Privacy Policy

Last updated: 2026-05-15

1. Who we are

Zooq (the “Service”) is operated by Amir Baldiga (the “Operator”), an Israeli individual. Contact: privacy@zooq.dev.

2. What we collect

  • Account information: email, password hash, optional full name.
  • API keys: stored only as SHA-256 hashes.
  • Usage metadata: endpoint, status code, credits, response time, IP, user-agent.
  • Payment metadata via Sumit (we never see full card details — only the last four digits and a vault token).
  • GDPR consent: timestamp + IP captured at signup.

3. What we don't collect or store

We do not store the professional data returned to you. Responses pass through our proxy and are returned in real time; the payload itself is never persisted.

4. Cookies

We set essential cookies for authentication (Supabase session) and a one-time cookie to display your fresh API key on signup. We do not use third-party tracking cookies in MVP.

5. Your rights (GDPR, CCPA, etc.)

You can: access your data, correct it, delete your account (30-day soft delete then hard delete), export your data, and object to processing. Email privacy@zooq.dev.

6. Sub-processors

  • Supabase Inc. — authentication and database (EU/US).
  • Vercel Inc. — hosting (global edge network).
  • Sumit — payments, invoicing, and Israeli VAT compliance.
  • Resend — transactional email (US).
  • Data partners — third-party infrastructure for sourcing publicly available professional data.

7. Changes

We'll notify registered users by email at least 30 days before any material change to this policy.