Privacy & Data

Protection Policy

Effective Date: December 16, 2025

Contact: [email protected]

1. Introduction

Zeitra.AI ("we", "us", "our") respects your privacy and is committed to protecting information entrusted to us. This Policy explains what personal and business information we collect, how we use and store it, how we protect it, and what choices you have.

2. Scope

This Policy applies to all clients, prospects, partners, vendors, and website visitors who interact with Zeitra.AI or whose data we otherwise process in the course of providing services (automation builds, maintenance, consulting, and related services).

3. What We Collect & Why

We collect only what is necessary to deliver services and operate our business:

Intake / Contact Data


  • Name, business name, email, phone (optional), city/state, and high-level business details.
    Why: to evaluate fit, scope projects, communicate, and manage billing.

Operational Data (service delivery)


  • Project notes, build logs (Origin Build Log), configuration decisions, and non-sensitive workflow metadata stored in Notion and Google Drive.
    Why: to document work, reconcile final pricing, and support continuity.

Payment Data


  • Stripe processes client card and payment details. We do not retain card data; Stripe holds payment information per its policies.
    Why: invoicing, refunds, and reconciliation.

Third-Party / Service Credentials

  • We do not store API keys or authentication credentials. Ever. See Section 4.

4. How We Handle Credentials & Integrations (Important)

  • No credential storage: We never store client API keys, client authentication credentials, or OAuth tokens in our systems. Clients retain ownership and control of all credentials.
  • Client-provided delivery: If client doesn't do it themselves, they may provide credentials via secure means (preferred):

    OneTimeSecret (recommended): a single-use secret link controlled by the client; we retrieve and immediately input credentials into the client's n8n account and never persist them in writing.
    OAuth2 flows: where supported, clients authenticate directly in their environment (we provide the link).
    Other client-preferred secure methods may be used if agreed in advance.

  • Operational practice: Once credentials are provided, they are entered directly into the client's own n8n instance and are not documented or stored elsewhere. Operators will not copy, export, or store credentials.

5. n8n Accounts & Access

  • Client-owned accounts: Client automations live in the client's own n8n account. Clients create and retain the account and all underlying access control.
  • Operator Access: Operators perform work only within the client's n8n environment as collaborators, do not have independent access to client systems outside n8n, and are independently responsible for any errors they introduce while following Zeitra.AI's access, confidentiality, and security protocols within the predictive and proactive safeguards we provide.

6. Where We Store Data

We store necessary project data in:

  • Notion — SOPs, build logs, CRM details, and process documents (internal operational data).
  • Google Drive — project artifacts where required.
  • Stripe — payment processing (Stripe stores payment instruments subject to Stripe's privacy/security policies).

We do not use other third-party data stores except as required for client work and with client knowledge/consent.

7. Security Practices

  • Transport & storage: We use TLS for data in transit. Third-party processors (Notion, Google, Stripe, n8n) provide encryption at rest and industry-standard protections.
  • Access control: Principle of least privilege; internal credentials and admin access are restricted. Operators and staff use unique accounts protected by strong passwords and, where possible, 2FA.
  • Operational controls: Build logs, change records, and access events are documented for auditability.

8. Data Retention & Deletion

  • Operational data retention: We retain project documentation and build logs as long as necessary to provide services, to support billing, or to comply with legal obligations.
  • Credential retention: We do not retain credentials. Any temporary storage used by OneTimeSecret is single-use and controlled by the client.
  • Deletion requests: Clients may request deletion or export of their project data. We will comply within a reasonable period, subject to legal retention obligations and necessary backups. For deletion requests, contact [email protected]

9. International Transfers

Data may be processed or stored in the United States and by third-party processors whose facilities are outside your country. When transfers occur, we implement appropriate safeguards and rely on applicable legal frameworks.

10. Data Subject Rights

Where applicable law grants rights (access, correction, deletion, portability), we will respond in accordance with applicable legal requirements. Submit requests to [email protected]

11. Third-Party Services & Links

Our services rely on third parties (n8n, Notion, Google, Stripe). Those services have separate privacy practices; when you use them, please review their policies. We remain responsible for how we handle data within our control.

12. Incident Response & Notification

If we discover a security incident affecting client data, we will:

  • Contain and investigate the incident promptly.
  • Notify affected clients without undue delay and provide available details and recommended actions.
  • Cooperate with authorities as required by law.

We will follow applicable breach notification timelines under relevant law.

13. Children's Data

Our services are business-facing and not intended for children. We do not knowingly collect personal information from minors.

14. Changes to This Policy

We may update this Policy to reflect changes in practices or legal requirements. The effective date will be updated and significant changes will be communicated.

15. Contact

Questions or requests regarding this Policy: [email protected]

 Contact