ZeugmaZeugma

Privacy Policy

Effective Date: February 14, 2026

Last Updated: February 14, 2026

Pathnomic Labs FZ-LLC ("Pathnomic Labs," "Company," "we," "us," or "our"), a company registered in the Ras Al Khaimah Economic Zone (RAKEZ), United Arab Emirates, with its registered office at Compass Building – Al Hulaila, Al Hulaila Industrial Zone-FZ, Ras Al Khaimah, 16111, United Arab Emirates, is committed to protecting your privacy.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Zeugma mobile application ("App") and any associated services (collectively, the "Services"). It also describes your rights regarding your personal data.

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Services.

1. Information We Collect

1.1. Information You Provide Directly

| Data Category | Examples | Purpose | |---|---|---| | Account Information | Name (first and last), email address, password (hashed), date of birth | Account creation, authentication, age verification | | Profile and Onboarding Data | Gender/identity, profession, lifestyle activities, personal goals, aspirations, personality quiz responses | Personalizing AI advisor interactions and wellness recommendations | | Chat and Conversation Data | Text messages, voice transcriptions, conversation history with AI advisors | Providing and improving AI-powered wellness guidance | | Voice Data | Audio recordings via microphone (processed for speech-to-text) | Enabling voice-based interactions with AI advisors | | Preferences | Notification settings, daily learning goals, reminder times, language preferences, word highlighting preferences | Customizing your experience | | Feedback | Messages and feedback submitted through the App | Improving our Services | | Payment-Related Identifiers | Subscription status, plan type (we do not directly collect payment card details) | Managing subscription access and features |

1.2. Information Collected Automatically

| Data Category | Examples | Purpose | |---|---|---| | Device Information | Device type, operating system version, device name, internal build ID, unique device identifier | Service delivery, security, troubleshooting | | App Usage Data | Features accessed, session duration, interaction patterns, screen views, button taps | Improving the App experience | | Analytics Data | Event-level usage metrics (e.g., sign-in method, settings changes, feature engagement, onboarding progress) | Product analytics and optimization | | Push Notification Tokens | Expo push notification tokens | Delivering push notifications | | Timezone Data | Device timezone offset | Scheduling reminders and notifications |

1.3. Information from Third-Party Services

| Source | Data Received | Purpose | |---|---|---| | Google Sign-In | Name, email address, profile picture, Google account identifier | Account authentication | | Apple Sign-In | Name, email address (may be relay address), Apple user identifier | Account authentication | | RevenueCat | Subscription status, purchase history, entitlements | Subscription management |

2. How We Use Your Information

We process your personal information for the following purposes:

2.1. Service Delivery

  • Providing personalized AI wellness guidance through advisor interactions
  • Processing your voice inputs and generating AI responses
  • Maintaining your conversation history for continuity
  • Managing your account, preferences, and settings
  • Delivering push notifications and reminders

2.2. Personalization

  • Tailoring AI advisor responses based on your profile, goals, and conversation history
  • Adapting content to your preferred language
  • Customizing your experience based on your onboarding responses

2.3. Subscription and Quota Management

  • Verifying subscription status and entitlements
  • Enforcing usage quotas (free tier: daily message limits and monthly token limits)
  • Processing promotional codes

2.4. Analytics and Improvement

  • Understanding how users interact with the App
  • Identifying and fixing bugs, errors, and performance issues
  • Developing new features and improving existing ones
  • Conducting aggregate analysis of usage trends

2.5. Communication

  • Sending service-related notifications (e.g., account changes, security alerts)
  • Delivering push notifications for reminders and updates

2.6. Safety and Security

  • Detecting and preventing fraud, abuse, and unauthorized access
  • Enforcing our Terms of Service
  • Complying with legal obligations

3. AI Data Processing

3.1. Your interactions with Zeugma's AI advisors are processed using third-party AI services, including OpenAI (GPT models) and Google (Gemini models). When you send a message or voice input, the content of your conversation is transmitted to these providers to generate a response.

3.2. Your data is not used to train third-party AI models. We use API-based access to these services, which means your inputs and outputs are not used by OpenAI or Google to improve their general-purpose models.

3.3. We retain your conversation history in our database to:

  • Provide continuity across sessions
  • Enable AI advisors to reference prior context and remembered preferences
  • Allow you to review past conversations

3.4. AI advisors may collect and store specific personal details you share during conversations (such as dietary preferences, health goals, or lifestyle information) as "memory" to improve the relevance of future interactions. You can request deletion of this stored context at any time.

3.5. We log AI usage metadata (token counts, model used, timestamps) for quota enforcement and service monitoring. These logs do not contain the content of your conversations.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data.

We may share your information with the following categories of recipients:

4.1. Service Providers

| Provider | Service | Data Shared | |---|---|---| | OpenAI | AI language model processing | Conversation content (for generating responses) | | Google AI | AI language model processing | Conversation content (for generating responses) | | Google Cloud | Speech-to-text, text-to-speech, translation | Voice data, text content | | MongoDB Atlas | Database hosting | All stored user data (encrypted) | | Amazon Web Services (AWS) | Cloud infrastructure | Data processed through our servers | | Cloudflare R2 | File and media storage | Uploaded media files | | RevenueCat | Subscription and payment management | User ID, subscription status | | Mixpanel | Product analytics | Anonymized usage events, user ID | | Ably | Real-time messaging infrastructure | Chat messages in transit | | Expo | Push notification delivery | Push tokens, notification content | | Mailjet | Transactional email | Email address, notification content | | Heroku | Application hosting | Data processed through our servers |

All service providers are contractually obligated to process your data only as instructed by us and to implement appropriate security measures.

4.2. Legal and Regulatory Disclosures

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws or regulations
  • Protect our rights, property, or safety, or that of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Respond to a lawful request from public authorities

4.3. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred to the successor entity. We will notify you of any such transfer and any changes to this Privacy Policy.

5. Data Storage and Security

5.1. Your data is stored on servers operated by our cloud service providers (MongoDB Atlas, AWS, Heroku, Cloudflare R2). Our primary data processing occurs through infrastructure located in the United States and Europe.

5.2. We implement industry-standard technical and organizational security measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Secure authentication using JWT tokens and OAuth 2.0
  • Hashed password storage (passwords are never stored in plaintext)
  • Regular security assessments and monitoring
  • Access controls limiting employee access to personal data on a need-to-know basis

5.3. Local data stored on your device (via MMKV secure storage) includes authentication tokens and cached preferences. This data is stored in your device's secure storage area.

5.4. While we strive to use commercially acceptable means to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

6.1. We retain your personal data for as long as your account is active and as necessary to provide the Services.

6.2. Specific retention periods:

| Data Type | Retention Period | |---|---| | Account information | Until account deletion | | Conversation history | Until account deletion | | AI usage logs (metadata) | 12 months from creation | | Analytics data | 24 months from collection | | Voice recordings | Processed in real-time and not persistently stored; transcriptions may be retained as part of conversation history | | Device and push tokens | Until account deletion or token invalidation |

6.3. Upon account deletion, we will delete or anonymize your personal data within thirty (30) days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).

6.4. Anonymized or aggregated data that cannot be used to identify you may be retained indefinitely for analytical and research purposes.

7. International Data Transfers

7.1. Pathnomic Labs is based in the United Arab Emirates. Your personal data may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers maintain infrastructure.

7.2. When transferring data internationally, we ensure that appropriate safeguards are in place, including:

  • Contractual obligations with service providers requiring them to protect your data
  • Compliance with applicable data protection regulations in both origin and destination jurisdictions
  • Use of service providers that maintain industry-standard security certifications

7.3. By using the Services, you consent to the transfer of your data to countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

8.1. Right of Access — You may request a copy of the personal data we hold about you.

8.2. Right to Rectification — You may update or correct inaccurate personal data through the App's settings (Personal Info screen) or by contacting us.

8.3. Right to Deletion — You may delete your account and all associated personal data at any time through the App's settings. You may also request deletion by contacting us.

8.4. Right to Data Portability — You may request your personal data in a structured, commonly used, and machine-readable format.

8.5. Right to Restrict Processing — You may request that we limit the processing of your personal data in certain circumstances.

8.6. Right to Object — You may object to the processing of your personal data for certain purposes, including direct marketing.

8.7. Right to Withdraw Consent — Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within thirty (30) days. We may ask you to verify your identity before processing your request.

For Users in the European Economic Area (EEA)

If you are located in the EEA, your personal data is processed in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing include:

  • Performance of a contract (Art. 6(1)(b)) — to provide the Services you have requested
  • Legitimate interests (Art. 6(1)(f)) — for analytics, security, and service improvement, where our interests do not override your fundamental rights
  • Consent (Art. 6(1)(a)) — for optional features such as push notifications and voice interactions

You have the right to lodge a complaint with your local data protection supervisory authority.

For Users in the United Arab Emirates

Your personal data is processed in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL") and its implementing regulations. You have the right to access, correct, and request deletion of your personal data, as well as the right to object to processing in certain circumstances.

9. Children's Privacy

9.1. The Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.

9.2. If we become aware that a child under 13 has provided us with personal information without parental consent, we will take steps to delete such information promptly.

9.3. If you believe that a child under 13 has provided us with personal information, please contact us at [email protected].

10. Push Notifications

10.1. With your consent, we may send push notifications to your device for reminders, wellness updates, and service-related communications.

10.2. You can manage push notification preferences within the App's settings or through your device's system settings.

10.3. Even if you disable push notifications, we may still send essential service notifications related to your account security or Terms of Service changes.

11. Analytics and Tracking

11.1. We use Mixpanel for product analytics. Mixpanel collects usage events tied to your user identifier to help us understand feature engagement, onboarding completion, and user behavior patterns.

11.2. Analytics data is used solely for product improvement and is not shared with advertisers or used for targeted advertising.

11.3. You may request that we cease collecting analytics data associated with your account by contacting us at [email protected].

12. Microphone and Speech Data

12.1. The App requests access to your device's microphone to enable voice-based interactions with AI advisors via speech recognition.

12.2. Microphone access is optional. You can use the App with text-based input only.

12.3. Voice data is transmitted to our servers and processed through third-party speech recognition services (Google Cloud Speech-to-Text) to convert speech to text. Audio recordings are processed in real-time and are not persistently stored on our servers.

12.4. The resulting text transcriptions may be retained as part of your conversation history.

12.5. You can revoke microphone access at any time through your device's system settings.

13. Third-Party Links and Services

13.1. The App may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties.

13.2. We encourage you to review the privacy policies of any third-party services you access through the App.

14. Changes to This Privacy Policy

14.1. We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

14.2. We will notify you of material changes through the App (via in-app notification or push notification) or via email to the address associated with your account.

14.3. The "Last Updated" date at the top of this Policy indicates when it was last revised. Your continued use of the Services after any changes constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Pathnomic Labs FZ-LLC Compass Building – Al Hulaila Al Hulaila Industrial Zone-FZ Ras Al Khaimah, 16111 United Arab Emirates

Privacy Inquiries: [email protected]

General Legal: [email protected]

For data subject access requests, please email [email protected] with the subject line "Data Subject Request" and include sufficient information to verify your identity.