Privacy Policy

Last updated: February 12, 2026

Introduction

Zivash Inc. ("we," "our," or "us") operates Ziva.sh and the Ziva AI agent for Godot Game Engine. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

Information We Collect

Account Information

When you sign in using OAuth (GitHub, Discord, or Google), we collect:

  • Your name
  • Your email address
  • Your profile image
  • OAuth provider information
  • Last login method

Session Information

When you use our service, we collect:

  • Session tokens for authentication
  • IP addresses
  • User agent information (browser/device type)

Usage Information

When you interact with Ziva, we store minimal usage data for billing and analytics purposes. We do not store your prompts, code, or project-specific data on our servers. The data we do store includes:

  • API usage statistics (request counts, timestamps)
  • Token usage and cost tracking per request
  • Anonymized telemetry (e.g., success/failure rates, active sessions)

Local Data Storage

Chat history and conversation data may be stored locally in SQLite on your device for offline access and faster loading. This data remains on your device and is not stored on our servers.

How We Use Your Information

To Provide AI Assistance

Your code and conversation data is sent to third-party LLM providers (such as but not limited to Google, Anthropic, OpenAI and xAI) to generate AI responses. We may add additional providers in the future to improve service quality.

To Maintain Your Account

  • Authenticate and authorize access to your account
  • Track API usage for billing and rate limiting

What We Never Do With Your Data

  • We never store your project data on our servers. Ziva does not store your prompts or code on its servers; we directly forward your requests to LLM providers.
  • We never use your code to train AI models. Your game projects and code are never used by Ziva to train AI models.
  • Never share your data with third parties except LLM providers necessary to power the AI features.
  • Never sell your data to advertisers, data brokers, or any other parties.

Data Retention

You have the right to delete your account and all associated data at any time.

Third-Party Services

LLM Providers

We use the following LLM providers to power Ziva's AI capabilities:

  • Google (Gemini)
  • Anthropic (Claude)
  • xAI (Grok)
  • OpenAI (GPT)
  • OpenRouter (LLM routing)
  • Moonshot AI (Kimi)
  • Zai (GLM)
  • Additional providers may be added in the future

These providers process your code and prompts according to their own privacy policies and API terms. While Ziva itself does not store your prompts or project data, these third-party providers may store data based on their own policies. You are encouraged to review the individual privacy policies of these providers. We never use your code or project data to train AI models.

Asset Generation Services

We use the following services for generating game assets:

  • Meshy API (3D model generation)
  • PixelLab API (pixel art generation)
  • Retro Diffusion API (pixel art generation)

When you use asset generation features, your prompts and parameters are sent to these services according to their respective privacy policies.

Cloud Storage

Generated assets (3D models, images, etc.) are stored in S3-compatible cloud storage. These files are associated with your account and may be retained until you delete your account or request removal.

Authentication

We use GitHub, Discord, and Google OAuth for authentication. When you sign in, these providers share basic profile information with us according to their privacy policies.

Payment Processing

We use Stripe to process payments for subscriptions and billing. When you subscribe or make a purchase, Stripe collects payment information directly according to their privacy policy. We do not store your full credit card details on our servers, we only store minimal subscription ID, status which are required to identify your subscription.

Analytics

We use the following analytics services to improve our product:

  • PostHog (product analytics, EU hosted)
  • Vercel Analytics (web analytics)

These services collect anonymized usage data to help us understand how users interact with Ziva and improve the experience.

Discord Integration

In addition to Discord OAuth for authentication, we operate a Discord bot that may manage roles and permissions based on your subscription status. This integration accesses only the minimal Discord data necessary to provide these features.

Data Retention

You can delete your account and all associated data at any time through your account settings.

Your Rights

You have the following rights regarding your personal data:

Right to Access

View all information we have about you through your account dashboard at any time.

Right to Delete (Right to Erasure)

You can permanently delete your account and all associated data at any time through the "Danger Zone" section in your account settings. This will immediately and permanently remove:

  • Your account and profile information
  • API keys and usage data
  • All settings and preferences

Note: Account deletion is irreversible. All data is purged from our servers within 24 hours. Some data may persist with third-party payment providers (if applicable), and third-party LLM providers. To request deletion from payment providers, contact us at privacy@ziva.sh after deleting your account.

Right to Control What You Share

You have control over what code and project context you share with Ziva. All AI requests are triggered by you.

GDPR Compliance

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to rectification: Correct inaccurate personal data through your account settings
  • Right to data portability: Contact us to receive a copy of your data in a portable format
  • Right to object: Object to processing of your personal data for specific purposes
  • Right to restrict processing: Request limitation of processing under certain circumstances

To exercise any of these rights, contact us at privacy@ziva.sh. We will respond to your request within 30 days.

Security

We implement reasonable security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure.

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this policy.

Contact Us

If you have questions about this Privacy Policy, please contact us:

Zivash Inc.
Federally registered in Canada
Email: privacy@ziva.sh