How quickly can I get started with Zenovay?

Getting started takes less than 5 minutes. Simply sign up for a free account, add our one-line JavaScript code to your website, and you will start seeing visitor data on the 3D globe immediately. No complex configuration or technical expertise required.

Is Zenovay GDPR and privacy compliant?

Yes. Zenovay is designed with privacy-first principles and complies with GDPR, CCPA, and other privacy regulations. Our analytics use minimal, essential cookies for session management and do not use cross-site tracking or fingerprinting. We do not sell visitor data. See our Cookie Policy and Privacy Policy for full details.

What makes the visitor value scoring so accurate?

Our AI analyzes multiple behavioral signals including page views, time on site, scroll depth, interaction patterns, and conversion indicators. The algorithm learns from your specific website patterns to assign value scores that correlate strongly with actual conversions and business value.

Can I integrate Zenovay with my existing tools?

Yes! Zenovay provides a comprehensive API and webhooks for custom integrations. Connect with tools like Stripe, Slack, and Zapier, or build custom integrations with our REST API. Our team can help set up complex integrations for Enterprise customers.

What happens if I exceed my plan visitor limit?

We never stop tracking your visitors or cut off your service. If you exceed your plan limit, we will notify you and you can upgrade to accommodate your growth. For occasional spikes, we provide a small buffer. We believe growing businesses should not be penalized for success.

How accurate is the geographic location data?

Our location data is highly accurate, typically within city-level precision (85-95% accuracy). We use multiple IP geolocation databases and advanced algorithms to ensure the most accurate positioning on the 3D globe. Enterprise customers can access even more precise data.

Can I customize the dashboard and reports?

Absolutely! Pro and Enterprise plans include custom dashboard creation, white-label reporting, and the ability to create custom metrics and segments. You can save multiple dashboard views, schedule automated reports, and share specific insights with team members.

What kind of support do you provide?

We provide email support for all users, with priority support for paid plans. Enterprise customers get dedicated phone support and a dedicated account manager. Our support team consists of analytics experts who can help with setup, optimization, and strategy.

Is there a long-term contract required?

No contracts required! All our plans are month-to-month or yearly (with a discount). You can upgrade, downgrade, or cancel anytime. We believe in earning your business every month by providing exceptional value, not by locking you into long contracts.

Is there a free plan?

Yes! Zenovay includes a free plan with 1 website, 2 team members, and 1 year of data retention. No credit card required. You can upgrade to a paid plan anytime for more websites, team members, and longer data retention.

Privacy Policy

Last update: February 8, 2026

Zenovay Inc. ("Zenovay", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website zenovay.com (the "Site") and use our analytics platform and related services (the "Services"). This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nDSG), as well as other applicable data protection laws.

Please read this Privacy Policy carefully. This Privacy Policy is provided for informational purposes and describes our data practices. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you have questions, please contact us at privacy@zenovay.com.

Information We Collect

We collect information about you in various ways when you use our Services. The information we collect falls into the following categories:

Information You Provide Directly

We collect information that you provide directly to us, including:

Account Information: When you create an account, we collect your name, email address, company name, and password.
Payment Information: When you subscribe to a paid plan, our payment processor (Stripe) collects your payment card information, billing address, and related payment details. We do not store complete payment card numbers on our servers.
Profile Information: You may choose to provide additional information such as your job title, phone number, profile picture, and company website.
Communications: When you contact our support team or communicate with us, we collect the content of your messages, support tickets, and any attachments you send.
Survey Responses: If you participate in surveys or provide feedback, we collect your responses and any personal information you choose to share.

Support Communications

When you contact our support team or use our AI support assistant:

Chat History: We store chat conversations to improve support quality and train our AI assistant. Chat transcripts may be retained for up to 2 years.
Support Tickets: Ticket content, attachments, and metadata are retained for 2 years to provide consistent support and track issue resolution.
Project Access: If you grant support access to your project, our support team may temporarily view your analytics data, configurations, and activity logs to diagnose and resolve issues.
AI Processing: Your support messages may be processed by AI systems (via Cloudflare AI Gateway and OpenAI) to provide faster responses and categorize issues. You can always request human support at any time.
Attachments: Files you upload (screenshots, logs, etc.) are stored securely and retained for the duration of ticket resolution plus 90 days.

Information Collected Automatically

When you access or use our Services, we automatically collect certain information, including:

Usage Data: We collect information about your use of our Services, including the pages you view, features you use, links you click, searches you perform, and the date and time of your visits.
Device Information: We collect information about the devices you use to access our Services, including device type, operating system, browser type and version, screen resolution, IP address, unique device identifiers, and mobile network information.
Location Data: We may collect approximate location information based on your IP address (using IPwho.is as a fallback geolocation provider) to provide region-specific features and comply with local regulations.
Cookies and Similar Technologies: We use essential cookies, including analytics cookies, to collect information about your browsing behavior. See our Cookie Policy for more details. An informational cookie notice appears on your first visit and is accessible at any time via the "Cookie Settings" link in the footer.

Cookies and Local Storage

The following table describes the cookies and local storage items used by our Services:

Name	Purpose	Category	Duration	Consent
`zenovay_visitor_id`	Analytics visitor identification (essential for site performance)	Essential	90 days	Always active
`auth_session`	Authentication session state	Essential	90 days	Always active
`__cf_bm`	Cloudflare bot management	Essential	30 minutes	Always active
`cf_clearance`	Cloudflare security challenge	Essential	30 minutes	Always active
`zenovay-consent` (localStorage)	Cookie consent preferences	Essential	Persistent	Always active
`zenovay_disable_tracking` (localStorage)	User tracking opt-out flag	User Control	Persistent	Always active
`sidebar-collapsed` (localStorage)	Dashboard sidebar preference	Preference	Persistent	Always active

Information From Third Parties

We may receive information about you from third-party sources, including:

Authentication Services: If you sign up or log in using a third-party service (Google OAuth, GitHub OAuth), we receive basic profile information from that service.
Data Enrichment Services: We may use third-party data enrichment services to enhance analytics insights for business intelligence purposes.
Bot Protection: Cloudflare Turnstile may be used to verify that interactions are from legitimate users.

Analytics Data We Process on Behalf of Customers

As an analytics platform, we process data about visitors to our customers' websites on their behalf. This section describes the data we collect and process when you visit a website that uses Zenovay analytics. Our customers (the website operators) are the data controllers for this data, and we act as their data processor.

Visitor Data Collected

When you visit a website using Zenovay analytics, we may collect:

Network Information: IP address, approximate geographic location (country, region, city)
Device Information: Device type, browser, operating system, screen resolution, viewport dimensions
Page Information: URLs visited, page titles, referrer URLs, time spent on pages
Behavioral Data: Scroll depth, click counts, form interactions, engagement time
Campaign Data: UTM parameters and advertising platform click identifiers (e.g., Google, Facebook, TikTok)
Conversion Data: Custom conversion events, goal completions, and associated values as defined by the website operator
Session Information: Session duration, pages viewed per session, returning visitor status

Automated Decision-Making and Profiling

Our Services include automated visitor value scoring that assigns a score between 0 and 100 to website visitors based on factors including geographic location, device type, browsing behavior, and session characteristics. This scoring is used to help our customers prioritize visitor engagement and understand visitor quality. The scoring is performed automatically without human intervention.

Under GDPR Article 22 and nDSG Article 21, you have the right to:

Obtain information about the logic involved in automated decision-making
Express your point of view and contest decisions based solely on automated processing
Request human review of automated decisions that significantly affect you

To exercise these rights, contact privacy@zenovay.com.

Optional Analytics Features

Website operators may enable additional features that collect more detailed data:

Session Replay: When enabled, we record user interactions including mouse movements, clicks, and page content to help website operators understand user behavior. Sensitive form fields (passwords, credit cards) are automatically masked.
Heatmaps: Aggregated visualization of where users click and scroll on pages.
User Identification: Website operators may choose to associate analytics data with user identifiers (name, email, company) that they provide to us through their implementation.
Business Intelligence: For B2B analytics, we may use third-party data enrichment services to identify the organizations visiting a website based on network information.
AI-Powered Insights: Analytics data may be processed through AI models (via Cloudflare AI Gateway) to generate automated insights and recommendations for website operators.

IP Address Handling

We collect IP addresses to determine geographic location and for security purposes. IP addresses are:

Stored to enable geographic analytics and fraud prevention
Retained according to the data retention period configured by the website operator (see Data Retention section)
Not shared with third parties except as described in this policy
Used for B2B company identification when this optional feature is enabled

First-Party Tracking

Some customers may configure Zenovay to operate through their own domain (first-party tracking). In this configuration:

Analytics requests appear to originate from the customer's domain rather than Zenovay's domain
This may affect how ad-blockers and privacy tools interact with the tracking
The customer is responsible for disclosing this practice in their own privacy policy

How We Use Your Information

We use the information we collect for various purposes, including:

Provide and Maintain Services: To create and manage your account, process transactions, provide customer support, and deliver the features and functionality of our Services.
Improve and Develop Services: To understand how users interact with our Services, identify trends, diagnose technical issues, and develop new features and improvements.
Communicate With You: To send you service-related notifications, respond to your inquiries, provide customer support, and send marketing communications (with your consent).
Personalization: To personalize your experience, provide relevant content and recommendations, and remember your preferences.
Security and Fraud Prevention: To detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
Legal Compliance: To comply with legal obligations, respond to legal requests, enforce our terms and policies, and protect our rights and the rights of others.
Analytics and Research: To conduct research, create statistical and aggregated data, and analyze usage patterns to improve our Services.
Marketing and Advertising: To send you promotional materials and measure the effectiveness of our marketing campaigns (with your consent where required).

Legal Basis for Processing

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for collecting and using your information depends on the specific processing activity:

Processing Activity	Legal Basis
Account creation and management	Contract performance (Art. 6(1)(b) GDPR)
Payment processing	Contract performance (Art. 6(1)(b) GDPR)
Essential cookies	Legitimate interest (Art. 6(1)(f) GDPR)
Analytics cookies (essential)	Legitimate interest (Art. 6(1)(f) GDPR)
Visitor value scoring	Legitimate interest (Art. 6(1)(f) GDPR)
AI-powered analytics insights	Legitimate interest (Art. 6(1)(f) GDPR)
Marketing communications	Consent (Art. 6(1)(a) GDPR)
Security and fraud prevention	Legitimate interest (Art. 6(1)(f) GDPR)
Legal compliance	Legal obligation (Art. 6(1)(c) GDPR)

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share information with third-party service providers who perform services on our behalf, including:

Cloud Infrastructure: Cloudflare for edge computing, content delivery, and security services
Database Services: Supabase for data storage, real-time synchronization, and authentication
Payment Processing: Stripe for processing payments and managing subscriptions
Email Services: Resend for transactional email delivery
Geolocation: Mapbox for map visualization and geographic data
Geolocation Fallback: IPwho.is for IP geolocation lookups when primary service is unavailable
AI Services: OpenAI for AI-powered analytics insights (optional feature)
AI Routing: Cloudflare AI Gateway for AI model routing and caching
Authentication: Google OAuth for social sign-in
Authentication: GitHub (Microsoft) OAuth for social sign-in
Bot Protection: Cloudflare Turnstile for CAPTCHA and bot protection

These service providers have access to your information only to perform tasks on our behalf and are obligated to protect your information. For a complete list of our subprocessors, please see our Subprocessors page.

Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

Legal Requirements and Protection

We may disclose your information if required to do so by law or if we believe such action is necessary to:

Comply with legal obligations, court orders, or governmental requests
Enforce our Terms of Service or other agreements
Protect and defend our rights or property
Prevent fraud or abuse of our Services
Protect the safety of our users or the public

Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using TLS/SSL
Encryption of sensitive data at rest
Periodic security reviews leveraging infrastructure provider certifications
Access controls and authentication requirements
Employee training on data protection and security
Incident response and breach notification procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority (including the EDOEB for Swiss residents and the competent EU Data Protection Authority for EU residents) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33 and nDSG Article 24
Communicate the breach to affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with GDPR Article 34
Document all breaches, including facts, effects, and remedial actions taken

Data Protection Impact Assessment

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of individuals, including visitor value scoring and AI-powered analytics processing, in accordance with Art. 35 GDPR.

Data Retention

We retain your information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on the type of information:

Account Data

Account Information: Retained for the duration of your account plus 90 days after account closure
Payment Records: Retained for 7 years to comply with tax and accounting requirements
Communications: Support tickets and communications retained for 2 years
Logs and Security Data: Retained for 90 days for security and troubleshooting purposes

Analytics Data

Analytics data (visitor records, page views, and behavioral data) is retained based on your subscription tier:

Free Plan: 1 year (365 days)
Pro Plan: 2 years (730 days)
Scale Plan: 4 years (1,460 days)
Enterprise Plan: Custom retention period as agreed

Data Retention Lifecycle

When data exceeds your plan's retention period, we use a two-phase process to ensure you have time to take action:

Phase 1 - Soft Hide (Day 0): Data older than your retention period is hidden from analytics views but remains in our systems. Your current analytics continue working normally.
Phase 2 - Grace Period (30 days): You receive email notifications about the hidden data. During this period, you can upgrade your plan to recover the data.
Phase 3 - Permanent Deletion (Day 30+): After the grace period, hidden data is permanently deleted and cannot be recovered.

If you downgrade to a lower tier, any data exceeding your new plan's retention period will immediately enter Phase 1 (soft hide), giving you 30 days to upgrade and recover your data.

Aggregated daily statistics follow the same retention lifecycle as your plan. You can request deletion of your information at any time by contacting us or deleting your account through the Services.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal information from the EEA, UK, or Switzerland to other countries, we use appropriate safeguards, including:

EU-US Data Privacy Framework (DPF): Where our service providers are certified under the EU-US DPF, we rely on this framework as a valid transfer mechanism.
Swiss-US Data Privacy Framework: For transfers from Switzerland, we rely on the Swiss-US DPF where applicable.
Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses as a fallback transfer mechanism.
Transfer Impact Assessments: Transfer Impact Assessments conducted for each data transfer to evaluate the legal framework in the recipient country.
Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission.
Supplementary Measures: We implement additional technical measures including encryption in transit and at rest, access controls, and data minimization to supplement transfer safeguards.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability

You have the right to access your personal information and request a copy in a portable, machine-readable format.

Correction

You have the right to correct inaccurate or incomplete personal information. You can update most information through your account settings.

Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, legitimate business purposes).

Objection and Restriction

You have the right to object to certain processing of your information or request that we restrict processing in certain circumstances.

Where we process your information based on consent, you have the right to withdraw consent at any time.

Opt-Out of Marketing

You can opt out of marketing communications by clicking the "unsubscribe" link in our emails or updating your communication preferences in your account settings.

California Privacy Rights (CPRA)

If you are a California resident, you have rights under the California Privacy Rights Act (CPRA, formerly CCPA):

Right to Know: You have the right to request information about the personal information we collect, use, and disclose about you.
Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information. We do not sell or share personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Information: You have the right to limit our use of sensitive personal information to purposes necessary to provide the Services.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.

Global Privacy Control (GPC): We honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out request under CCPA/CPRA and will not load analytics tracking cookies.

To exercise these rights, please contact us at privacy@zenovay.com.

European and Swiss Privacy Rights (GDPR and nDSG)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nDSG):

Right of access to your personal information
Right to rectification of inaccurate information
Right to erasure ("right to be forgotten")
Right to restriction of processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right not to be subject to solely automated decision-making
Right to lodge a complaint with a supervisory authority, including the Swiss Federal Data Protection and Information Commissioner (EDOEB) for Swiss residents or the competent EU Data Protection Authority for EU residents

To exercise these rights or if you have questions about our data processing, please contact us at privacy@zenovay.com. You also have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu. For Swiss residents, contact the EDOEB at www.edoeb.admin.ch.

Children's Privacy

Our Services are not directed to children under the age of 16 in the European Economic Area and Switzerland (pursuant to GDPR and nDSG), or under the age of 13 in the United States (pursuant to COPPA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@zenovay.com, and we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

Update the "Last update" date at the top of this page
Notify you via email or through a prominent notice in our Services
Obtain your consent if required by applicable law

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@zenovay.com

Support: support@zenovay.com

Address: Zenovay Inc., 415 Branding Street #4200, San Francisco, CA 94105

Supervisory Authorities: FDPIC (Switzerland) • EDPB Members (EU)