Legal

Privacy Policy

Last updated July 6, 2026

Zsper is an AI writing partner with memory. That memory only works if you can trust it, so this policy is written to be read: what we collect, why, who touches it, and how you get it back or make it disappear. The short version — your writing is yours, we don't run ads, we don't sell data, and nothing you write is used to train AI models.

1. Who we are

Zsper (“Zsper”, “we”, “us”) is operated from India and provides an AI-assisted writing service for articles, newsletters, and LinkedIn posts at zsper.com (the “Service”). For anything in this policy, contact hello@zsper.com. We are the data fiduciary for the personal data described here under India's Digital Personal Data Protection Act, 2023 (DPDP Act).

2. What we collect

  • Account data. When you sign in with Google we receive your name, email address, and profile photo, plus a Google account identifier. Google sign-in is the only authentication method; we never see or store a password.
  • Your content. Everything you write, import, or approve inside your workspaces: topics, conversations with the writing assistant, outlines, drafts, published pieces, writing samples, reference notes, and the knowledge records and voice profile the Service learns from your writing.
  • Optional API keys. If you switch on bring-your-own-key (BYOK), the provider API keys you add. These are encrypted at rest with AES-256-GCM, never logged, and never displayed back in full.
  • Usage and billing data. Metering records for AI usage (feature, model, token counts, credit cost) and plan/trial state. The usage ledger stores counts, not the content of your prompts or drafts.
  • Technical data. Sign-in events (IP address, browser user-agent, time), operational logs needed to run and debug the Service, and — on your first visit — the referring page and campaign tags (UTM parameters) so we know how you found us.
  • Communications. Emails you send us and a log of the transactional emails we send you.

We do not use advertising trackers or third-party analytics cookies.

3. How we use it

  • Operate the Service: generate your drafts, maintain your workspace memory, and keep you signed in.
  • Personalise output — your knowledge records and voice profile exist solely to make your drafts sound like you, per workspace.
  • Meter usage, enforce fair-use limits, and administer your trial and (in future) subscription.
  • Send transactional email: sign-in and account notices, trial reminders, and product/service announcements that affect your account.
  • Keep the Service safe: prevent abuse, debug failures, and investigate suspected violations of our Terms.

We do not sell or rent personal data, share your content with other customers, use your content for advertising, or use your content to train AI models — ours or anyone else's.

4. AI processing and sub-processors

Generating a draft requires sending relevant parts of your content to large-language-model providers. We use a small set of vendors, each under terms that prohibit them from training their models on data sent through their business APIs:

  • OpenAI and Anthropic — draft generation, knowledge extraction, and text embeddings. Content is processed to produce your output and is not used for model training under their API data-usage policies.
  • Google — sign-in (OAuth) only.
  • Cloud infrastructure providers — hosting and managed databases where the Service and your data run.

If you enable BYOK, AI requests are routed to your own provider account instead, under your direct agreement with that vendor. We will notify account holders by email before adding a sub-processor that handles your content.

5. Cookies

We set one first-party session cookie so you stay signed in. It is HMAC-signed and httpOnly (unreadable by page scripts). A short-lived first-party cookie may hold the referral tags described above until account creation. That's the full list — no ad or cross-site tracking cookies.

6. Security

  • Data is encrypted in transit (TLS) and stored in managed databases with access controls.
  • BYOK API keys are encrypted at rest with AES-256-GCM using a dedicated key-encryption secret.
  • Sessions are signed; a raw user identifier is never trusted from the client.
  • Workspaces are isolated per account; nothing you write is visible to another customer.
  • Access to production data is restricted to the operator, for support and debugging only.

No internet service can promise perfect security. If we learn of a breach affecting your personal data, we will notify you and the relevant authorities as the DPDP Act and other applicable laws require.

7. Retention and deletion

We keep your data while your account is active so your memory keeps working. You can delete individual articles and knowledge records inside the app at any time. For full account deletion, email hello@zsper.com from your account address — we permanently remove your account, workspaces, articles, knowledge records, and stored API keys within 30 days, keeping only what billing and tax law obliges us to retain (invoice-level records, not content).

If your trial ends without a subscription, nothing is deleted — your content stays intact and readable, and drafting simply pauses until access is extended.

8. Your rights

Under the DPDP Act (and as a matter of policy for all users), you can:

  • Access a summary of the personal data we hold about you and how it is used.
  • Correct or update inaccurate data (name and profile details are editable in Settings).
  • Withdraw consent and erase your data via account deletion, as above.
  • Nominate someone to exercise these rights on your behalf, as the DPDP Act provides.
  • Raise a grievance — email hello@zsper.com with “Grievance” in the subject; we respond within the timelines the DPDP Act prescribes, and you may escalate to the Data Protection Board of India if unsatisfied.

9. Where data is processed

Zsper is built for Indian writers, but our cloud and AI providers may process data on servers outside India. Wherever it goes, it stays under this policy and our contracts with those providers, and transfers comply with applicable Indian law.

10. Children

The Service is a professional writing tool intended for adults. It is not directed at children, and you must be 18 or older to create an account.

11. Changes to this policy

If we make a material change, we will email account holders before it takes effect and update the date at the top of this page. Continued use after the effective date means the updated policy applies.