Privacy Policy

1. What personal information we collect

We collect personal information that is reasonably necessary to provide our services. This includes:

• ▸Account information: your name, email address, and password when you register.
• ▸Profile information: your company name, role, and profile picture if provided.
• ▸Billing information: your name, billing address, and card details (processed securely by Stripe — we do not store full card numbers).
• ▸Social media account credentials: OAuth tokens used to connect your social media accounts. We never store your passwords.
• ▸Content: posts, captions, images, and videos you create or schedule through Zestly.
• ▸Usage data: pages visited, features used, actions taken, and timestamps, collected automatically via cookies and server logs.
• ▸Communications: any messages you send us via email, contact forms, or in-app chat.
• ▸Device and technical information: IP address, browser type, operating system, and referring URLs.

2. How we use your information

We use your personal information to:

• ▸Create and manage your account.
• ▸Provide and improve the Zestly platform and services.
• ▸Process payments and send billing receipts.
• ▸Publish and schedule content to your connected social media accounts.
• ▸Send transactional emails (e.g., password resets, billing notifications).
• ▸Send product updates, tips, and promotional emails (you may unsubscribe at any time).
• ▸Respond to your support requests and enquiries.
• ▸Monitor and analyse platform usage to improve features.
• ▸Detect and prevent fraud, abuse, and security incidents.
• ▸Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your content or prompts to train AI models.

3. Data storage and security

All customer data is stored in Australia in the AWS ap-southeast-2 (Sydney) region. We do not transfer personal data to overseas servers except where strictly necessary and with appropriate safeguards in place.

We implement industry-standard security measures including:

• ▸AES-256 encryption for data at rest.
• ▸TLS 1.3 for data in transit.
• ▸OAuth 2.0 for all social platform connections.
• ▸Regular third-party security audits.
• ▸Strict access controls and least-privilege principles for staff.
• ▸Multi-factor authentication available for all accounts.

While we take all reasonable steps to protect your data, no method of transmission or storage is 100% secure. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme.

4. Sharing with third parties

We share personal information with third-party service providers only where necessary to operate the platform. These providers are bound by confidentiality agreements and may only use your data to provide services to us. They include:

• ▸Stripe — payment processing.
• ▸Amazon Web Services (AWS) — cloud infrastructure and storage.
• ▸OpenAI — powering the AI caption writer (your prompts and content are not used to train their models under our enterprise agreement).
• ▸Postmark / SendGrid — transactional and marketing email delivery.
• ▸Intercom — in-app customer support chat.
• ▸Google Analytics — anonymised website usage analytics.

We will not disclose your information to law enforcement or government bodies unless required by law or a valid court order.

5. Cookies

We use cookies and similar tracking technologies to operate and improve our website and platform. Types of cookies we use:

• ▸Essential cookies: required for the platform to function (authentication sessions, CSRF protection).
• ▸Preference cookies: remember your settings and preferences.
• ▸Analytics cookies: help us understand how users interact with the site (e.g., Google Analytics, with IP anonymisation enabled).
• ▸Marketing cookies: track referral sources and attribution for our affiliate program.

You can disable non-essential cookies via your browser settings. Note that disabling essential cookies may affect platform functionality.

6. Your rights

Under the Australian Privacy Act 1988, you have the right to:

• ▸Access the personal information we hold about you.
• ▸Request correction of inaccurate, incomplete, or out-of-date information.
• ▸Request deletion of your personal information (subject to legal obligations).
• ▸Opt out of direct marketing communications at any time.
• ▸Lodge a complaint with the OAIC if you believe we have mishandled your information.

To exercise any of these rights, contact us at privacy@zestly.com.au. We will respond within 30 days.

7. Data retention

We retain your personal information for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law (e.g., financial records for 7 years under Australian tax law).

8. Children's privacy

Zestly is not directed at children under the age of 15. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification at least 14 days before the changes take effect. Continued use of Zestly after the effective date constitutes acceptance of the updated policy.

10. Contact us

If you have questions or concerns about this Privacy Policy or how we handle your information, please contact us:

If you are unsatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.