Privacy Policy
Last updated: July 13, 2026 · v1.2.0
Introduction
Welcome to ZIMA. This Privacy Policy explains how Taylor Tech ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our mobile application and related services (collectively, the "Service").
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Service.
Information We Collect
Information You Provide Directly
Account Information:
- Email address (collected when you sign in with Google, sign in with Apple, or register with an email address and password)
- Name (when provided by you or your sign-in provider)
- Sign-in provider account identifier (Google or Apple)
You can also use ZIMA as a guest without creating an account. Guest conversations are stored locally on your device and are not saved to an account on our servers (messages are still sent to the AI provider you select to generate each response).
User-Generated Content:
- Chat conversations and messages you send through the Service
- Images, documents, and videos you upload or attach to conversations
- Images and videos you generate through the Service
- Any other content you create or upload while using the Service
Uploaded and generated media files are stored in private cloud storage (Amazon Web Services, United States) and served through short-lived, access-controlled links.
Payment Information:
- When you subscribe on the web, payment processing is handled by Stripe. We do not store your full credit card numbers on our servers. We may receive and store limited payment information from Stripe, such as the last four digits of your card, card type, and billing address, for record-keeping purposes.
- When you subscribe through the iOS or Android app, your purchase is processed by Apple (App Store) or Google (Google Play), and your subscription status is managed through RevenueCat. We do not receive your payment card details from these purchases.
Voice and Camera Data
Voice features are optional — the app requests microphone (and camera) permission only when you use them.
Voice chat: Your microphone audio is streamed in real time through LiveKit (our realtime audio infrastructure provider) to the AI provider you selected (OpenAI, Anthropic, or Google) to generate spoken responses. The conversation is transcribed, and the transcript is saved to your chat history like a typed conversation. We do not retain the raw audio after the session.
Dictation (speech-to-text): When you use the microphone button to dictate a message, your audio is streamed in real time for transcription. The resulting text appears in the message composer; the audio itself is not stored.
Live camera sharing: During a voice chat with a Google (Gemini) voice model, you may optionally share your device's camera feed so the model can respond to what you are looking at. Camera frames are processed in real time by the AI provider and are not stored by us.
Information Collected Automatically
Usage Data:
- Interactions with the Service
- Features used and time spent on the Service
- Error logs and performance data
Analytics Data:
- We use Firebase Analytics (Google) to understand how users interact with our Service — for example session duration, screens visited, and which features are used. Chat content is never included in analytics data.
- In the EU/EEA, UK, and Switzerland, we ask for your consent before enabling analytics, and nothing is collected if you decline. You can change your choice at any time in Settings → Privacy → Usage Analytics (guests: sidebar → Privacy).
- Crash and error reporting (Sentry) runs separately from analytics to keep the app stable and does not include chat content.
How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process transactions and manage your subscription
- Send you important notifications about your account or the Service
- Respond to your requests, comments, or questions
- Monitor and analyze usage trends to improve user experience
- Detect, prevent, and address technical issues and security threats
- Comply with legal obligations
How We Share Your Information
We do not sell your personal information.
We may share your information in the following circumstances:
AI Model Providers: Your messages and any attachments in a conversation are sent to the AI provider whose model you select — OpenAI, Anthropic, or Google — solely to generate that conversation's responses. We do not use your conversations to train AI models.
Service Providers: We share information with third-party service providers who perform services on our behalf, including:
- Stripe: Payment processing on the web (Stripe Privacy Policy)
- Apple: Authentication (Sign in with Apple) and App Store billing (Apple Privacy Policy)
- Google: Authentication services and Google Play billing (Google Privacy Policy)
- RevenueCat: Subscription management for app-store purchases (RevenueCat Privacy Policy)
- Firebase: Backend services, authentication, and analytics (Firebase Privacy Policy)
- LiveKit: Realtime audio/video transport for voice features (LiveKit Privacy Policy)
- Sentry: Crash and error reporting (Sentry Privacy Policy)
- Amazon Web Services: Cloud hosting and file storage (AWS Privacy Notice)
- SendGrid: Email communications (SendGrid Privacy Policy)
- Koah Labs: Contextual advertising on the free tier (see Advertising section below)
Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
Protection of Rights: We may disclose information to protect the rights, property, or safety of Taylor Tech, our users, or others.
Data Storage and Security
Location: Your data is stored on servers located in the United States.
Security Measures: We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
Data Retention: We retain your personal information for as long as your account is active or as needed to provide you with the Service. We may also retain data as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. We reserve the right to delete accounts and associated data after one (1) year of inactivity.
Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
For All Users
- Access: You can access your account information through the app settings.
- Update: You can update your account information at any time.
- Delete: You can permanently delete your account and all associated data (conversations and uploaded media) at any time in the app under Settings → Account → Delete Account.
- Analytics: You can turn usage analytics on or off at any time under Settings → Privacy → Usage Analytics.
- Communications: You can opt out of promotional communications by following the unsubscribe instructions in those messages.
For European Economic Area (EEA) Residents (GDPR)
If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):
- Right to Access: You have the right to request a copy of the personal information we hold about you.
- Right to Rectification: You have the right to request correction of inaccurate personal information.
- Right to Erasure: You have the right to request deletion of your personal information ("right to be forgotten").
- Right to Restrict Processing: You have the right to request that we limit the processing of your personal information.
- Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, machine-readable format.
- Right to Object: You have the right to object to processing of your personal information.
- Right to Withdraw Consent: Where we rely on consent, you have the right to withdraw it at any time.
To exercise any of these rights, please contact us atteam@zimaapp.com.
For California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You have the right to request deletion of your personal information.
- Right to Opt-Out: You have the right to opt out of the sale of your personal information. Note: We do not sell your personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise your CCPA rights, please contact us atteam@zimaapp.com.
International Data Transfers
If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.
For users in the European Economic Area, we ensure appropriate safeguards are in place to protect your personal information in compliance with GDPR requirements.
Children's Privacy
Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information. If you believe we may have collected information from a child under 13, please contact us atteam@zimaapp.com.
Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.
Advertising
Free-tier accounts may see sponsored content ("ads") delivered by Koah Labs (https://koah.ai). To match relevant sponsored content, the prompt you send and the assistant's response are transmitted to Koah, along with anonymized device characteristics (device model, OS version, locale, app version, and app build).
Koah:
- Does not use the Apple Advertising Identifier (IDFA) or any equivalent advertising identifier.
- Does not track users across other apps or websites.
- Does not share data between publishers.
- Uses anonymized contextual signals only — no personally identifying information is sent.
For full details, see Koah'scontent policy and privacy practices on their website.Active subscribers do not see ads and have no data sent to Koah.
You can stop ads at any time by subscribing to a paid tier. Subscription state is checked locally before any request is made to Koah.
Optional Google Connectors (Drive & Gmail)
ZIMA offers optional connectors that let you use your Google Drive and Gmail content in chat. Connectors are off by default and are only active if you explicitly connect your Google account and grant access.
If you connect, we request the following Google permissions (OAuth scopes):
- Gmail (read-only) — to read emails you ask about in chat
- Gmail (compose) — to create and update email drafts for you; we cannot send email on your behalf
- Google Drive (read-only) — to read files you ask about, including Docs, Sheets, Slides, and Forms
- Google Drive (file creation) — to create new files at your request; this permission only grants access to files the app itself creates
How connector data is handled:
- Content from your Drive or Gmail is accessed only when needed to fulfill your specific requests in chat, and relevant content is shared with the AI provider you selected solely to generate that response.
- We do not use Google user data for advertising, we do not sell it, and we do not use it to train AI or machine-learning models.
- You can disconnect at any time in the app's settings, or revoke access from yourGoogle Account permissions page. Disconnecting removes our stored access credentials.
ZIMA's use and transfer of information received from Google APIs adheres to theGoogle API Services User Data Policy, including the Limited Use requirements.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We will also notify you via email or through the Service for significant changes.
Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Taylor Tech
San Francisco, California, 94121 United States
Email:team@zimaapp.com
Summary of Data We Collect
| Data Type | Purpose | Shared With |
|---|---|---|
| Email & Name | Account identification | Google or Apple (auth provider) |
| Chat Messages | Provide Service functionality | LLM providers (OpenAI, Anthropic, Google); Koah Labs (free tier ads only) |
| Uploaded & generated media | Provide Service functionality | AWS (storage); selected AI provider |
| Voice audio & transcripts | Realtime voice conversation | LiveKit (transport); selected AI provider |
| Camera feed (optional, Gemini voice) | Real-time visual context | Google (processed live, not stored) |
| Connected Drive/Gmail content (optional) | Fulfill your chat requests | Selected AI provider |
| Payment Info | Process subscriptions | Stripe (web); Apple / Google + RevenueCat (mobile) |
| Usage Data | Improve Service | Firebase Analytics (Google) |
| Crash & error data | App stability | Sentry |
| Device Info (model, OS, locale) | Contextual ad matching (free tier only) | Koah Labs |