Privacy Policy

1. What personal information we collect

We collect personal information that is reasonably necessary to provide our services. This includes:

• ►Account information: your name, email address, and password when you register.
• ►Profile information: your company name, role, and profile picture if provided.
• ►Billing information: your name, billing address, and card details (processed securely by Stripe - we do not store full card numbers).
• ►Social media account credentials: OAuth tokens used to connect your social media accounts. We never store your passwords.
• ►Content: posts, captions, images, and videos you create or schedule through Zestly.
• ►Usage data: pages visited, features used, actions taken, and timestamps, collected automatically via cookies and server logs.
• ►Communications: any messages you send us via email, contact forms, or in-app chat.
• ►Device and technical information: IP address, browser type, operating system, and referring URLs.

2. How we use your information

We use your personal information to:

• ►Create and manage your account.
• ►Provide and improve the Zestly platform and services.
• ►Process payments and send billing receipts.
• ►Publish and schedule content to your connected social media accounts.
• ►Send transactional emails (e.g., password resets, billing notifications).
• ►Send product updates, tips, and promotional emails (you may unsubscribe at any time).
• ►Respond to your support requests and enquiries.
• ►Monitor and analyse platform usage to improve features.
• ►Detect and prevent fraud, abuse, and security incidents.
• ►Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your content or prompts to train AI models.

3. Social media platform data disclosure

Zestly connects to a range of social media platforms on your behalf. When you authorise a platform connection, we access only the permissions you grant. We act as a data processor for the content and account data you direct us to manage. The following platforms may be connected through Zestly:

• ►Meta (Facebook and Instagram) - post scheduling, page management, and analytics via the Meta Graph API.
• ►TikTok - video and image post scheduling via the TikTok Content Posting API.
• ►YouTube / Google - video publishing and channel management via the YouTube Data API.
• ►LinkedIn - post scheduling and company page management via the LinkedIn Marketing API.
• ►Twitter / X - tweet scheduling and account management via the X API.
• ►Pinterest - pin scheduling and board management via the Pinterest API.
• ►Reddit - post scheduling via the Reddit API.
• ►Discord - community post notifications via Discord webhooks.
• ►Other platforms - additional platforms may be added over time. This policy will be updated accordingly.

Each platform has its own privacy policy governing how they handle data. We recommend reviewing the privacy policy of each platform you connect. Zestly does not retain platform content beyond what is necessary to deliver the scheduled posting service.

4. Data storage and security

All customer data is stored in Australia in the AWS ap-southeast-2 (Sydney) region. We do not transfer personal data to overseas servers except where strictly necessary and with appropriate safeguards in place.

We implement industry-standard security measures including:

• ►AES-256 encryption for data at rest.
• ►TLS 1.3 for data in transit.
• ►OAuth 2.0 for all social platform connections.
• ►Regular third-party security audits.
• ►Strict access controls and least-privilege principles for staff.
• ►Multi-factor authentication available for all accounts.

While we take all reasonable steps to protect your data, no method of transmission or storage is 100% secure. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme.

5. Sharing with third parties

We share personal information with third-party service providers only where necessary to operate the platform. These providers are bound by confidentiality agreements and may only use your data to provide services to us. They include:

• ►Stripe - payment processing.
• ►Amazon Web Services (AWS) - cloud infrastructure and storage.
• ►Anthropic (Claude AI) - powering the AI caption writer. Your prompts and content are not used to train their models.
• ►Postmark / SendGrid - transactional and marketing email delivery.
• ►Intercom - in-app customer support chat.
• ►Google Analytics - anonymised website usage analytics.

We will not disclose your information to law enforcement or government bodies unless required by law or a valid court order.

6. International data transfers

Some of our third-party service providers may be located outside of Australia. Where we transfer personal information overseas, we take steps to ensure the recipient handles the information in a manner consistent with the Australian Privacy Principles, including through contractual arrangements. By using Zestly, you consent to such transfers where necessary to deliver our services.

7. Cookies and tracking

We use cookies and similar tracking technologies to operate and improve our website and platform. For detailed information on the cookies we use, please refer to our Cookie Policy. Types of cookies we use include:

• ►Essential cookies: required for the platform to function (authentication sessions, CSRF protection).
• ►Preference cookies: remember your settings and preferences.
• ►Analytics cookies: help us understand how users interact with the site (e.g., Google Analytics, with IP anonymisation enabled).
• ►Marketing cookies: track referral sources and attribution for our affiliate and advertising programs.

You can disable non-essential cookies via your browser settings. Note that disabling essential cookies may affect platform functionality.

8. Your rights

Under the Australian Privacy Act 1988, you have the right to:

• ►Access the personal information we hold about you.
• ►Request correction of inaccurate, incomplete, or out-of-date information.
• ►Request deletion of your personal information (subject to legal obligations).
• ►Opt out of direct marketing communications at any time.
• ►Lodge a complaint with the OAIC if you believe we have mishandled your information.

To exercise any of these rights, contact us at hello@zestly.com.au. We will respond within 30 days.

9. Data retention

We retain your personal information for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law (e.g., financial records for 7 years under Australian tax law).

10. Children's privacy

Zestly is not directed at children under the age of 15. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

11. How to make a complaint

If you believe we have breached the Australian Privacy Principles or your privacy rights, we encourage you to contact us first so we can attempt to resolve your complaint:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification at least 14 days before the changes take effect. Continued use of Zestly after the effective date constitutes acceptance of the updated policy.

13. Contact us

If you have questions or concerns about this Privacy Policy or how we handle your information, please contact us: