Privacy Policy

Last updated: April 1, 2026

Overview

ZoarkAI operates the ZoarkBot software and the app.zoarkai.org portal. This Privacy Policy explains what data we collect, how we use it, and your rights. ZoarkBot is a self-hosted product — the vast majority of your data stays on your own machine and never leaves it.

1. Data We Collect

Via the portal (app.zoarkai.org)

  • Account data — email address and name (collected via Clerk authentication)
  • Payment data — handled entirely by Stripe. We never store card numbers or bank details.
  • License data — subscription tier, license key, hashed machine IDs, activation timestamps
  • Download logs — timestamp, OS type, IP address (retained 90 days for fraud prevention)

Via the ZoarkBot software (running on your machine)

  • Machine ID — a one-way SHA-256 hash of your platform + hostname + MAC address prefix. Cannot be reversed. Sent to license.zoarkai.org solely for machine-count enforcement.
  • License validation pings — your license key and machine ID, sent every ~23 hours to validate your subscription status.
  • Automation memory — stored entirely on your local machine. We do not receive or store any content from your emails, social posts, calendar events, files, or AI conversations.

What we do NOT collect:

  • Keystrokes or clipboard contents
  • Screen recordings or screenshots
  • Contents of your emails, messages, or documents
  • Your AI agent conversations or task history
  • Social media credentials (stored locally by you)
  • File contents from your machine

2. How We Use Your Data

  • Validating your license and enforcing subscription tier limits
  • Processing payments and managing subscriptions via Stripe
  • Sending transactional emails (license keys, receipts, renewal notices)
  • Detecting fraud and enforcing machine-count limits
  • Responding to support requests

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

  • Clerk (clerk.com) — authentication. Governed by Clerk’s Privacy Policy.
  • Stripe (stripe.com) — payment processing. Governed by Stripe’s Privacy Policy.
  • SendGrid (sendgrid.com) — transactional email delivery.

4. Data Retention

  • Account data — retained while active + 90 days after deletion
  • Payment records — 7 years (legal/tax compliance)
  • Download logs — 90 days
  • License validation logs — 30 days

5. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Object to or restrict processing
  • Data portability

To exercise these rights, email [email protected]. We respond within 30 days.

6. Security

License keys and JWTs are signed with RS256. All communications between ZoarkBot and our servers use TLS. Our license server database is backed up daily with 30-day retention. Admin endpoints require API key authentication. Stripe and Clerk webhooks are signature-verified.

7. Children

ZoarkBot is not intended for users under 18 years of age. We do not knowingly collect data from minors.

8. Changes

Material changes will be notified via email or portal notice. Continued use constitutes acceptance.

9. Contact

Privacy inquiries: [email protected]