Legal

Privacy policy

Effective April 26, 2026

This policy describes what information Zoriac collects when you use zoriac.dev and app.zoriac.dev, why we collect it, who we share it with, and the rights you have over it. We aim to collect the minimum we need to operate the Service.

1. What we collect

Account data. When you sign up: your email address and a hashed password (handled by Supabase Auth, our authentication provider). Optional profile fields if you provide them.

Check configuration. Names, schedules, grace periods, and any notes you attach to your checks.

Ping metadata.When your job pings us we record the time of the ping, the IP address it came from, the User-Agent header, the type (success / fail / start), and up to the first 1 KB of any request body you send. We do not store full request bodies beyond that cap.

Billing data. If you upgrade to a paid plan: your Stripe Customer ID, subscription status, and billing-history metadata. Card numbers are handled and stored by Stripe; we never see them.

Operational logs. Standard server logs (request paths, status codes, response times, error stacks) used for debugging and abuse monitoring. Retained for up to 30 days.

Cookies. A session cookie set by Supabase Auth so you stay logged in. We do not use third-party advertising or analytics cookies on the dashboard.

2. How we use it

  • To run your checks and send you alerts when they go silent.
  • To process payments for paid plans.
  • To respond to your support requests and notify you of important service changes.
  • To detect and prevent abuse — for example, blocking IP addresses flooding our ping endpoint.

We do not sell your data, share it with advertisers, or use ping payloads to train machine-learning models.

3. Service providers (sub-processors)

We rely on a small number of vendors to operate the Service. Each is bound by their own contractual privacy commitments to us:

  • Supabase — Postgres database and authentication. Hosted on AWS in the United States.
  • Fly.io — application hosting (the API backend).
  • Vercel — hosting for the marketing site and dashboard.
  • Stripe — payment processing for paid subscriptions.
  • Resend — sending transactional and alert emails on our behalf.

4. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, and to object to certain processing. To exercise any of these rights, email eric.catalano925@gmail.com and we will respond within 30 days.

You can delete your account at any time from the dashboard Settings page. We will remove your checks, ping history, and personal information from our active systems within 30 days, except where retention is required by law (for example, billing records, which we keep for 7 years for tax purposes).

5. Data retention

  • Ping history — retained for the duration matching your plan (Free: 7 days · Hobby: 30 days · Pro: 90 days · Team: 1 year).
  • Account and check configuration — retained until you delete your account.
  • Billing records — retained for 7 years to comply with tax and accounting law.
  • Operational logs — retained for up to 30 days.

6. Security

We protect your data with TLS in transit and at rest, scoped database credentials, secret rotation, and the principle of least privilege for our administrative tooling. No system is perfectly secure; if we ever experience a breach affecting your data we will notify you within 72 hours of confirmation, with the information available at that time.

7. International transfers

Your data is processed in the United States. If you are located elsewhere, by using Zoriac you consent to this transfer. We rely on standard contractual clauses with our sub-processors where required.

8. Children

Zoriac is not directed to children. We do not knowingly collect personal information from anyone under 13 (or under 16 in the European Economic Area). If you believe we have, contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. If a change is material we will notify registered users by email at least 14 days before the change takes effect, and we will update the “Effective” date at the top of this page.

10. Contact

Questions, requests, or complaints? Email eric.catalano925@gmail.com.

Like the Terms, this Privacy Policy is intentionally plain-English and not a substitute for legal advice. If you operate Zoriac in a regulated context, your own counsel should review.