Privacy Policy.
Who we are and scope
This Privacy Policy explains how we collect, use, store and share information about you when you use the Zorentia platform, tools and related websites (the "Service").
"We", "us" and "our" means Zorentia Product Studio Pty Ltd (ABN 86 688 343 482), based in New South Wales, Australia.
We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
What we collect
We collect different kinds of information depending on how you interact with the Service.
a) Signup and verification
- •Email address (stored for account-related communications and verification).
- •Hashed email address, used to enforce credit limits and validate accounts without storing your raw email in all locations.
- •Security signals via Cloudflare Turnstile to protect against automated abuse.
b) Technical Account Data
A randomly generated UUID.
A secure cookie-based access key.
We do not ask for your name, postal address or phone number to use the Service.
c) Payments via Square
We use Square for payment processing. We do not see or store your full card number or CVV. We only receive metadata (amount, timestamp, order status) to apply credits to your account.
How we use the information
Managing your credits, running tools, and generating outputs based on your inputs.
Sending verification codes, payment receipts, and critical account updates.
Detecting suspicious activity and protecting our platform using bot-detection tools.
Analyzing anonymized usage data to improve our logic, prompts, and tool performance.
Security and Protection
We use reputable cloud infrastructure and databases with strict access controls. All data is encrypted in transit via HTTPS.
Access keys and certain identifiers are stored as hashed values, meaning original sensitive values are never present in plain text within our database.
Data retention
We keep information only as long as needed for the purposes set out in this policy.
- •Email hashes: Retained to enforce fraud prevention rules.
- •Payment records: Kept as required by tax laws.
- •Account data: Kept while your account is active.
Your rights
You may request access to, correction of, or deletion of your personal information (subject to legal retention needs).
Institutional accounts and under-18 users
Zorentia offers licence agreements for schools, universities, and other educational institutions ("Institutional Licences"). Under an Institutional Licence, the institution enters into the data agreement with Zorentia on behalf of its students.
Where a school or institution holds an Institutional Licence, student accounts are provisioned by the institution. Zorentia treats the institution as the responsible party for obtaining any required consent from students or their parents or guardians. Students provisioned under an Institutional Licence are not required to independently agree to these terms or provide payment details.
Under-16 users: Where applicable law requires parental or guardian consent for users under 16, the Institutional Licence model satisfies this requirement through the institution's own consent processes. We do not knowingly collect data from minors accessing the Service outside of an Institutional Licence arrangement.
AI providers and student-generated content
Zorentia generates outputs using third-party AI providers via their commercial APIs. These providers currently include OpenAI, Anthropic, Google (Gemini), and Groq.
Under the standard API terms of each of these providers, data submitted via the API is not used to train or improve their models. Student project inputs — such as project descriptions, feature lists, and architecture details — are transmitted to these providers transiently to generate a response and are not retained by those providers beyond that individual request.
Student inputs are processed transiently. AI providers do not retain them beyond the request.
Zorentia does not use student-generated content to train AI models. API providers have committed the same under their commercial terms.
Zorentia itself does not use student project data, inputs, or generated outputs to train, fine-tune, or evaluate any AI model.
School cohort data deletion
Institutions holding an Institutional Licence may request bulk deletion of all student account data at the end of an academic year or upon licence expiry.
- •Deletion timeline: Data will be deleted within 30 days of a verified written request from the institution administrator.
- •How to request: Email privacy@zorentia.com from the institutional administrator email address on the account, specifying the cohort or academic year to be deleted.
- •Exceptions: Payment records and invoices required by Australian tax law will be retained for the required statutory period regardless of a deletion request.