Privacy Policy | Jace AI

Privacy Policy

Last Updated: February 11, 2025

1. Introduction

Welcome to Zeta AI, Inc. ("Zeta AI," "we," "us," or "our"). We operate the Jace.ai email assistant service (the "Service"), which is designed to integrate with your email (currently Gmail) to enhance your email productivity using artificial intelligence ("AI"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service, and outlines your rights and choices. By using the Service, you agree to the data practices described in this Privacy Policy.

2. Information We Collect

We only collect personal data that is necessary to provide and improve our Service. This includes:

  • Account Information: When you create an account, we collect information such as your name, email address, and authentication tokens.
  • Email Content and Metadata: With your permission, we access the content of your emails (including subject lines, bodies, attachments) and related metadata (such as sender, recipient, dates, and labels). This may include backfilling your historical emails into our systems to enable our AI features (for example, to learn your writing style or help search your email history).
  • Usage Data: We collect data about how you interact with our Service. This includes features you use, actions taken (e.g. AI-generated drafts accepted or edited), and timestamps. We may also collect device and browser information (such as IP address, browser type, operating system) and cookies or similar tracking technologies to remember your preferences and analyze usage.
  • Communications with Us: If you contact us (for example, via customer support or email), we will collect the information you provide in those communications.

We do not knowingly collect sensitive personal data (such as financial information, health information, or information on children – see Children's Privacy below) unless necessary for the Service and provided by you.

3. How We Use Your Information

Zeta AI uses the collected information for the following purposes:

  • Provide and Operate the Service: We use your account and email data to deliver the core Service functionality. For example, we analyze your emails (with your consent) to draft responses, summarize threads, schedule meetings, or perform other AI-assisted email tasks at your request.
  • AI Processing: Your email content and context are processed by our AI systems and third-party AI providers to generate outputs (like email drafts or summaries). This processing is automated and solely aimed at assisting you; we do not allow our AI providers to use your data to train their general models or for any purpose other than providing our Service to you.
  • Service Improvement: We may use aggregated or anonymized data (data that cannot identify you personally) to understand how our users interact with the Service and to improve our features and algorithms. For example, usage patterns or feedback may be analyzed to enhance AI accuracy or user experience. Any AI model improvement that uses user data is done in anonymized or aggregate form.
  • Communication: We use contact information to send you Service-related communications, such as important announcements, updates, security alerts, or customer support responses. We may also send occasional product updates or marketing communications if you have opted in, but you can opt out of those at any time.
  • Compliance and Protection: We may process personal data as required to comply with applicable laws, regulations, and legal obligations (for example, to respond to lawful requests by public authorities). We also process data as necessary to enforce our Terms of Use, to detect or prevent fraud or abuse of the Service, and to protect the rights and safety of our users, Zeta AI, and others.

4. How We Disclose or Share Information

We do not sell your personal data to third parties. However, we do share certain information with trusted third parties in the following circumstances, only to the extent necessary to provide and support our Service, and always pursuant to appropriate safeguards and contracts:

  • Service Providers: We use third-party vendors to host and operate the Service and its infrastructure. For example, our applications and data are hosted on Amazon Web Services (AWS) (cloud storage and servers), Pinecone and we utilize Modal.com or similar cloud processing platforms to run our back-end operations. These providers may process and store your data on our behalf solely to provide the Service (e.g., storing your emails and embeddings securely, or performing AI computations).
  • AI Technology Partners: Our AI features are powered by third-party AI providers such as OpenAI, Anthropic, Google Vertex AI, or Azure AI. When you invoke an AI feature (for instance, asking the assistant to draft an email), relevant portions of your data (e.g. the email thread content or a prompt derived from it) are sent to these AI providers to generate a response. We contractually or technologically ensure that these providers use your data only to deliver the requested output to you and do not retain it or use it to train their general AI models.
  • Analytics: We use analytics tools (specifically PostHog) to collect anonymized or pseudonymized analytics data about how users use our Service. This helps us understand usage patterns and improve the product. PostHog may set cookies or similar trackers for these purposes. You can opt out of analytics tracking – if you do not want PostHog (or similar analytics) to track your interactions, you may enable the "Do Not Track" setting in your web browser, or use any opt-out mechanism we provide. You may also contact us at any time to request disabling of analytics for your usage, and we will honor such requests if feasible.
  • Google Integration: Our Service integrates with Gmail via Google's OAuth 2.0 and Gmail API. As such, your data is also subject to Google's API Services User Data Policy. We access your Gmail data only after you grant explicit permission through the Google OAuth consent screen. You can revoke our access at any time via your Google Account settings. We share data with Google only as needed for the integration (for example, sending draft emails or applying labels through the Gmail API at your request). We do not disclose your email content to any other third parties except our AI processors as described above. We affirm that Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models.(Learn more)
  • Legal Compliance and Protection: We may disclose your information if required to do so by law or in response to valid legal process (e.g., a subpoena, court order, or government request). We may also disclose data if we believe in good faith that it is necessary to investigate or prevent illegal activities, fraud, or situations involving potential threats to the safety of any person, or to enforce our Terms of Use or protect our rights and property.
  • Business Transfers: If Zeta AI is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of Service to another provider, your information may be disclosed to our advisers and the prospective or new owners of the business or Service, but will remain subject to the protections of this Privacy Policy.

Third-Party Websites or Services: The Service may contain links to external sites or services that are not operated by Zeta AI (for example, a link to our blog or a help center hosted on another domain). If you click those links, you will be directed to third-party sites which have their own privacy policies. We are not responsible for the content or privacy practices of those external sites, and we encourage you to review their privacy policies.

5. Data Storage and Security

Where We Store Data: Your data may be stored and processed on servers in the United States (for example, in AWS data centers) or other jurisdictions where our service providers maintain facilities. We strive to store data in locations with strong data protection standards. If you are an international user, note that your information may be transferred to and processed in the U.S. or other countries which may not have the same data protection laws as your home country. However, when we transfer personal data out of regions like the European Economic Area (EEA) or United Kingdom, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or other lawful transfer mechanisms) to protect your information in accordance with applicable laws.

Security Measures: Zeta AI takes the security of your personal data seriously. We implement industry-standard technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include encryption of data in transit (e.g., using HTTPS for our website and API calls) and at rest, access controls to limit access to personal data on a need-to-know basis, and regular review of our security practices. We also monitor for potential vulnerabilities and attacks. You also play a role in protecting your information by keeping your account credentials confidential and by notifying us immediately of any unauthorized use of your account.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law or legitimate business purposes. In general:

  • Account Data & Emails: If you have an active account, we retain the data you've provided or that we've collected (including your emails and related data) for as long as you continue to use the Service. This allows us to provide you with ongoing access to historical insights and AI features. If you choose to delete your account or disconnect your email integration, we will initiate deletion of the emails and personal data associated with your account from our systems. This deletion will occur promptly upon your request or account closure, typically within 30 days, and in any event within the timeframe required by applicable law.
  • AI Data (Vectors/Derived Data): Any derived data (such as vector embeddings of your emails or other analytical data) will be deleted or disassociated from you when the underlying email content is deleted.
  • Analytics Data: Aggregate or de-identified analytics data (which no longer contains personal identifiers) may be retained for up to 12 months or more for service improvement analysis. This data cannot be linked back to any individual user.
  • Backup & Legal Retention: Backup copies of your data might persist for a limited time in our secure backups before they are automatically overwritten or purged. We also may retain certain information for longer if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements. Even if we delete data from our active systems, it may remain in backup archives for a period of time (with access restricted) until those archives are cycled out. We will not use that archived data for any other purpose except as required for safety, legal, or compliance obligations.

7. Your Rights and Choices

Access and Correction: You have the right to access the personal data we hold about you and to request correction of any inaccurate or incomplete information. Many account-related details can be reviewed and updated by you directly in our app. For any data not accessible through the app, you may contact us to request access or correction.

Deletion (Right to be Forgotten): You have the right to request deletion of your personal data. You may request that we delete the emails and other data we have collected from you by contacting us at team@zetalabs.ai. Upon receiving a verifiable deletion request, we will delete your personal data from our active databases within a reasonable timeframe and no later than required by applicable law. As noted in Data Retention above, please be aware that it may take up to the maximum legally permitted timeframe for all your data to be fully removed from our systems, including backups. We will confirm with you once the deletion is completed. If you simply disconnect our Service from your Gmail account via Google's security settings, we stop collecting new email data immediately; you may then follow up with us to ensure previously stored data is deleted if desired.

Withdrawal of Consent: If our processing of your personal data is based on your consent (for example, the initial connection to your Gmail via OAuth), you have the right to withdraw that consent at any time. You can disconnect the Service's access to your Google account at any time through your Google account permissions. If you withdraw consent or disconnect, we will no longer have access to new data from your account. You may also contact us to delete any previously collected data as described above.

Opt-Out of Marketing Communications: If you have subscribed to any optional newsletters or marketing emails, you can opt-out at any time by clicking the "unsubscribe" link in those emails or contacting us. Note that you will still receive transactional or service messages (for example, password reset emails or important notices about the Service) as these are necessary for our contractual relationship.

Opt-Out of Analytics/Tracking: As mentioned, you can opt out of analytics tracking by enabling Do Not Track or contacting us. Additionally, most browsers allow you to refuse or delete cookies. However, disabling cookies may affect the functionality of certain parts of the Service (for instance, remaining logged in).

Authorized Agents: If you are an individual in certain jurisdictions (such as the EU, UK, or California), you may designate an authorized agent to make requests on your behalf. We will take steps to verify the identity of the person making the request and their authority to act on your behalf as required by law.

Additional Rights for EEA/UK Users (GDPR): If you are located in the European Economic Area or United Kingdom, you have certain additional rights under the General Data Protection Regulation (GDPR) and UK GDPR. These include the right to object to some processing, the right to restrict processing of your data, and the right to data portability (to receive a copy of your data in a commonly used machine-readable format). You also have the right to lodge a complaint with a Data Protection Authority (DPA) or other supervisory authority if you believe our processing of your personal data violates the law. We encourage you to contact us first, and we will do our best to address your concerns.

California Privacy Rights: If you are a resident of California, you are entitled once a year to request and obtain information about any personal information we shared with third parties for direct marketing purposes in the preceding calendar year. However, please note that we do not disclose personal information to third parties for direct marketing without consent. Additionally, if you are covered by the California Consumer Privacy Act (CCPA), you have rights similar to those above (access, deletion, etc.), which we honor. We do not "sell" personal information as defined by the CCPA.

8. Children's Privacy

Our Service is not intended for children. We do not knowingly collect personal data from anyone under the age of 16 (and in certain jurisdictions, under 13). If you are under the minimum age applicable in your country, please do not use our Service or provide any personal information to us. If we learn that we have inadvertently collected personal data from a child without proper consent, we will delete that information as soon as possible. If you believe a child under the applicable age may have provided us personal data, please contact us immediately at team@zetalabs.ai so that we can take appropriate actions.

9. International Users and GDPR Compliance

Zeta AI, Inc. is a company based in the United States, but we serve users around the world. When using our Service, you acknowledge that your personal data may be processed in the U.S. and other jurisdictions as explained above. We are committed to complying with applicable data protection laws, including the GDPR for users in the European Union (EU), European Economic Area (EEA), and equivalent laws in the UK and other jurisdictions.

For EU/EEA/UK users: Zeta AI, Inc. is the "data controller" responsible for your personal data processed by the Service. We rely on several legal bases to process your data, including: (i) processing that is necessary for us to provide the Service to you (performance of a contract, e.g. analyzing your emails to draft responses, which is the core function you request by using the Service), (ii) your consent (for connecting your email account and any optional features), and (iii) our legitimate interests in improving and securing our Service (balanced with your data protection rights). We will provide reasonable cooperation to enable you to exercise your rights as described in Section 7.

If required by law, we may appoint a representative or point of contact in the EU or UK for data protection matters and will update this Privacy Policy with their details.

10. Changes to this Privacy Policy

We may update or modify this Privacy Policy from time to time as our Service and legal requirements evolve. If we make material changes, we will notify you by appropriate means such as by emailing you (if we have your email on file) and/or by posting a prominent notice within the Service. The "Last Updated" date at the top of this Policy indicates when the latest changes were made. We encourage you to review this Privacy Policy periodically for any updates. Your continued use of the Service after any modifications to this Policy will signify your acknowledgment of the modified Policy and agreement to its terms.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: team@zetalabs.ai

Address: Zeta AI, Inc.
2810 N Church St, PMB 20589
Wilmington, Delaware 19802, USA

We will respond to your inquiries as soon as possible, and in any event within any timeframes required by law. Your privacy is important to us, and we welcome your feedback.

Thanks!

Cookie Preferences

We use cookies to enhance your experience. Choose your preferences below. Read about our privacy policy here.