Privacy Policy

How we handle and safeguard your data.

Privacy Policy

Last Updated: April 24, 2026

1. Introduction

Welcome to Zerka ("we," "us," or "our"), accessible at https://zerka.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, desktop application, and cloud services (collectively, the "Service").

Zerka is owned and operated by Holmes Ayala, a sole proprietor based in Bogotá D.C., Colombia, who acts as the Data Controller of your personal data. We are committed to protecting your privacy and ensuring compliance with global data protection laws, including the GDPR and CCPA.

By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.

2. Data Collection

We collect personal information necessary to provide and improve our Service. The types of data we collect include:

  • Account Information: When you register via our authentication provider (Auth0), we collect your email address and basic profile information provided by your social login provider (Google or Microsoft).
  • User Content: If you utilize our cloud storage features, we store the screenshots, screen recordings, and annotated images you choose to upload. You remain the owner of this content.
  • Financial Information: All payments are processed by our Merchant of Record, Paddle. We do not directly collect or store your full credit card number or bank details. Paddle collects this information according to their own privacy policy.
  • Technical Logs: The Zerka desktop application generates local log files detailing its operation to assist with troubleshooting. These logs are stored locally on your device. We only collect them if you manually attach and send them to our customer support team.
  • Usage Data: We use Umami, a privacy-focused, open-source analytics tool, to understand how visitors interact with our main website. This data is anonymized and collected without the use of tracking cookies.

3. Data Use and Legal Basis for Processing

Under the GDPR, we must have a lawful basis to process your data. We use your data for the following purposes:

  • To Provide the Service (Contractual Necessity): To create your account, authenticate your login, and provide cloud storage for your User Content.
  • To Process Payments (Contractual Necessity): Facilitated through Paddle to manage your subscription.
  • To Provide Customer Support (Legitimate Interest / Contractual Necessity): To respond to your inquiries and troubleshoot issues using the log files you manually provide.
  • To Prevent Fraud and Abuse (Legitimate Interest): To identify and prevent abuse of our Service. Specifically, upon account deletion or subscription expiration, we securely retain your email address in our database indefinitely. This is strictly necessary for our legitimate business interest to prevent unauthorized repeat usage of our 15-day Trial Plan.
  • To Improve Our Service (Legitimate Interest): Analyzing anonymized website traffic via Umami to enhance user experience.

4. Cookie Policy

  • Our Website: The main Zerka website (zerka.io) does not use cookies for tracking or analytics.
  • Third-Party Integrations: Our essential third-party service providers (such as Auth0 for login, Cloudflare for security/routing, and Paddle for checkout) may use strictly necessary cookies to ensure the core functionality, security, and integrity of their services. By using Zerka, you consent to these essential functional cookies.

5. Third-Party Sharing and Data Transfers

We do not sell your personal data. We only share information with trusted third-party processors necessary to operate the Service. These include:

  • Auth0: For user authentication and identity management.
  • Contabo: Our cloud server provider, located in the United States (East).
  • Cloudflare: For DNS management, DDoS protection, and cloud storage (Cloudflare R2, located in Eastern North America).
  • Paddle: Our Merchant of Record for payment processing.

International Data Transfers: Because Zerka is operated from Colombia and utilizes servers in the United States, your data will be transferred across international borders. We ensure our third-party processors comply with stringent data protection standards (such as Standard Contractual Clauses) to safeguard your information globally.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Active Accounts: User Content is stored as long as your subscription is active.
  • Expired Subscriptions: If your plan expires, we grant a grace period before permanently deleting your cloud-stored User Content:
    • Trial Plan: Files are deleted 5 days after expiration.
    • Pro Plans: Files are deleted 15 days after expiration.
  • Account Deletion: Upon account deletion, all User Content is permanently destroyed. However, we securely retain your email address indefinitely to prevent abuse of the free Trial Plan.

7. Your Privacy Rights (GDPR & CCPA)

Depending on your location, you have specific rights regarding your personal data:

  • Right to Access & Portability: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): You can request the deletion of your account and data. Note: We will delete your files, but we reserve the right to retain your email address under the legal basis of Legitimate Interest to prevent trial abuse.
  • Right to Restrict or Object to Processing: You may object to how we process your data in certain circumstances.
  • CCPA Specific - "Do Not Sell My Personal Information": We do not sell personal data. California residents have the right to non-discrimination for exercising their privacy rights.

To exercise any of these rights, please contact us at [email protected].

8. Security Measures

We implement appropriate technical and organizational measures to protect your data, leveraging enterprise-grade security from Cloudflare and Auth0. However, no internet transmission is 100% secure.

User Responsibility: We are not responsible for the security of the local environment where the desktop application is installed. It is your responsibility to ensure your machine is free of malicious software that could compromise your locally stored User Content or login credentials.

9. Children's Privacy

Zerka is intended strictly for adult users (18 years of age and older). We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will take immediate steps to delete it.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you via email or through an in-app notification at least 30 days before the changes take effect. Continued use of the Service after this period constitutes acceptance of the updated policy.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

  • Email: [email protected]
  • Data Controller: Holmes Ayala
  • Location: Bogotá D.C., Colombia