Privacy Policy

Last updated: February 13, 2026

1. Information We Collect

When you use ZappyBee, we collect:

• Account information: Email address, name, and authentication credentials when you create an account.
• Trace data: Data sent through our SDK including LLM inputs/outputs, model names, token counts, latency, cost calculations, and metadata you attach to traces.
• Configuration data: Project settings, retention windows, alert rules, Slack webhook URLs, custom webhook endpoints, and shared dashboard configurations.
• Usage data: How you interact with our dashboard, pages visited, and feature usage for product improvement.
• Abuse-prevention data: Rate limiting and monthly usage counters to protect platform stability.
• Technical data: IP address, browser type, and device information for security and troubleshooting.

2. How We Use Your Information

• Provide, maintain, and improve the ZappyBee service.
• Display your trace data and analytics in the dashboard.
• Send alert notifications when configured thresholds are exceeded (email and, if configured, Slack).
• Deliver custom webhook events to endpoints you configure.
• Communicate service updates, security notices, and support responses.
• Detect and prevent abuse, fraud, or security incidents.

3. Data Storage and Security

Your data is stored on Supabase (PostgreSQL) with encryption in transit and, where supported by providers, at rest. We use security practices including:

• HTTPS/TLS for all data transmission.
• API key authentication for SDK access.
• JWT-based session management for dashboard access.
• Row-level access control ensuring you only see your own data.

We also use a managed Redis service for rate limiting and fair-use enforcement. These counters do not store your full trace payloads.

4. Data Retention

By default, we retain your trace data while your account is active. If you enable retention policies, ZappyBee will automatically delete traces older than your selected window. You can also delete individual traces or your entire account at any time. When you delete your account, we delete or de-identify associated data within a reasonable period, subject to legal and operational requirements.

5. Third-Party Services

We use the following third-party services to operate ZappyBee:

• Supabase: Database and authentication.
• Vercel: Frontend hosting.
• DigitalOcean: Backend hosting.
• Resend: Transactional email for alert notifications.
• Upstash: Rate limiting and monthly fair-use counters.
• Slack: If you configure Slack notifications, we send messages to your Slack incoming webhook URL.
• LemonSqueezy: If paid plans are enabled in the future, payments may be processed by LemonSqueezy.

If you configure custom webhooks, we send event payloads to the URLs you provide. If you create shareable dashboards, anyone with the link can view the shared analytics until it expires or is revoked.

6. Your Rights

You have the right to:

• Access and export your data at any time via the Export feature.
• Correct inaccurate information in your account settings.
• Delete your account and all associated data.
• Opt out of non-essential communications.

7. Cookies

We use essential cookies only for authentication session management. We do not use tracking cookies or third-party analytics.

8. Changes

We may update this policy from time to time. We will notify you of significant changes via email or a notice on our website.

9. Contact

For privacy-related questions, contact privacy@zappybee.dev. For support or product feedback, email contact.support@zappybee.dev.