Privacy Policy

Effective Date: March 1, 2026

This Privacy Policy describes how Beacon Labs Group ("Company", "we", "us", "our"), doing business as Beacon Labs ("Company", "we", "us", "our") collects, uses, and protects your information when you use the Zefa platform ("Service").

 

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address.

  • Display name / username.

  • Authentication credentials (managed through Supabase Auth).

  • Profile information you choose to provide.

1.2 Usage Data

We automatically collect:

  • Agent creation and interaction metadata (e.g., number of messages, agent types used).

  • Feature usage patterns (marketplace browsing, team creation, etc.).

  • Device and browser information (user agent, screen resolution).

  • Log data (IP address, access times, pages viewed).

1.3 Chat & Memory Data

When you use Zefa to chat with agents, we collect and store:

  • Chat messages between you and your agents.

  • Per-agent memory data accumulated over sessions.

  • Files you attach to conversations.

This data is stored server-side and is isolated per user, per agent. It is never shared with other users.

1.4 API Keys

If you use BYOK (Bring Your Own Key), we process your API keys to route requests to LLM providers. Your keys are:

  • Encrypted in transit and at rest.

  • Used only to make API calls on your behalf.

  • Never logged, shared, or used for any other purpose.

  • Deletable at any time through your account settings.

1.5 Agent Data

When you create or publish agents, we collect:

  • Agent configuration files (roles, skills, persona, changelog).

  • Marketplace listing information (description, category, pricing).

  • Rating and review data from other users.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service.

  • Process transactions and manage your account.

  • Deliver per-agent persistent memory functionality.

  • Operate the marketplace (agent discovery, ratings, purchases).

  • Communicate with you about the Service (updates, security alerts, support).

  • Analyze usage patterns to improve the product (aggregated, anonymized).

  • Prevent fraud, abuse, and enforce our Terms of Service.

We do NOT sell your chat data or use it for third-party advertising.

3. How We Share Your Information

We do not sell your personal information. We may share your data in the following limited circumstances:

3.1 LLM Providers

When you send a message to an agent, the message content is sent to the relevant LLM provider (e.g., Anthropic, OpenAI, Google) to generate a response. This transmission is subject to the LLM provider's own privacy policy and terms of service.

3.2 Published Agents

If you publish an agent on the marketplace, the following is publicly visible:

  • Your username / publisher name.

  • Agent configuration (roles, skills, persona, description).

  • Agent stats, tier, and ratings.

Your chat history, memory data, and private agents are never publicly visible.

3.3 Service Providers

We use third-party services to operate the platform:

  • Supabase (authentication, database, storage).

  • Hosting and infrastructure providers.

These providers process data on our behalf and are bound by confidentiality obligations.

3.4 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

4. Data Retention

  • Account data is retained as long as your account is active.

  • Chat history and memory data are retained as long as your account is active.

  • If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

  • Aggregated, anonymized data may be retained indefinitely for analytics.

During the beta period, data may be deleted or reset as part of system updates. We will provide reasonable notice before any planned data resets.

5. Data Security

We implement reasonable technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest.

  • Row-Level Security (RLS) policies in our database ensuring per-user data isolation.

  • Encrypted storage of API keys.

  • Regular security reviews and updates.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.

  • Request correction of inaccurate data.

  • Request deletion of your data ("right to be forgotten").

  • Export your data in a portable format.

  • Object to or restrict certain processing of your data.

To exercise these rights, contact us at contact@zefa.dev. We will respond within 30 days.

7. Children's Privacy

Zefa is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. Users between 13 and 18 may use Zefa with parental or guardian consent.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. By using the Service, you consent to the transfer of your data to the United States or other jurisdictions where our infrastructure is located.

9. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels. We may use privacy-respecting analytics to understand aggregate usage patterns.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the Service or via email. The "Effective Date" at the top indicates when the policy was last revised.

11. Contact Us

For privacy-related questions or requests, contact us at:

contact@zefa.dev

Beacon Labs Group

 

Last updated: March 5, 2026