Legal

Privacy Policy

Last updated: May 3, 2025

1. Introduction

Zotomic ("we", "our", or "us") is a web development and AI automation service provider based in Bangladesh. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at zotomic.com and our SaaS platform.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our services.

2. Information We Collect

2.1 Information You Provide

  • Account registration data (name, email, phone, business name)
  • AI and social media API keys you provide for automation (encrypted)
  • Business information (website URL, business description)
  • Payment information (processed by third-party providers)
  • Support communications

2.2 Automatically Collected Information

  • Log data (IP address, browser type, pages visited, timestamps)
  • Cookies and similar tracking technologies
  • Usage analytics (features used, session duration)

2.3 Third-Party Data

  • Facebook/Meta API data (messages, page information) — only when you connect your accounts
  • Google/Gemini API usage data — when you use AI automation features

3. How We Use Your Information

  • Provide, operate, and maintain our services
  • Process your AI automation requests using your provided API keys
  • Send service-related notifications and updates
  • Respond to support requests
  • Improve our platform through analytics
  • Comply with legal obligations
  • Prevent fraud and abuse

Note on API Keys: Your AI API keys (Gemini, OpenAI) are encrypted with AES-256 before storage and are only used to make AI requests on your behalf. We never share or use your API keys for any other purpose.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share data with:

  • Service Providers: Supabase (database), Vercel (hosting), Google (AI services) — only as necessary to provide our services
  • Meta/Facebook: When you use our Messenger/Instagram automation features
  • Legal Requirements: When required by law or to protect our rights

5. Data Security

  • All data transmitted using TLS/HTTPS encryption
  • API keys encrypted with AES-256-CBC before database storage
  • Passwords hashed with bcrypt (cost factor 12)
  • JWT tokens with 7-day expiry stored in httpOnly cookies
  • Row-level security enabled on all database tables

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and all associated data
  • Export your data in a portable format
  • Opt out of marketing communications
  • Withdraw consent for data processing at any time
🗑️ Delete My Account & Data

7. Facebook / Meta Data

When you use our Facebook/Instagram automation features:

  • We access your Facebook Page messages only to provide AI auto-reply services
  • Message content is not stored beyond 24 hours in our logs
  • You can revoke access at any time by disconnecting your Facebook account in the dashboard
  • We comply with Meta's Platform Terms and Developer Policies

For Facebook data deletion requests, visit our Data Deletion page.

8. Cookies

We use the following cookies:

  • auth_token: HttpOnly session cookie for authentication (7-day expiry)
  • theme: Stores dark/light mode preference

We do not use third-party advertising cookies.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors.

10. Contact Us

For privacy-related inquiries:

Email: hello@zotomic.com

Address: Dhaka, Bangladesh

Terms & Conditions →Refund Policy →Data Deletion →
Chat with us