Skip to main content

Privacy Policy

Last Updated: November 6, 2025

1. Introduction

CALAWU AB ("we," "us," or "our") operates Zekt (the "Service"), an AI-powered workflow orchestration platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant privacy legislation.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your email address, display name, phone number, and address
  • Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
  • Communication Data: Messages you send through our support channels or contact forms

2.2 Information from GitHub

When you authenticate via GitHub OAuth, we collect:

  • Profile Information: GitHub username, user ID, email address, avatar URL, profile URL
  • OAuth Token: Access token to perform actions on your behalf (stored encrypted)
  • Repository Data: Names, contents, and metadata of repositories you grant access to
  • Organization Data: Organization memberships and repository access within organizations
  • Activity Data: Information about your GitHub activity relevant to workflow orchestration

2.3 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, workflow executions
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Log Data: Application logs, error reports, performance metrics
  • Cookies: Authentication cookies, session management, preference storage

2.4 Workflow and Execution Data

  • Workflow configurations and definitions
  • Execution logs and results
  • Performance metrics and analytics
  • AI-generated recommendations and insights

3. How We Use Your Information

3.1 Service Delivery

  • Provide, operate, and maintain the Zekt platform
  • Execute workflows and automate tasks on your behalf
  • Authenticate and authorize access to your account
  • Process payments and manage subscriptions
  • Sync data with your GitHub repositories

3.2 Service Improvement

  • Analyze usage patterns to improve features and user experience
  • Train and improve AI models for workflow optimization
  • Debug and fix technical issues
  • Develop new features and capabilities

3.3 Communication

  • Send service-related notifications and updates
  • Respond to support requests and inquiries
  • Send important account and security notifications
  • Send marketing emails (with your consent, which can be withdrawn anytime)

3.4 Security and Compliance

  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our Terms of Service
  • Protect our rights, property, and safety, and that of our users

4. Data Storage and Security

4.1 Storage Location

Your data is stored in Microsoft Azure data centers. We use Azure Cosmos DB (serverless, free tier) for customer data with partition-based multi-tenancy to ensure data isolation between customers.

4.2 Security Measures

  • Encryption: Data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Access Controls: Role-based access control (RBAC) and least privilege principles
  • Authentication: Secure OAuth 2.0 flow with GitHub
  • Token Storage: GitHub OAuth tokens encrypted with Azure Key Vault
  • Monitoring: Continuous security monitoring and logging via Application Insights
  • Backups: Regular automated backups with geographic redundancy

4.3 Data Retention

  • Active Accounts: Data retained for the duration of your subscription
  • Deleted Accounts: Data permanently deleted within 30 days of account deletion
  • Logs: Application logs retained for 90 days for debugging and security purposes
  • Backups: Backup retention follows Azure's standard policies (30-90 days)

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share data with trusted service providers who assist in operating our Service:

  • Microsoft Azure: Cloud hosting and infrastructure
  • GitHub: Authentication and repository access
  • Stripe: Payment processing (they have their own privacy policy)
  • Email Services: Transactional and marketing email delivery

These providers are contractually obligated to protect your data and use it only for specified purposes.

5.2 Legal Requirements

We may disclose your information if required by law, legal process, or to:

  • Comply with court orders, subpoenas, or government requests
  • Enforce our Terms of Service or protect our rights
  • Prevent fraud, security threats, or illegal activities
  • Protect the safety of users or the public

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to this Privacy Policy.

5.4 No Selling of Data

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes.

6. AI and Data Processing

6.1 AI-Powered Features

Zekt uses artificial intelligence to analyze workflows, suggest optimizations, and automate tasks. This involves processing your workflow data, repository content, and execution logs.

6.2 Data Used for AI Training

We may use aggregated, anonymized data to train and improve our AI models. This data cannot be used to identify individual users or reconstruct specific workflows.

6.3 Third-Party AI Services

We may use third-party AI services (e.g., Azure OpenAI, GitHub Models) for specific features. Data sent to these services is processed according to their privacy policies and data processing agreements.

7. Your Rights and Choices

7.1 Access and Portability

  • Request a copy of your personal data in a structured, machine-readable format
  • Export your workflow configurations and execution data

7.2 Correction and Update

  • Update your account information through Account Settings
  • Contact us to correct inaccurate data

7.3 Deletion

  • Delete your account and all associated data through Account Settings
  • Data is permanently deleted within 30 days
  • Note: Some data may be retained for legal or legitimate business purposes

7.4 Marketing Opt-Out

  • Unsubscribe from marketing emails via the link in each email
  • Manage email preferences in Account Settings
  • Note: You will still receive essential service-related emails

7.5 Cookie Management

  • Configure cookie preferences in your browser settings
  • Note: Disabling cookies may affect service functionality

7.6 Revoke GitHub Access

  • Revoke Zekt's access in your GitHub settings at any time
  • This will disconnect your account from GitHub but won't delete your Zekt account

8. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including:

  • EU Standard Contractual Clauses
  • Azure's compliance certifications (ISO 27001, SOC 2, etc.)
  • Data processing agreements with sub-processors

10. Changes to Customer Data Over Time

As we develop new features and capabilities, we may collect or process additional types of data. Examples of potential future data collection include:

  • Billing History: Invoice records and payment history (when implemented)
  • Team Collaboration: Team member data, shared workflows, permissions (when multi-user features launch)
  • Integration Data: Data from third-party integrations beyond GitHub
  • Advanced Analytics: More detailed usage metrics and performance data
  • Notification Preferences: Webhook endpoints, Slack channels, email notification settings

We will update this Privacy Policy and notify you of material changes that affect how we handle your data.

11. Cookies and Tracking

11.1 Types of Cookies We Use

  • Essential Cookies: Required for authentication and core functionality
  • Performance Cookies: Help us understand how you use the Service
  • Preference Cookies: Remember your settings and preferences

11.2 Third-Party Tracking

We use Application Insights for monitoring and analytics. This may involve tracking your usage across sessions to improve service quality.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by law, typically within 72 hours of discovery.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@zekt.dev
  • Data Protection Officer: dpo@zekt.dev
  • Company: CALAWU AB
  • Address: Sweden

14. Updates to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

  • Email notification to your registered email address
  • Prominent notice on our website
  • In-app notification when you next log in

Continued use of the Service after changes indicates acceptance of the updated Privacy Policy.

15. GDPR Compliance

For users in the European Economic Area (EEA), we comply with GDPR requirements:

  • Legal Basis: We process your data based on contract performance, legitimate interests, and consent
  • Data Protection Officer: Available at dpo@zekt.dev
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority
  • Right to Object: You can object to processing based on legitimate interests
  • Automated Decision-Making: We use AI for recommendations but you can request human review