Privacy Policy

Last updated: March 29, 2026

This Privacy Policy explains how Zambak ("we", "us", "our") collects, uses, and protects your information when you use our service at this website (the "Service"). We are committed to protecting your privacy and handling your data responsibly.

1. Information We Collect

We collect the minimum information necessary to provide the Service.

Account information

• Email address
• Name
• Password (stored as a one-way cryptographic hash — we never store or can view your actual password)

If you sign in with Google

• Your Google account identifier
• Email address and name from your Google profile

Content you create

• Pages, text, and other content you write in the editor
• Images you upload
• Page structure and organization

Technical data collected automatically

• IP address (used for rate limiting and security)
• Browser type and request metadata (standard server logs)
• Timestamps of requests

2. How We Use Your Information

We use your information solely to operate and improve the Service:

• To provide the Service — store and display your pages, blocks, and uploads so you can access them
• To authenticate you — verify your identity when you log in and maintain your session
• To enable search — index your content so you can find it quickly
• To protect the Service — rate limiting, security monitoring, and abuse prevention

3. What We Do Not Do

• We do not sell your personal information to third parties
• We do not use your content to train machine learning models
• We do not serve advertisements
• We do not share your content with other users — your pages are private to your account
• We do not use third-party analytics or tracking tools

4. Data Storage and Security

We take reasonable measures to protect your data:

• Passwords are hashed using bcrypt with a strong cost factor
• Sessions use cryptographically random tokens and expire after 30 days
• All uploaded files are validated for type and size before storage
• Content is isolated per user — no user can access another user's data

While we implement industry-standard security measures, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

5. Cookies

We use a single essential cookie:

• Session cookie — used to keep you logged in and to authenticate requests for uploaded images. This cookie is strictly necessary for the Service to function and is not used for tracking.

We do not use advertising cookies, analytics cookies, or any third-party cookies.

6. Third-Party Services

If you choose to sign in with Google, your authentication is handled through Google's OAuth service. Google's use of your data is governed by Google's Privacy Policy. We only receive your name, email, and Google account identifier — we do not access your Google Drive, contacts, or any other Google data.

Apart from optional Google sign-in, we do not integrate with or send data to any third-party services.

7. Data Retention

• Account data — retained as long as your account is active
• Content — retained as long as your account is active. When you delete a page, its content and associated blocks are permanently removed
• Sessions — automatically expire and are removed after 30 days
• Server logs — retained for a limited period for security and debugging purposes

8. Account Deletion

You can request deletion of your account and all associated data by contacting us. When your account is deleted:

• All your pages, blocks, and content are permanently deleted
• All your uploaded files are removed
• All your sessions are invalidated
• Your user record is removed from the database

Deletion is permanent and cannot be undone.

9. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

11. Contact

If you have questions about this Privacy Policy or your data, please contact us at the email address provided in your account settings or through the Service.