What we collect
- Account. Email + hashed password (never plaintext). Used for sign-in, password reset, invites, and rare service announcements.
- Run data. Objectives you submit, files you attach, the agent's plan / tool calls / observations / outputs, and metadata (timing, status, token usage).
- Org & billing. Org name + members, plan tier, payment-provider invoice IDs. We never see card numbers.
- Audit log. Mutations to secrets, schedules, webhooks, triggers, outcomes — recorded with actor, IP, and user-agent.
- Diagnostics. Aggregated request-rate, error, and latency metrics. No request bodies are kept for analytics.
How we use it
To operate the service: route your objectives to LLM providers, run sandboxed tools, stream traces, enforce plan limits, deliver webhooks.
We do not sell your data and we do not train on it.
Secrets handling
Credentials stored in the secrets vault are AES-256-GCM-encrypted at rest. Plaintext is decrypted only inside the workspace at run-time, and a redactor removes the values from logs before they are persisted.
Retention
Run data and artifacts persist until you delete them or delete your account. Audit log entries persist indefinitely for security investigation. Backups are retained for 30 days.
Your rights
You can export or delete any run, artifact, secret, or audit row from the in-app dashboards. Account deletion (Settings → Workspace → Danger zone) removes your personal data immediately, subject to backup retention above.
Contact
Questions about data handling? Email [email protected].
ZOYYA is a product of Efolusi.
See also: Terms of Service · Docs