Privacy Policy

Last updated: June 10, 2026  ·  Version 1.0

This Privacy Policy explains how Narwhale Apps LLC (we, us, our) collects, uses, discloses, and protects personal data when you use the website at zenioai.com and related services (the Service). It is designed to meet the requirements of the EU/UK General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act as amended by the CPRA, and other applicable data-protection laws. By using the Service, you acknowledge this Policy.

1. Controller and Contact

The data controller is Narwhale Apps LLC, a company organized under the laws of the Republic of Armenia, operating the Zenio service. Privacy contact: contact@zenioai.com.

  • EU/UK representative (GDPR Art. 27): not currently appointed. We will assess and appoint a representative if and when our processing of EU/UK personal data requires one.
  • Data Protection Officer: not currently appointed. You can reach us on any privacy matter at contact@zenioai.com.

2. Personal Data We Collect

2.1 Data you provide

  • Account data: username, email address, hashed password, optional profile details.
  • User Content: reviews, ratings, comments, tool submissions, and related metadata.
  • Communications: messages you send to support, and survey or form responses.
  • Vendor/advertiser data: business contact and billing details for paid placements.
  • Payment data: processed by our payment provider; we receive limited confirmation data, not full card numbers.

2.2 Data collected automatically

  • Device & usage data: IP address, browser and device type, operating system, referring URLs, pages viewed, search queries, clicks, and timestamps.
  • Cookies and similar technologies: see the Cookie Policy.

2.3 Data from third parties

We may receive data from analytics providers, advertising partners, and authentication providers (if you sign in via a third party), and publicly available sources used to build directory listings.

3. How We Use Data and Legal Bases

PurposeLegal basis (GDPR Art. 6)Provide and operate the Service and directoryPerformance of a contract (6(1)(b))Create and manage your accountPerformance of a contractPublish and display reviews/commentsPerformance of a contract; consent where requiredProcess payments for Paid ServicesPerformance of a contract; legal obligationSecurity, fraud prevention, abuse detectionLegitimate interests (6(1)(f))Analytics and product improvementLegitimate interests; consent for non-essential cookiesMarketing emails and newslettersConsent (6(1)(a)); soft opt-in where permittedAdvertising and measurementConsent (6(1)(a))Comply with law and enforce our TermsLegal obligation (6(1)(c)); legitimate interests

Where we rely on legitimate interests, we balance those interests against your rights; you may object as described in Section 9.

4. Cookies and Tracking

We use cookies and similar technologies for essential operation, preferences, analytics, and (where enabled) advertising. Non-essential cookies are set only with your consent via our consent banner. See the Cookie Policy for details and controls.

5. How We Share Data

We share personal data with:

  • Service providers / processors: hosting, infrastructure, customer support, email delivery, and analytics, acting on our instructions under data-processing agreements.
  • Payment processors: to process transactions for Paid Services.
  • Advertising partners: where you have consented to advertising cookies.
  • Legal and safety: authorities or other parties when required by law, to enforce our Terms, or to protect rights, safety, and security.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

We do not sell your personal data for money. Certain advertising-cookie activity may be considered a “sale” or “sharing” under California law; see Section 10 for your opt-out rights.

6. International Data Transfers

We may transfer, store, and process personal data in countries other than your own, including the United States. Where we transfer data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and applicable adequacy decisions or certification frameworks. You may request a copy of the relevant safeguards by contacting us.

7. Data Retention

We retain personal data only as long as necessary for the purposes described or as required by law. Account data is retained while your account is active and for a limited period after deletion as needed to comply with legal obligations and resolve disputes; support communications for as long as needed to handle your request and a reasonable period thereafter; transaction and tax records for the period required by law; analytics data in aggregated or de-identified form thereafter.

8. Security

We implement technical and organizational measures appropriate to the risk, such as encryption in transit, access controls, and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. In the event of a personal-data breach that poses a risk to you, we will notify affected users and regulators as required by law.

9. Your Rights (EEA, UK and Similar)

Subject to applicable law, you may have the right to: access your data; correct inaccurate data; erase data (“right to be forgotten”); restrict or object to processing (including direct marketing and certain legitimate-interest processing); data portability; and withdraw consent at any time without affecting prior lawful processing. To exercise these rights, contact contact@zenioai.com. We will respond within the timeframe required by law (generally one month under GDPR). You also have the right to lodge a complaint with your local supervisory authority.

10. Your Rights (California and Other U.S. States)

If you are a California resident, the CCPA/CPRA gives you the right to: know the categories and specific pieces of personal information we collect, use, and disclose; request deletion; request correction; and opt out of the “sale” or “sharing” of personal information and of targeted advertising. We do not knowingly sell the personal information of consumers under 16. You may exercise these rights, including through an authorized agent, by contacting contact@zenioai.com or using the “Do Not Sell or Share My Personal Information” / cookie-settings control on the Service. We will not discriminate against you for exercising your rights. Residents of other U.S. states with comprehensive privacy laws (e.g., Virginia, Colorado, Connecticut, Utah, Texas) may have similar rights, which we honor where applicable.

11. Children's Privacy

The Service is not directed to children under 18 (or 13 in the U.S., where applicable). We do not knowingly collect personal data from children below the applicable age. If you believe a child has provided us data, contact us and we will delete it.

12. Automated Decision-Making and AI Features

We do not use your personal data to make solely automated decisions that produce legal or similarly significant effects about you. Where the Service surfaces or ranks AI Tools algorithmically, this affects content display rather than your individual legal rights. Outputs generated by third-party AI Tools are produced by those third parties and governed by their policies.

13. Changes to This Policy

We may update this Policy from time to time. Material changes will be signaled by updating the “Last updated” date and, where appropriate, by additional notice. Your continued use after the effective date constitutes acceptance.

14. Contact and Complaints

Privacy questions or requests: Narwhale Apps LLC (Republic of Armenia), contact@zenioai.com. EU/UK users may also contact their local data-protection authority.

Product

AI tools

Resources

Blog [soon]Newsletter [soon]

Business

Submit AI toolAdvertiseContact us

Legal

Terms of ServicePrivacy PolicyCookie PolicyDisclaimer
© Narwhale apps LLC. 2026  All rights reserved.