws in Canada (PIPEDA), the European Economic Area (GDPR), the United Kingdom (UK GDPR), Switzerland, and the United States (including CCPA/CPRA and other state privacy statutes).

This Privacy Policy ("Policy") explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and services (collectively, the "Services"). By using Zylo, you acknowledge this Policy. Our legal bases for processing include contract performance, legitimate interests, consent, and legal obligations, as detailed below.

This Policy incorporates our Terms of Service by reference. If you do not agree with this Policy, please discontinue use of our Services.

Definitions

• "Personal Data" means any information that relates to an identified or identifiable natural person, including name, email address, IP address, device identifiers, authentication tokens, usage logs, or other information generated through your use of the Services. This term is interpreted consistently with the EU GDPR, UK GDPR, Canada's PIPEDA, and applicable U.S. state privacy statutes.
• "Customer Data" means any content, code, text, images, files, or other data that you input, upload, submit, host, or generate through the Services, including applications you create. Customer Data does not include Usage Data.
• "Usage Data" means telemetry, logs, performance data, usage metrics, and other technical data generated by or in connection with your use of the Services. Usage Data does not include Customer Data or personally identifiable information.
• "AI Output" means any code, content, websites, or other outputs generated by our AI systems in response to your inputs and prompts.
• "HumanikCloud" means our cloud hosting and deployment infrastructure, provisioned on third-party providers (currently Fly.io), used to publish and serve your projects.

Information We Collect

Information You Provide Directly

When you create an account, subscribe to a plan, contact support, or otherwise use the Services, you may provide:

• Account information: Name, email address, password, and profile preferences
• Payment information: Billing details processed securely via Stripe. We do not store full payment card numbers — Stripe serves as our PCI-compliant payment processor (see Stripe's Privacy Policy)
• Project content: Natural language prompts, project descriptions, code, files, and deployment configurations you create or upload
• Communications: Messages you send to our support team or through feedback channels

Information Collected Automatically

When you interact with the Services, we automatically collect:

• Device and browser data: IP address, browser type and version, operating system, screen resolution, and unique device identifiers
• Usage activity: Pages visited, features used, prompts submitted, code generated, build and deployment events, timestamps, and session duration
• Log data: Server logs including access times, error codes, referring URLs, and API call metadata
• Billing and metering data: AI token consumption, compute hours, bandwidth usage, and deployment activity for usage-based billing

Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to operate, secure, and analyze the Services. For detailed information about the types of cookies we use and how to manage your preferences, see our Cookie Policy. Cookie-derived identifiers are retained for no longer than thirteen (13) months for analytics purposes, after which they are deleted or irreversibly anonymized.

SMS and Mobile Messaging

SMS Opt-In and Consent

When you submit a form on our website that includes a phone number and SMS consent checkbox (such as our Custom Solutions inquiry form), you are providing express written consent to receive SMS text messages and calls from Zylo (operated by T&N DIGITAL) at the phone number you provided. Your consent is collected via a clear, unchecked checkbox that you must affirmatively select before submitting the form. Consent is not a condition of purchasing any goods or services.

The types of SMS messages you may receive include:

• Project updates and status notifications
• Quotes and proposal follow-ups
• Scheduling and appointment communications
• Responses to your custom solutions inquiries

Message frequency varies based on your inquiry and project needs. Message and data rates may apply depending on your mobile carrier and plan.

Opting Out of SMS

You may opt out of SMS messages at any time by replying STOP to any message you receive from us. After opting out, you will receive a one-time confirmation message and will no longer receive SMS messages from us unless you re-consent. You may also contact us at [email protected] to request removal from our SMS communications. Reply HELP to any message for assistance.

Mobile Information Sharing

We do not sell, rent, loan, trade, lease, or otherwise transfer for profit any phone numbers or personal information collected through our SMS opt-in process to any third party. Phone numbers collected for SMS communications are used solely for the purposes described in this section and are not shared with third parties for their own marketing purposes. Our SMS service providers may have access to your phone number solely to deliver messages on our behalf, subject to contractual data protection obligations.

Legal Bases for Processing

We process personal data only where a valid legal ground applies under applicable privacy law:

• Performance of a Contract: We process your data to provide, maintain, and support the Services you have requested under our Terms of Service.
• Legitimate Interests: We use personal data to secure the platform, detect fraud, generate aggregate analytics, and improve AI features, where these interests are not outweighed by your privacy rights.
• Consent: We rely on your opt-in consent for non-essential cookies, marketing emails, and any other processing that requires consent under applicable law. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Legal Obligations: We retain and disclose information as necessary to comply with tax and accounting requirements, export-control and sanctions regulations, court orders, or other legal duties.

How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: Providing, operating, and maintaining the platform, including AI code generation, editing, and deployment
• Account management: Processing transactions, managing subscriptions, and metering usage-based charges
• Service improvement: Analyzing usage patterns, prompts, and generated outputs (in anonymized or aggregated form where feasible) to refine algorithms, enhance AI performance, and develop new features
• Personalization: Tailoring the platform experience to your preferences and workspace
• Security: Detecting, preventing, and investigating fraud, abuse, or security incidents
• Communications: Sending account notifications, support responses, product updates, and marketing communications (with your consent)
• Legal compliance: Complying with applicable laws, regulations, and legal processes in Canada and other jurisdictions where we operate

Zylo does not engage in automated decision-making that produces legal or similarly significant effects on individuals.

AI Data Processing and Third-Party AI Providers

Zylo uses artificial intelligence models to generate code, content, websites, and applications based on your inputs. When you use the platform, your prompts and project data are transmitted to AI providers for processing. We work with the following third-party AI providers:

• Anthropic (Claude): Primary AI model for code generation and natural language processing
• Meta (Llama): AI models for specific generation tasks

How your data is handled in AI processing:

• Your prompts and project descriptions are sent to AI providers to generate outputs for your workspace
• We do not use your raw, identifiable personal data to train general-purpose AI models that benefit other customers
• We may use anonymized and aggregated data to improve our own platform and AI capabilities
• AI Output generated for you belongs to you as described in our Terms of Service, but may be similar to output generated for other users who submit similar prompts
• AI processing occurs on servers operated by our AI providers and cloud infrastructure partners

By using the Services, you consent to the transmission of your inputs to these AI providers. We encourage you to review their respective privacy policies. We do not control their data practices beyond what is specified in our contractual agreements with them.

Service Providers and Sub-Processors

We work with trusted third-party service providers to operate and improve the Services. These providers are contractually bound to protect your data and process it only as instructed. Our key service providers include:

Infrastructure and Hosting

• Fly.io: Cloud infrastructure for HumanikCloud project hosting and deployment

AI Providers

• Anthropic: AI model provider (Claude) for code generation and natural language processing
• Meta: AI model provider (Llama) for specific generation tasks

Payment Processing

• Stripe: Secure payment processing, subscription management, and billing. We do not store your full payment card details.

Analytics

• Google Analytics: Website usage and traffic analysis
• Mixpanel: Product analytics and user interaction tracking

All sub-processors are bound by contractual data protection obligations. We will provide notice of material sub-processor changes to allow customers to object.

Information Sharing and Disclosure

We do not sell your personal information. We do not share personal data for cross-context behavioral advertising as defined under CCPA/CPRA or equivalent laws. We may share your information only in the following circumstances:

• Service providers: With the third-party providers listed above, solely to operate and deliver the Services
• AI processing: Your prompts and project data are transmitted to our AI providers (Anthropic, Meta) to generate outputs as described above
• Legal requirements: When required by law, court order, subpoena, or governmental request. Unless legally prohibited, we will notify affected users before producing data
• Safety and security: To prevent, investigate, or address fraud, security incidents, or threats to the safety of our users or the public
• Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case the acquiring entity will be bound by this Policy
• Your consent: When you explicitly authorize us to share information
• Public content: Content you choose to make publicly available through published projects
• Anonymized data: We may share anonymized, aggregated data that cannot reasonably identify you for analytics, benchmarking, and research purposes

Sensitive Data and Compliance

Default Platform Configuration

By default, the Zylo platform and HumanikCloud infrastructure are not configured to handle regulated or sensitive data categories, including but not limited to:

• Protected health information (PHI) under HIPAA
• Payment card data subject to PCI-DSS (card processing is handled entirely by Stripe)
• Financial account numbers or government-issued identifiers
• Biometric data or special categories of personal data under GDPR
• Data subject to industry-specific regulations (e.g., FERPA, SOX, ITAR)

You should not upload, input, store, or process any of the above data categories through the platform unless you have contacted us in advance and we have confirmed in writing that appropriate compliance measures are in place for your account. We disclaim all responsibility for regulated data submitted without a prior written compliance arrangement.

Custom Compliance Arrangements

If your use case requires handling regulated or sensitive data, please contact us directly at [email protected]. We can work with you to implement the necessary technical and organizational measures, which may include:

• Dedicated infrastructure and data isolation
• Business Associate Agreements (BAAs) for HIPAA compliance
• Enhanced encryption and access controls
• Data residency and sovereignty requirements
• Custom data processing agreements

These arrangements may require an enterprise plan and are subject to separate terms and pricing.

Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption: All data is encrypted in transit (TLS) and at rest
• Access controls: Role-based access with authentication requirements to ensure only authorized personnel can access your data
• Security monitoring: Continuous monitoring and logging to detect and respond to threats
• Vulnerability management: Regular security assessments and vulnerability scans
• Incident response: We maintain incident response procedures and will notify affected users within 72 hours of confirming any notifiable data breach, as required by GDPR, PIPEDA, and other applicable laws
• Vendor oversight: Sub-processors are vetted and contractually bound to equivalent data protection standards

While we implement reasonable safeguards, our Services rely on third-party providers (Fly.io, Anthropic, Meta, Stripe) and we cannot guarantee uninterrupted availability or absolute security. Please keep your account credentials confidential and enable multi-factor authentication where available.

Log Data and Telemetry

When you use the Services, we automatically collect operational telemetry ("Log Data") that helps us secure and improve the platform. Log Data may include:

• Your device's IP address and approximate location
• Browser type and version
• Pages, APIs, or features you access within the Services
• Timestamps and time spent on specific screens or functions
• Unique session or device identifiers and error/debugging codes

Log Data is retained for up to ninety (90) days, unless required by law, and is used to monitor performance, troubleshoot issues, detect abuse, and improve the user experience.

Your Privacy Rights

Depending on your location, you may have the following rights under applicable privacy laws. We will not discriminate against you for exercising any of these rights.

Rights Under GDPR (EEA, UK, Switzerland)

• Access: Request information about the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete information
• Erasure: Request deletion of your personal data (subject to legal exceptions)
• Portability: Request a copy of your data in a structured, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests or for direct marketing
• Withdraw consent: Withdraw consent at any time where processing is based on consent

Rights Under CCPA/CPRA (California) and U.S. State Laws

• Right to know: Request disclosure of what personal information we collect, use, and disclose
• Right to delete: Request deletion of your personal information
• Right to correct: Request correction of inaccurate personal information
• Right to opt-out: Opt out of the sale or sharing of personal information. Note: Zylo does not sell or share personal information as defined under these laws
• Non-discrimination: You will not be discriminated against for exercising your rights

Rights Under PIPEDA (Canada)

• Access: Request access to your personal information held by us
• Correction: Request correction of any inaccurate information
• Withdraw consent: Withdraw consent for certain processing, subject to legal or contractual restrictions
• Complaint: File a complaint with the Office of the Privacy Commissioner of Canada

How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected]. We will verify your identity and respond within 30 days, or the period required by your local law. If you believe a request has been wrongly denied, you may file an appeal by replying to our decision, or contact your local supervisory authority.

International Data Transfers

Zylo is operated from Canada, and your information may be transferred to and processed in countries other than your own — including Canada, the United States, and other jurisdictions where our service providers operate. We safeguard international transfers through the following mechanisms:

• Standard Contractual Clauses (SCCs): For transfers from the EEA to countries without an adequacy decision, we use EU SCCs (Module 2: Controller-to-Processor)
• UK International Data Transfer Addendum: For transfers from the United Kingdom
• Swiss Addendum: Adapts the SCCs to the revised Swiss Federal Act on Data Protection
• Adequacy decisions: Where applicable, we rely on adequacy decisions recognizing the receiving country's level of data protection
• PIPEDA compliance: As a Canadian company, we comply with PIPEDA requirements for cross-border data transfers, including ensuring comparable levels of protection

Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this Policy or as required by applicable law:

• Account data: Retained for the duration of your account. Upon account deletion, personal data is deleted within 30 days
• Log data and telemetry: Retained for up to 90 days
• Billing and transaction records: Retained as required by tax and accounting laws (typically 7 years)
• Analytics cookies: Cookie-derived identifiers are retained for no longer than 13 months
• Backups: Deleted data may persist in encrypted backups for up to 90 days before permanent removal
• Anonymized data: Anonymized and aggregated data may be retained indefinitely, as it can no longer identify you

To request deletion of your data, contact us at [email protected]. Certain data may be retained after deletion requests for fraud prevention, legal compliance, or legal defense purposes.

Children's Privacy

Zylo is not intended for individuals under the age of 18, and we do not knowingly collect or solicit personal data from anyone under this age. By using the Services, you represent that you are at least 18 years old or the age of majority in your jurisdiction. If we discover that we have collected personal data from a minor without verifiable parental consent, we will promptly delete that information. If you believe we may have collected such data, please contact us at [email protected].

Third-Party Links and Integrations

Our Services may include links or integrations to third-party services (for example, GitHub, payment providers, analytics tools, or AI model providers) that are not controlled by Zylo. Your interactions with those third-party services are governed by their own privacy policies and terms. We encourage you to review those policies before providing personal data, as Zylo is not responsible for the privacy or security practices of external sites or services.

No Professional or Coding Advice

Our Services provide AI-assisted tools that generate or suggest code, websites, and applications, but they are not a substitute for professional software engineering, legal, medical, or financial judgment. You remain solely responsible for reviewing, testing, and validating any output produced by the platform. Reliance on AI-generated output is at your own risk. Intellectual property ownership and usage restrictions are detailed in our Terms of Service.

Governing Law

This Policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict-of-law principles. However, if you are located in a jurisdiction that grants you mandatory consumer protection or data protection rights under local law (such as the GDPR for EEA residents), those provisions will take precedence to the extent they conflict with this Policy. Any disputes arising under this Policy shall be resolved in the courts of Ontario, Canada, unless otherwise required by applicable mandatory law.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services. For material changes that reduce your rights or expand our processing purposes, we will provide at least thirty (30) days' advance notice by email or prominent notice on our platform. Your continued use of Zylo after the updated Policy takes effect constitutes acceptance of the revised terms.

Severability

If any provision of this Policy is found to be unlawful, void, or unenforceable under applicable law, that provision will be interpreted to achieve its intent as closely as possible, or deemed severed, and the remaining provisions will remain in full force and effect.

Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a data protection concern, please contact us:

We aim to respond to verified data-subject requests within thirty (30) days, or longer where permitted under applicable law. If you believe your inquiry has not been satisfactorily resolved, you may lodge a complaint with your local supervisory authority, including the Office of the Privacy Commissioner of Canada, the Irish Data Protection Commission (for EEA residents), or the UK Information Commissioner's Office.