Legal

Privacy Policy

ZenScail reads some of the most personal data you own — your inbox and your calendar. This policy explains exactly what we touch, what we never touch, and the controls you keep.

Last updated June 13, 2026

Overview

ZenScail (“ZenScail,” “we,” “us”) provides an AI assistant that summarises your email and calendar into a single daily brief, drafts replies in your voice, and helps you schedule your time. This policy describes how we handle personal information when you use our website and application (together, the “Service”).

The short version:we process your email and calendar only to give you the features you asked for. We don’t sell your data, we don’t use it to train models, and when you bring your own AI key, your message content goes straight to your chosen provider — not into a ZenScail datastore.

Information we collect

Account information

When you create an account we collect your name, email address, and either a hashed password or a Google account identifier (if you sign in with Google). We never store your password in plain text.

Connected mailbox & calendar data

When you connect Google with the permissions ZenScail requests, we access the email and calendar data needed to build your brief — message metadata (senders, subjects, timestamps, labels), message bodies for the items we summarise, and your calendar events and availability. We access this data on your behalf and only when you use a feature that needs it.

Usage & device information

We collect basic technical data — IP address, browser type, pages viewed, and actions taken in the app — to keep the Service secure and working. This is the minimum needed to operate and protect the product.

What we deliberately do not collect

  • We don’t scrape your entire mailbox into our own archive.
  • We don’t read attachments unless a feature you triggered requires it.
  • We don’t collect special-category data (health, beliefs, etc.) on purpose.

How we use your information

  • To deliver the Service — generating briefs, summaries, draft replies, and scheduling suggestions.
  • To authenticate you and keep your account secure.
  • To send transactional email — verification codes, onboarding, and important account notices.
  • To improve reliability — diagnosing errors and preventing abuse using aggregated, non-content signals.
  • To comply with the law where we have a legal obligation.

We rely on your consent (for connecting Google and sending marketing email), the performance of our contract with you (to run the features you signed up for), and our legitimate interests (security and reliability) as our legal bases for processing.

AI processing & your keys

ZenScail is built around bring-your-own-key (BYOK). When you add your own OpenAI, Anthropic, or other provider key, the content we send for summarisation and drafting goes directly to that provider under your account and their terms. We act as a conduit; we do not retain that content afterwards.

  • Your API keys are encrypted at rest and are never exposed to other users or shown back to you in full.
  • We do not use your email, calendar, or prompts to train any model — ours or anyone else’s.
  • If you use a ZenScail-hosted model option, the same no-training commitment applies, and content is processed only to return your result.

Reputable AI providers offer zero-retention or no-training settings for API traffic. We encourage you to review your provider’s data policy, since content you send through your own key is governed by your agreement with them.

How we share data

We share personal information only in these limited cases:

  • Service providers (sub-processors) who run our infrastructure — hosting, our database, transactional email delivery, and the AI provider you choose. Each is bound by contract to protect your data.
  • Google, to read and act on your mailbox and calendar at your direction.
  • Legal & safety reasons, when required by law or to protect the rights and safety of users.
  • Business transfers, if ZenScail is involved in a merger or acquisition — you’ll be notified before your data becomes subject to a different policy.

We never sell your personal information, and we never share it with advertisers.

Data retention

We keep account information for as long as your account is active. Generated briefs and summaries are kept only as long as useful to you and are deleted on a rolling basis. When you delete your account, we erase your personal data and revoke our access tokens within 30 days, except where we must retain limited records to meet a legal obligation.

Security

We protect your data with encryption in transit and at rest, scoped access tokens, least-privilege internal access, and continuous monitoring. For the full picture, see our Security overview. No system is perfectly secure, but we work hard to make ZenScail worthy of the access you grant it.

Your rights & choices

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Object to or restrict certain processing, and withdraw consent at any time.

You can disconnect Google at any time from the app, or revoke ZenScail’s access from your Google Account’s security settings. To exercise any right, email [email protected]
and we’ll respond within the time required by applicable law.

Cookies & tracking

We use a small number of cookies that are essential for signing in and keeping your session secure, plus privacy-respecting analytics to understand how the Service is used. We don’t use advertising or cross-site tracking cookies. For details, see our Cookie Policy.

Children’s privacy

ZenScail is not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child has provided us data, contact [email protected]
and we will delete it.

International data transfers

ZenScail may process data in countries other than your own. Where we transfer personal data across borders, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses to ensure your data stays protected.

Changes to this policy

We’ll update this page when our practices change and revise the “last updated” date above. For material changes, we’ll notify you by email or in the app before they take effect.

Questions about your privacy?

Our privacy team reads every message and replies within five business days. Data-access and deletion requests are handled here too.

[email protected]