Privacy Policy

Welcome to Zohal. We believe your data belongs to you. We collect and process information only as needed to provide document analysis, retrieval, collaboration, billing, security, and support.

• Account Information: Email address, profile details you provide, subscription state, and authentication records.
• Document Content: Documents, notes, prompts, selected excerpts, evidence anchors, workspace records, and related metadata you upload or create.
• AI Request Data: Prompts, selected text, nearby context, retrieved excerpts, and image regions needed to answer an AI or OCR request.
• Usage and Device Information: Basic device details, app version, diagnostic events, and feature usage needed to secure, operate, and improve the service.

• Provide Services: To operate document storage, retrieval, AI chat, explanations, OCR, evidence-grade analysis, account access, and workspace features.
• Personalization: To remember preferences and tailor your experience.
• Support and Communication: To send service notices, respond to support requests, and communicate about your account.
• AI Processing: To generate explanations, chat responses, OCR results, and document-analysis outputs that you explicitly request.
• Security and Reliability: To prevent abuse, secure the service, and troubleshoot issues.

Zohal offers standard processing and Privacy Mode. In standard processing, some AI features may send relevant document data to cloud AI processors after you give in-app permission. In Privacy Mode, the original PDF stays on your device and supported cloud features use sanitized content instead.

• What may be sent: Selected text, nearby context, prompts, retrieved excerpts, document text required for a requested analysis, and image regions required for OCR.
• When it is sent: Only when you choose AI-assisted features such as chat, Explain, OCR, or contract analysis.
• Permission: We ask for one-time in-app permission before the first standard-mode cloud AI request, and you can withdraw that permission later in Settings.
• Model training: Client documents and AI request content are not used by Zohal to train third-party AI models.

We share data only as needed to provide the service, comply with law, or with your direction.

• Core Infrastructure: We use Supabase for authentication, database services, access controls, and operational backend services, and Google Cloud infrastructure for storage and compute operations.
• AI and OCR Processors: We use Google Cloud Vertex AI, OpenAI, and Mathpix to power specific AI and OCR features. Depending on the selected model or workspace configuration, Vertex AI may process requests using Google-hosted or supported third-party publisher models available through Vertex AI.
• Connected Services: If you connect Google Drive, Google Sign-In, Microsoft OneDrive, or other integrations, we process the data needed to provide that connection at your request.
• Legal Requirements: We may disclose information if required by law or to protect rights, safety, or the integrity of the service.
• With Your Direction: We process or share data with other services only when you trigger those actions or otherwise authorize them.

• Google Cloud Vertex AI: Processes AI prompts, selected text, retrieved excerpts, and document-analysis inputs for supported features.
• OpenAI: Processes AI prompts, selected text, retrieved excerpts, and document-analysis inputs for supported features.
• Mathpix: Processes image regions or handwriting inputs when you use OCR or handwriting-recognition features.
• Google Drive and Microsoft OneDrive: Process authentication and file-import actions only when you connect those services and choose files to import.

Zohal uses Google API Services to provide sign-in and optional file import features. When you connect your Google account, we may access the following:

• Google Sign-In: Basic profile information such as name, email address, and profile image for authentication and account creation.
• Google Drive: The files or folders you choose to import into Zohal. We do not access unrelated files in your Drive.
• Google Calendar: Permission to create calendar events on your behalf only when you explicitly ask us to create them.

• Encryption of data in transit and at rest where supported by the underlying service
• Authenticated access controls and role-based restrictions
• Operational logging and security reviews
• Limited access to personal data on a need-to-know basis

No system is perfectly secure, but we work to maintain appropriate technical and organizational safeguards.

• Access: Request a copy of your personal data.
• Correction: Update or correct inaccurate information.
• Deletion: Delete your account and data through Settings > Delete Account in the app.
• AI Consent: Grant or withdraw standard-mode cloud AI processing permission in the app settings.
• Portability: Export your documents and data where available.
• Marketing Opt-Out: Unsubscribe from marketing communications at any time.

Zohal is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13.

We may update this Privacy Policy from time to time. If changes are material, we may provide notice through the app, email, or other appropriate means before the updated policy becomes effective.

If you have questions about this Privacy Policy or our data practices, contact us: