Zeerga

Legal

Privacy policy

Last updated: 2026-05-15 · Effective: 2026-06-14

In plain English

Zeerga is built on a zero-knowledge architecture. The encryption keys that unlock your files never leave your device. We can't read your files, your filenames, or your folder structure — and neither can anyone we might be compelled to share data with.

This page describes the limited data we do collect (to run the service, bill you, and stop abuse), how long we keep it, and what rights you have over it.

1. Who we are

Zeerga is operated by Zeerga Technologies. For privacy questions, write to privacy@zeerga.com. Our security disclosure address is security@zeerga.com.

2. What we collect and why

We collect the minimum data needed to run the service:

  • Account data. Email address, hashed password, and account preferences. Used to sign you in, recover access, and send service notifications.
  • Billing data. If you pay, our payment processor (a regulated third party) stores card details — we receive only a non-sensitive token and your invoice metadata.
  • Encrypted file blobs and metadata. Your files, filenames, and folder paths are encrypted client-side before upload. We see ciphertext, never plaintext.
  • Operational telemetry. Limited server logs (request times, anonymized IP, user-agent) for fraud and abuse detection. Retained 30 days, then deleted.
  • Communications. Emails and form submissions you send us, for as long as needed to answer them.

3. What we do not collect

We do not collect, infer, or store: third-party advertising identifiers, device fingerprints for marketing, social-graph data, or location data beyond a country-level estimate from your IP.

We do not use third-party advertising trackers on our marketing pages. We use a small, privacy-respecting analytics product to count visits — it does not set cross-site cookies.

4. How long we keep data

  • Account data: as long as your account is active, plus 30 days after deletion (for backup retention).
  • Server logs: 30 days, rolling.
  • Billing records: 7 years (legal requirement in our jurisdiction).
  • Encrypted file blobs: deleted from active storage when you delete the file, then erased from backups within 30 days.

5. Your rights (GDPR & equivalents)

You have the right to access, correct, export, or delete your personal data. To exercise any of these, write to privacy@zeerga.com from the email on file. We respond within 30 days.

You can export your account data and download a copy of all encrypted files from the account settings page. Deletion is irreversible — once we erase the encrypted blobs, no one (including us) can recover them.

6. Sharing and subprocessors

We share data with a small set of subprocessors needed to run the service: a payment processor, a transactional email provider, and our cloud infrastructure provider. Full list is maintained at subprocessors.html. All subprocessors are GDPR-aligned and bound by data processing agreements.

We do not sell personal data — ever. We do not share data with advertisers or data brokers.

7. Law enforcement requests

If a court order compels us to disclose data, we can only share what we have: account email, billing metadata, anonymized server logs. We cannot decrypt your files — that key isn't on our servers. We notify affected users where legally permitted.

For details on our process, write to legal@zeerga.com.

8. Changes

We post material changes to this policy at least 30 days before they take effect, and email account-holders when changes touch how we collect or share data.