Privacy Policy

1.1 Information You Provide Directly

• Account & Booking Information: Name, email address, phone number, business name, industry, and billing address when you book a session or create an account.
• Payment Information: Credit card numbers, billing details, and transaction history. Payment processing is handled by Stripe, Inc. — we do not store full credit card numbers on our servers.
• Communication Data: Messages, emails, consultation notes, content briefs, and feedback you provide to our team.
• Content & Media: Photos, videos, audio recordings, scripts, brand assets, and other materials you provide for content production.

1.2 Biometric & AI Clone Data

• Voice Data: Audio recordings of your voice captured during AI clone sessions, used to create your digital voice model.
• Likeness Data: Video and photographic captures of your face, expressions, and mannerisms used to create your digital likeness model.
• Biometric Identifiers: Voiceprints, facial geometry data, and expression mapping data derived from capture sessions.

Important: We collect biometric data only with your explicit written consent, provided during the AI clone onboarding process. You may revoke this consent at any time (see Section 7).

1.3 Automatically Collected Information

• Device Information: Browser type, operating system, device identifiers, and screen resolution.
• Usage Data: Pages visited, time spent on pages, click patterns, and navigation paths on our website.
• Log Data: IP address, access times, referring URLs, and server response codes.
• Location Data: Approximate geographic location derived from IP address (city/region level only).

We use the information we collect for the following purposes:

2.1 Service Delivery

• Process bookings and manage your studio sessions
• Create and maintain your AI voice and/or likeness clone
• Produce and deliver video content
• Manage retainer subscriptions and content calendars
• Process payments and send invoices
• Provide customer support and respond to inquiries

2.2 Service Improvement

• Improve our AI technology using anonymized, aggregated data (never individual clone data)
• Analyze website usage to improve user experience
• Develop new features and services
• Conduct internal research and analytics

2.3 Communications

• Send booking confirmations and session reminders
• Deliver content and project updates
• Send billing notifications and receipts
• Provide service announcements and policy updates
• Marketing communications (only with your opt-in consent)

2.4 Legal & Safety

• Comply with legal obligations and respond to lawful requests
• Protect against fraud, abuse, and unauthorized access
• Enforce our Terms and Conditions
• Protect the rights, property, and safety of our company and clients

Given the sensitive nature of AI clone data, we apply enhanced protections:

3.1 Collection & Consent

AI clone data (voice recordings, likeness captures, and derived biometric identifiers) is collected only during scheduled capture sessions and only after you have provided explicit written consent via our AI Clone Consent Form. This consent is separate from general Terms acceptance and specifically covers biometric data collection.

3.2 Processing & Storage

Your AI clone data is:

• Processed exclusively on Zen's proprietary infrastructure — never on third-party consumer AI platforms
• Encrypted at rest using AES-256 encryption
• Encrypted in transit using TLS 1.3
• Stored in access-controlled environments with multi-factor authentication requirements
• Accessible only to authorized Zen AI engineers with a legitimate business need

3.3 Usage Limitations

Your AI clone data will only be used to:

• Generate content that you have authorized (via content briefs, retainer agreements, or direct requests)
• Maintain and refresh your clone model as needed
• Troubleshoot technical issues with your specific clone

Your AI clone data will never be used to:

• Train general-purpose AI models
• Generate content without your authorization
• Share with, sell to, or license to third parties
• Create derivative works not authorized by you

3.4 Deletion

You may request complete deletion of your AI clone data at any time by submitting a written request to [email protected]. Upon receiving a valid deletion request:

• All voice model data will be permanently deleted within 30 days
• All likeness model data will be permanently deleted within 30 days
• All raw capture session recordings will be permanently deleted within 30 days
• You will receive written confirmation of deletion
• Previously generated content (already delivered to you) will not be affected

Note: Deletion is permanent and irreversible. A new capture session (at standard pricing) will be required to recreate your AI clone.

4.1 Infrastructure

We store data on secure, enterprise-grade infrastructure with the following protections:

• SOC 2 Type II compliant hosting environments
• AES-256 encryption at rest for all sensitive data
• TLS 1.3 encryption for all data in transit
• Regular security audits and penetration testing
• Automated backup systems with geographic redundancy
• Role-based access controls with principle of least privilege
• Multi-factor authentication for all administrative access

4.2 Payment Security

Payment processing is handled by Stripe, Inc., a PCI DSS Level 1 certified payment processor. We never store, process, or transmit full credit card numbers on our own servers. All payment data is tokenized and managed within Stripe's secure infrastructure.

4.3 Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify affected individuals within 72 hours of discovery, in accordance with applicable state and federal laws. Notification will include the nature of the breach, types of data affected, steps taken to mitigate harm, and recommended actions for affected individuals.

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not participate in data broker networks or advertising data exchanges.

5.2 Service Providers

We share limited data with trusted service providers who assist in delivering our Services:

• Stripe, Inc.: Payment processing (billing information only)
• Email Service Provider: Transactional emails (email address and name only)
• Analytics Provider: Anonymous website usage data (no personally identifiable information)
• Cloud Infrastructure: Secure data hosting (encrypted data only)

All service providers are bound by data processing agreements that limit their use of your data to the specific services they provide to us.

5.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request. We will notify you of such requests when legally permitted to do so.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

6.1 Cookies We Use

6.2 No Advertising Trackers

We do not use advertising cookies, retargeting pixels, or cross-site tracking technologies. We do not share browsing data with advertising networks.

6.3 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of our booking system and account features. Analytics cookies can be disabled without affecting core functionality.

You have the following rights regarding your personal data:

7.1 Access & Portability

You may request a copy of all personal data we hold about you in a structured, machine-readable format. We will fulfill access requests within 30 days.

7.2 Correction

You may request correction of inaccurate or incomplete personal data at any time by contacting us.

7.3 Deletion

You may request deletion of your personal data, subject to our legal retention obligations. For AI clone data specifically, see Section 3.4.

7.4 Consent Withdrawal

You may withdraw consent for biometric data processing at any time. Withdrawal does not affect the lawfulness of processing performed before withdrawal. Upon withdrawal, your AI clone will be deactivated and data deleted per Section 3.4.

7.5 Opt-Out of Marketing

You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us directly. Transactional communications (booking confirmations, delivery notifications, billing) are not affected by marketing opt-out.

7.6 How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected] with the subject line "Privacy Rights Request." We will verify your identity before processing any request and respond within 30 days.

After the retention period expires, data is securely deleted or anonymized. Anonymized data (which cannot be linked back to you) may be retained indefinitely for statistical and research purposes.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a minor, please contact us immediately.

AI clone services are available only to individuals 18 years of age or older. Minors may appear in studio session recordings only with the written consent of a parent or legal guardian who is present during the session.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information (including biometric data) to purposes necessary for providing the Services.

To exercise these rights, contact us at [email protected] or call us during business hours. We will respond to verified requests within 45 days.

The Content Lab is located in and operates from the United States. If you access our Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our Services, you consent to the transfer of your information to the United States. If you are located in the European Economic Area (EEA) or United Kingdom, we will ensure appropriate safeguards are in place for any data transfers, including Standard Contractual Clauses where applicable.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:

• We will update the "Last updated" date at the top of this page
• We will notify active clients via email at least 30 days before changes take effect
• For changes affecting AI clone data handling, we will require renewed consent

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: