Zeitora Inc.
Privacy Policy
Effective May 20, 2026 · Last updated May 20, 2026
Zeitora Inc. ("we", "us") operates Zeitora, a memory and routine companion for seniors, caregivers, and care organizations. This policy explains how we collect, use, disclose, and protect personal information in accordance with Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA).
1. Who we are
Zeitora Inc. is the organization responsible for personal information processed through Zeitora.
Privacy inquiries: privacy@zeitora.app.
2. Scope
This policy applies to our website, web application, APIs, and related services (collectively, the "Service"). It covers seniors, family caregivers, and organization administrators who create or manage accounts.
If you use the Service on behalf of a care organization, your organization may also have its own policies governing how staff may access senior information.
3. Information we collect
We collect the following categories of information, depending on how you use the Service:
- Account information: name, email address, password (stored by our authentication provider), role (senior, caregiver, or organization admin), timezone, locale, and profile preferences.
- Authentication data: sign-in method (email/password or Google OAuth via our identity provider), session tokens, and security logs related to access.
- Senior profile information: date of birth, biography, emotional and engagement preferences, routine personalization settings, and accessibility needs you choose to provide.
- Caregiver and organization data: professional details such as license number or specialties where applicable, organization name, and permissions assigned within a care circle.
- Memories and media: titles, descriptions, categories, emotional tags, dates, photographs, audio, video, and documents you upload, including file metadata (type, size, duration).
- Conversations and AI interactions: text you type or speak to our AI companion, transcripts generated from voice input, AI-generated replies, session identifiers, and technical metadata (model used, token counts, latency).
- Voice recordings: audio you record in the browser when using voice features, which we transmit to our servers for speech-to-text processing.
- Routines and sessions: scheduled activities, simulation session progress, playback state, and related notes.
- Emotional check-ins: mood, intensity ratings, notes, and timestamps you submit.
- Notifications: preferences and delivery metadata for in-app, email, push, or SMS notifications where enabled.
- Technical data: device/browser type, IP address, request timestamps, and error diagnostics when monitoring is enabled.
- Cookies and similar technologies: as described in our Cookie Policy.
4. How we use information
We use personal information to:
- Provide, operate, and improve the Service, including personalized routines and memory experiences.
- Authenticate users and enforce role-based access controls.
- Process voice input, generate AI responses, and synthesize spoken replies.
- Retrieve relevant memories to personalize conversations (semantic search using embeddings).
- Send notifications you request or that are part of care workflows.
- Maintain security, prevent abuse, and troubleshoot errors.
- Comply with law and respond to lawful requests.
- With your consent or as otherwise permitted by law, for additional purposes we describe at the time of collection.
5. AI and automated processing
Zeitora uses artificial intelligence to power conversational features. This involves automated processing of your messages and, when you use voice, audio recordings.
Our AI systems do not make decisions with legal or similarly significant effects about you without human involvement. AI outputs are assistive and may be inaccurate; see our AI Processing Notice and Terms of Service.
Details about subprocessors (OpenAI, ElevenLabs) are in Section 7 and our AI Processing Notice.
6. Consent and legal basis
We rely on meaningful consent for collection, use, and disclosure of personal information, except where PIPEDA or applicable provincial law permits otherwise.
You may withdraw consent for optional features (such as voice or certain notifications) by adjusting settings or contacting us. Withdrawal may limit functionality.
For sensitive information (including health-related details you voluntarily provide), we seek clear consent and encourage you to share only what is needed for your goals.
7. Service providers and disclosures
We share information with trusted service providers who process data on our behalf under contractual safeguards, including:
- Supabase — authentication, database hosting, and media storage.
- OpenAI — large language model responses, speech-to-text (Whisper), and text embeddings for memory retrieval.
- ElevenLabs — text-to-speech for spoken companion replies.
- Redis / queue infrastructure — background jobs (notifications, embeddings, analytics) hosted where we deploy our API.
- Sentry (if enabled) — error and performance monitoring for our backend.
- Google — OAuth sign-in when you choose "Sign in with Google", and Google Fonts for typography.
- Cloud hosting providers — application delivery (e.g., Cloudflare or equivalent).
8. Cross-border processing
Primary application data is hosted through Supabase. AI processing may occur in the United States.
When information is processed in the United States or other countries, it may be subject to access under foreign laws. We use providers that offer contractual privacy commitments appropriate to our risk assessment.
Organization customers may request additional information about data residency options as they become available.
9. Retention
We retain personal information only as long as necessary for the purposes described in this policy, unless a longer period is required by law.
When you delete content or close an account, we delete or anonymize data within a reasonable period, subject to backups, legal holds, and aggregated analytics that cannot identify you.
Conversation logs and voice-derived transcripts may be retained to support session continuity and safety review; retention periods may be configurable for organization accounts in the future.
10. Security
We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including encryption in transit, access controls, and role-based permissions.
No method of transmission or storage is completely secure. Please use a strong password and notify us promptly of any suspected unauthorized access.
11. Your rights
Under PIPEDA and applicable law, you may have the right to:
- Access personal information we hold about you.
- Request correction of inaccurate information.
- Withdraw consent, subject to legal or contractual restrictions.
- Challenge our compliance with privacy principles.
- File a complaint with the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy commissioner where applicable.
12. Minors
The Service is intended for adults, primarily seniors and their care partners. We do not knowingly collect personal information from children under 13 without appropriate parental or guardian consent.
13. Changes
We may update this policy from time to time. We will post the revised version with an updated "Last updated" date and, for material changes, provide additional notice in the Service or by email.
14. Contact
Privacy Officer / privacy requests: privacy@zeitora.app
Mailing address: [Insert Canadian business address before launch]