Privacy Policy

Zamski provides AI-powered intelligence for engineering teams. This Privacy Policy explains how we collect, use, and protect your data when you use our platform.

We're a startup building in public. This policy will evolve as we grow. We'll email you if we make material changes.

When you use Zamski, we collect:

• Authentication: Email, name, user ID (via Auth0 login)
• OAuth Tokens: Encrypted access tokens for platforms you connect (JIRA, GitHub, Slack, Zoom, etc.)
• Workspace Data: Tickets, code, messages, meeting transcripts from connected platforms
• Usage Data: How you use Zamski (for improving the product)

Read-Only Access: We request read-only permissions. We don't modify, delete, or create data in your connected platforms.

What We DON'T Collect

• ❌ Browsing history outside connected platforms
• ❌ Keyboard input outside Zamski
• ❌ Personal files or documents
• ❌ Credit card details (handled by Stripe if we charge in the future)

We use your data to:

• Provide the service you signed up for (intelligence, insights, recommendations)
• Improve our AI using aggregated, anonymized data (we don't train on your specific data)
• Fix bugs and improve performance
• Send you updates about the product (you can unsubscribe)

We don't sell your data. Ever.

We share your data only with services that help us run Zamski:

AI Processing

• Anthropic (Claude) and OpenAI - Process your data for AI insights
• Your data is NOT used to train their models

Infrastructure

• AWS - Hosting and storage (encrypted at rest and in transit)
• ArangoDB - Database (encrypted)
• Stripe - Payment processing if/when we charge (we don't see your card details)

Connected Platforms

• JIRA, GitHub, Slack, Zoom, etc. - When you connect them, we access data via their APIs per their privacy policies

We never: Sell your data • Share with advertisers • Give data to competitors • Use your data for unrelated marketing

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Your data is isolated by organization - you can only see your own
• OAuth Security: Tokens are encrypted and automatically refreshed
• No Raw Passwords: We use Auth0 for authentication (we never see your password)

Found a security issue? Email us immediately: [email protected]

If There's a Breach

If your data is compromised, we'll email you within 72 hours with details and next steps.

Recording Consent (Zoom & Similar Tools)

If you connect tools that record or transcribe meetings (like Zoom), YOU are responsible for:

• Notifying all participants that transcription/recording is active
• Obtaining required consent per local laws (varies by location)
• Following your organization's policies

Zamski provides the tool. You handle the legal compliance. When in doubt, ask your legal team or announce it at the start of meetings.

Workspace Authorization

Make sure you have permission to connect your organization's accounts (JIRA, GitHub, etc.) to Zamski. We're not responsible if you connect accounts without proper authorization.

How Long We Keep Your Data

We keep your data as long as you're using Zamski, plus a reasonable period after you disconnect platforms (usually 30-90 days for cached analysis).

How to Delete Your Data

• Disconnect a platform: Revokes OAuth access immediately
• Delete your account: Email [email protected] (we'll process within 30 days)
• Download your data: Email us and we'll send it to you

Your Legal Rights (GDPR/CCPA)

If you're in the EU or California, you have additional rights:

• Access: Get a copy of your data
• Correct: Fix inaccurate data
• Delete: Request deletion ("right to be forgotten")
• Export: Get your data in a portable format

To exercise these rights, email [email protected]. We'll respond within 30 days.

We're here to help. Email us anytime:

• Privacy questions: [email protected]
• Security issues: [email protected]
• General support: [email protected]

Remember: This policy will evolve as Zamski grows. We'll email you about material changes.