Privacy Policy

1. Who we are

Zenpage (“we,” “us,” “our”) is a free platform that lets authors create professional websites. This policy explains how we collect, use, and protect your information when you use zenpage.io and any site hosted on *.zenpage.io or a custom domain through our service.

2. Information we collect

Account information. When you sign up, we collect your email address. We use passwordless authentication (magic links), so we never store passwords.

Website content. Any content you add to your author site (bio, book details, blog posts, images) is stored to provide the service.

Uploaded images. Headshots and cover images are processed server-side (resized, converted to WebP) and stored on Cloudflare R2.

Usage data. We collect basic server logs (IP address, browser type, pages visited) for security and debugging. We do not use third-party analytics trackers.

Cookies. We use a single HTTP-only session cookie to keep you logged in (30-day expiry). We do not use advertising or tracking cookies.

3. How we use your information

• To provide, maintain, and improve the Zenpage service
• To send transactional emails (magic links, critical service updates)
• To publish your author website as you configure it
• To detect and prevent fraud, abuse, and security incidents

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-party services

We use a limited set of third-party services to operate Zenpage:

• Cloudflare: CDN, DNS, DDoS protection, image storage (R2), and bot detection (Turnstile). Cloudflare Privacy Policy
• Resend: Transactional email delivery (magic links). Resend Privacy Policy

5. Data retention

We retain your account data and website content for as long as your account is active. If you delete your account, all associated data (your website, content, images, and blog posts) is permanently deleted. Server logs are retained for no more than 90 days.

6. Your rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate data
• Deletion: Request deletion of your account and all associated data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your data in certain circumstances

GDPR (EU/EEA): We process your data based on contractual necessity (providing the service) and legitimate interest (security, fraud prevention). You may lodge a complaint with your local data protection authority.

CCPA (California): We do not sell personal information. You have the right to know what data we collect, request deletion, and not be discriminated against for exercising your rights.

7. Data security

We protect your data with encryption in transit (TLS), hashed authentication tokens (SHA-256), HTTP-only cookies, server-side input validation, and rate limiting. While no system is perfectly secure, we take reasonable measures to protect your information.

8. Children's privacy

Zenpage is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the site. Continued use of Zenpage after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or to exercise your rights, email us at [email protected].