This Privacy Policy explains how Zombify, a product operated by Firststab (Pty) Ltd, a company incorporated in the Republic of South Africa ("we," "our," or "us"), collects, uses, and protects your Personal Information.
By using Zombify, you agree to this Privacy Policy, which must be read together with our Terms of Service, Cookie Policy, and AI Disclaimer.
1.1 Operator: Firststab (Pty) Ltd, operating Zombify
1.2 Location: Republic of South Africa
1.3 Contact: hi@zombify.ai
2.1 "Personal Information" means information as defined under the Protection of Personal Information Act, 4 of 2013 ("POPI"), including information by which you can be identified, such as your name, address (including email), race, gender, and age.
2.2 We will only collect Personal Information by lawful means and for a specific communicated purpose.
2.3 We will process Personal Information only for the specific purpose for which it was collected.
2.4 We will not sell, distribute, or disclose any Personal Information unless we have your consent or it is required or permitted by law.
2.5 We will retain your Personal Information only as long as necessary to fulfil the purpose for which it was collected.
2.6 You may request access to, or deletion of, your Personal Information by emailing hi@zombify.ai.
2.7 Analytics data is anonymised or pseudonymised where possible.
3.1 Account Information
a. Email address and password (for manual registration).
b. Profile and authentication data from Google or Discord SSO.
c. Optional marketing consent preference.
3.2 Uploaded Content
a. Images and related files you upload for AI analysis.
b. Associated metadata and AI-generated results.
3.3 Usage Data
a. Analytics via PostHog and Vercel (page views, feature usage, and session events).
b. Cookies and local storage for authentication, attribution, and session management.
c. Device type, IP hash, and browser agent for abuse and rate-limit protection.
3.4 Payment Data
a. Payments are processed by Lemon Squeezy, which acts as Merchant of Record.
b. Zombify does not store complete payment information or card data.
4.1 We use cookies and local storage for:
a. Authentication (Supabase) – necessary.
b. Guest rate limiting – functional.
c. Analytics (PostHog, Vercel) – optional.
d. Attribution tracking – optional.
4.2 You can reject non-essential cookies via the cookie banner.
4.3 Refer to our Cookie Policy for detailed information.
5.1 To provide account access and authentication.
5.2 To process uploads and generate AI analyses.
5.3 To communicate necessary account and system updates.
5.4 To improve usability, quality, and performance of the Service.
5.5 To monitor and prevent abuse or unauthorised use.
5.6 We never sell Personal Information or AI-generated Data.
6.1 Data Type | Retention Policy
• Free user analyses – retain last ten (10), delete older automatically.
• Pro user analyses – retain last sixty (60), delete older automatically.
• Guest uploads – deleted daily if not linked to an account.
• Rate limiting logs – retained for 24 hours.
• View tracking logs – retained for 90 days.
• UTM attribution data – retained for 90 days (browser only).
• Email hash cooldown – 30 days after account deletion (for abuse prevention).
6.2 When a User deletes their account, all related data is permanently erased from Zombify's database.
6.3 Analytical and telemetry data may be retained in anonymised or aggregated form for statistical purposes.
6.4 You may request deletion or access to your data by emailing hi@zombify.ai.
7.1 Uploaded images and associated data are processed using OpenAI (GPT-5) and OCR systems for analysis generation.
7.2 AI processing occurs solely to provide the Service you request.
7.3 Zombify does not use uploaded content to train external AI systems.
7.4 AI results are stored in your account and deleted according to your plan's retention limits.
8.1 Performance of a contract – to deliver the Service you have requested.
8.2 Legitimate interest – to maintain security, analytics, and product improvement.
8.3 Consent – for cookies, analytics, and marketing communications.
9.1 We share limited data only with trusted service providers necessary for the operation of Zombify:
a. Lemon Squeezy – for billing and invoicing.
b. Supabase – for authentication and data storage.
c. PostHog and Vercel – for analytics and performance monitoring.
9.2 These providers are GDPR-compliant and implement secure, encrypted data handling.
10.1 Your Personal Information may be processed in or transferred to countries outside your country of residence.
10.2 Where Personal Information is transferred outside South Africa, such transfer will comply with section 79 of POPI and ensure the recipient is subject to laws or binding agreements that provide adequate levels of data protection.
10.3 In the event of a data breach that compromises your Personal Information, Zombify will notify you and the relevant data protection authority as required under POPI or applicable international law.
11.1 You have the right to:
a. Access your Personal Information.
b. Request correction or deletion of your data.
c. Withdraw consent for analytics or marketing.
d. Lodge a complaint with your local data authority.
11.2 To exercise these rights, email hi@zombify.ai.
12.1 Account, billing, and service-related emails are sent automatically as part of service delivery.
12.2 Marketing or promotional emails are sent only where you have expressly opted in.
12.3 All marketing emails contain an unsubscribe link.
13.1 Zombify is not directed to individuals under 18 years old.
13.2 Users aged 16 to 17 may use the Service only with the consent of a parent or legal guardian.
13.3 We do not knowingly collect or process Personal Information from anyone under 18 without such consent.
14.1 Data is encrypted in transit and at rest using Supabase infrastructure.
14.2 Access to Personal Information is restricted to authorised personnel only.
14.3 We use HTTPS, secure authentication, and other industry-standard protections.
14.4 While we maintain appropriate safeguards, no system is completely secure, and use of the Service is at your own risk.
15.1 Zombify may update or amend this Privacy Policy periodically.
15.2 If updates materially affect your rights or data usage, we will notify you by email or in-app notice before changes take effect.
15.3 Continued use of the Service after such notice constitutes acceptance of the revised policy.
For privacy or data-related matters, please contact:
Email: hi@zombify.ai