Zaovra Privacy Policy

Status: Draft for legal review — owner-approved product terms as of 2026-05-31
Last updated: 2026-05-31

1. Overview

This Privacy Policy explains how Guangzhou Guangzhan Intelligent Technology Co., Ltd. (广州光栈智能科技有限责任公司) ("we", "us", "Zaovra") handles information when users create an account, subscribe, activate devices, install, and use Zaovra.

Contact: support@zaovra.com

Website: https://zaovra.com

2. Information Zaovra May Process

Zaovra may process the following categories of information:

Account and billing information

  • email address and authentication identifiers
  • subscription status, plan, billing provider references, and payment-related metadata handled by our payment processors
  • support communications

License and device information

  • license status, plan, expiration date, and grace-period status
  • device activation status and device metadata needed for entitlement enforcement
  • hashed device token or installation identifier
  • license server response metadata such as verification timestamps

Device tokens are stored using secure mechanisms where available. Plaintext device tokens should not be stored in ordinary app-data files; where comparison is needed, Zaovra stores only a hash.

Device and app information

  • app version
  • operating system and architecture
  • installation or release channel information

Configuration information

  • API provider settings
  • model or provider selection
  • proxy settings
  • local app preferences
  • MCP server configuration

API keys, license tokens, and similar secrets should use the operating system keychain or keyring where feasible.

Diagnostic information

If the user opts in to optional crash reporting or product analytics, Zaovra may process:

  • error category
  • app version
  • session or run identifiers
  • redacted or hashed project paths
  • failure reason
  • logs with secrets and user paths redacted where supported

By default, Zaovra does not send crash reports or product analytics unless the user explicitly opts in through in-app consent or settings.

Crash and analytics data should not include prompt text, source code, secrets, full local paths, or raw file contents unless the user explicitly provides them for support.

Local project data

Zaovra is designed to work with local project files and developer workflows.

By default, local project files remain on the user's device unless the user runs a workflow that sends content to a configured model provider, MCP server, cloud service, or other third-party integration.

3. Information Sent to Third Parties

Depending on user configuration and product features, Zaovra may interact with:

  • authentication and account services on zaovra.com
  • license and device entitlement services on zaovra.com
  • payment processors such as Stripe and Creem
  • model providers configured by the user
  • MCP servers configured by the user
  • update and release servers operated by Zaovra
  • optional crash or analytics services, only if the user opts in

Third-party services process information under their own terms and privacy policies. Users are responsible for reviewing third-party model and tool configurations they enable.

4. License Verification and Offline Grace

Zaovra contacts license services on zaovra.com to verify subscription status, device activation, plan, expiration, and release eligibility.

Zaovra may cache a recent successful license verification locally to support an offline grace period of up to 7 days when the user was previously fully active.

5. Crash Reports and Analytics

Zaovra does not send crash reports or product analytics unless the user opts in.

Users may decline optional analytics or crash reporting in product settings where available. Declining optional telemetry does not affect core paid features that the user's subscription entitles them to use.

6. Data Retention

Unless a shorter or longer period is required by law or necessary to resolve a support matter, we use the following defaults:

  • license verification and entitlement audit logs: up to 12 months
  • optional crash or diagnostic reports: up to 12 months
  • support tickets: as needed to resolve the issue and meet legal obligations
  • local app settings and workspace data: until the user deletes app data or uninstalls the product

7. User Choices

Users may:

  • deactivate a device where supported in the account portal or app;
  • clear local license cache where supported;
  • decline optional diagnostics or analytics;
  • delete local app data using operating system tools;
  • contact support@zaovra.com for privacy-related requests.

8. Security

Zaovra uses reasonable technical measures to protect information, including:

  • OS keyring or keychain for sensitive settings where available;
  • redaction of known secrets in diagnostic exports;
  • scoped local file access controls;
  • token-protected local web gateway where applicable;
  • HTTPS/TLS for network license and account checks where applicable.

No security system is perfect.

9. International Transfers

If users access hosted account, license, billing, update, or optional diagnostic services, information may be processed in jurisdictions different from the user's location.

We take reasonable steps to protect information handled through our service providers and hosted infrastructure.

10. Children

Zaovra is intended for developers and business users. It is not directed to children.

11. Changes

We may update this Privacy Policy from time to time. Material changes should be announced through the app, website, release notes, or account portal.

12. Contact

Privacy and support contact: support@zaovra.com

Privacy Policy | zaovra