Legal

Privacy Policy

Last updated: 27 May 2026

Short version

Zoza is designed to be server-blind. We can't read your messages, your AI prompts, your browsing history, your wallet contents, or your trading positions. Most of the time we know nothing about you except that an opaque Ed25519 public key has paid for some credits. Razorpay knows your email and payment details — we don't.

1. What we collect

From the website (zoza.world)

From the buy flow

From the browser / app

From the push notifications surface

2. What we share

3. Brokerage credentials

If you link a broker (e.g. Binance) to Zoza for automated trade dispatch, your broker API key + secret are encrypted using the operator KMS before they enter our database. The unsealed credentials exist only briefly in the cloud agent's memory at dispatch time. We refuse to accept broker credentials with withdraw scope; only trade-execution scope is supported. Revoking a broker connection wipes the encrypted credential from our database.

4. Your rights

5. Security

Sensitive data is encrypted in transit (TLS) and at rest (D1's underlying SQLite encryption + KMS-sealed broker credentials). Vulnerability disclosures: security.txt or email [email protected].

6. Children

Zoza is not directed at users under 18 (or the age of majority in your jurisdiction). We do not knowingly collect data from children.

7. Changes

Material changes to this Policy will be posted here with an updated "Last updated" date.

8. Contact

Privacy questions: [email protected]. General support: [email protected].