Privacy Policy
Last updated: February 14, 2026
1. Information We Collect
When you use ZappyBee, we collect:
- Account information: Email address, name, and authentication credentials when you create an account.
- Trace data: Data sent through our SDK including LLM inputs/outputs, model names, token counts, latency, cost calculations, and metadata you attach to traces.
- Configuration data: Project settings, retention windows, alert rules, Slack webhook URLs, custom webhook endpoints, and shared dashboard configurations.
- Usage data: How you interact with our dashboard, pages visited, and feature usage for product improvement.
- Analytics and session replay data: If enabled, we use Microsoft Clarity to understand how users interact with the website (for example, page views, clicks, scrolls, device/browser information, and approximate location derived from IP). We do not intentionally send your API keys or trace payloads to Clarity.
- Abuse-prevention data: Rate limiting and monthly usage counters to protect platform stability.
- Technical data: IP address, browser type, and device information for security and troubleshooting.
2. How We Use Your Information
- Provide, maintain, and improve the ZappyBee service.
- Display your trace data and analytics in the dashboard.
- Send alert notifications when configured thresholds are exceeded (email and, if configured, Slack).
- Deliver custom webhook events to endpoints you configure.
- Communicate service updates, security notices, and support responses.
- Detect and prevent abuse, fraud, or security incidents.
3. Data Storage and Security
Your data is stored on Supabase (PostgreSQL) with encryption in transit and, where supported by providers, at rest. We use security practices including:
- HTTPS/TLS for all data transmission.
- API key authentication for SDK access.
- JWT-based session management for dashboard access.
- Row-level access control ensuring you only see your own data.
We also use a managed Redis service for rate limiting and fair-use enforcement. These counters do not store your full trace payloads.
4. Data Retention
By default, we retain your trace data while your account is active. If you enable retention policies, ZappyBee will automatically delete traces older than your selected window. You can also delete individual traces or your entire account at any time. When you delete your account, we delete or de-identify associated data within a reasonable period, subject to legal and operational requirements.
5. Third-Party Services
We use the following third-party services to operate ZappyBee:
- Supabase: Database and authentication.
- Vercel: Frontend hosting.
- DigitalOcean: Backend hosting.
- Resend: Transactional email for alert notifications.
- Upstash: Rate limiting and monthly fair-use counters.
- Microsoft Clarity: Product analytics and session replay.
- Slack: If you configure Slack notifications, we send messages to your Slack incoming webhook URL.
- LemonSqueezy: If paid plans are enabled in the future, payments may be processed by LemonSqueezy.
If you configure custom webhooks, we send event payloads to the URLs you provide. If you create shareable dashboards, anyone with the link can view the shared analytics until it expires or is revoked.
6. Your Rights
You have the right to:
- Access and export your data at any time via the Export feature.
- Correct inaccurate information in your account settings.
- Delete your account and all associated data.
- Opt out of non-essential communications.
7. Cookies
We use essential cookies for authentication session management. If Microsoft Clarity is enabled, it may set cookies and collect usage data and session replay information to help us improve the product. You can control cookies through your browser settings.
8. Changes
We may update this policy from time to time. We will notify you of significant changes via email or a notice on our website.
9. Contact
For privacy-related questions, contact privacy@zappybee.dev. For support or product feedback, email contact.support@zappybee.dev.