ZekeAI
Try the demo

Legal

Privacy Policy

Effective: April 18, 2026 · McKit Solutions LLC (d/b/a Zeke AI)

Draft pending legal review. This document is a good-faith, attorney-reviewable draft written in plain English. We'll publish the final attorney-blessed version before accepting paying customers. Email legal@usezeke.com if you spot anything that needs tightening.

The short version

  • We collect what we need to run Zeke — nothing else.
  • We never sell your data. Period.
  • We never share it for third-party marketing.
  • We never train AI models on your content, uploads, or workflow.
  • You own your data. Export or delete any time.
  • Your card details never touch our servers — Stripe handles payment.

If that's enough for you, you can stop reading. The rest is the detail, for the regulators and the careful readers.

Who we are

Zeke AI is operated by McKit Solutions LLC, a Delaware limited liability company. We are the “data controller” for information we collect about you (e.g., your Zeke account). We are a “data processor” for the content you upload or generate through Zeke (e.g., your client data, uploaded documents).

Privacy questions: privacy@usezeke.com.

What we collect

Account information: your name, email, workspace name, and payment method (stored at Stripe, never on our servers).

Usage data: which pages you visit in Zeke, which features you use, which recommendations you approve or reject. This helps us understand which parts of the product are working.

Content you upload or generate: documents, files, call notes, knowledge shards, audit logs, approval history. This is your data. We process it to run Zeke for you; we never use it for our own purposes.

Ad-platform data:when you connect Meta and Google, we sync ad spend, campaign, creative, and attribution data on your behalf — only what's needed to generate recommendations and reports.

Device + technical data: IP address, browser user-agent, timestamps. Standard web-service logs, retained for 90 days for security and debugging.

How we use it

We use the data we collect to:

  • Run Zeke for you — generate recommendations, deliver reports, power search.
  • Send you transactional email (billing receipts, password resets, pilot kickoff emails).
  • Understand which features matter and which don't, so we can prioritize work.
  • Keep Zeke secure — detect fraud, abuse, and unauthorized access.
  • Comply with law.

We do not:

  • Sell or share your data to third parties for marketing or advertising.
  • Train AI models on your content — ours or anyone else's.
  • Read your uploaded documents except when you initiate a support request that requires it.
  • Share your email or contact info with other Zeke customers.

Who we share data with (sub-processors)

To run Zeke, we share specific data with these third-party services. Each has a data-processing contract prohibiting them from using your data for training, advertising, or resale.

  • Anthropic — receives prompt content for AI reasoning. No training on our data.
  • OpenAI — receives text chunks for embeddings only. No training.
  • Supabase — database + storage. SOC 2 compliant.
  • Clerk — authentication. SOC 2 compliant.
  • Stripe — payment processing. PCI Level 1.
  • Resend — transactional email delivery.
  • Trigger.dev — background job orchestration.
  • Sentry — error monitoring (aggregated stacktraces, no user content).
  • PostHog — product analytics (anonymized usage events).
  • Langfuse — LLM observability (prompt/response telemetry for debugging).
  • Vercel — web hosting.

We publish this list in the Data Processing Addendum with full detail. We'll email customers 30 days before adding new sub-processors.

How long we keep it

  • Account data: as long as your account is active, plus 30 days after cancellation.
  • Your uploaded content: as long as your account is active, plus 30 days after cancellation or deletion.
  • Technical logs: 90 days.
  • Billing records: 7 years (legal requirement for tax + dispute resolution).
  • Backup snapshots: up to 30 days rolling; deleted data gets purged in the next backup cycle.

Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the data we have about you.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Export your data in a machine-readable format.
  • Object to specific processing.
  • Withdraw consent.

You can exercise all of these from Settings → Data & Privacy, or by emailing privacy@usezeke.com. We respond within 30 days.

Cookies

Zeke uses the minimum cookies needed to run — session authentication, demo-state persistence (zeke_demo_state_v1), and theme preference (zeke_theme). We don't use third-party advertising cookies. We don't share cookie data with ad networks.

Our analytics (PostHog) uses anonymized first-party identifiers — no cross-site tracking.

Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Access to production systems is limited to a small number of engineering staff, each with MFA-required accounts and audited access logs.

If we ever experience a breach affecting your data, we'll notify affected customers within 72 hours of confirming the breach, per GDPR Article 33 timing.

Kids

Zeke is a B2B product for adult professionals. We don't knowingly collect data from anyone under 18. If you think we have, email privacy@usezeke.com and we'll delete it.

International transfers

Zeke is operated from the United States. If you're in the EU, UK, or another region with data-transfer rules, your data will be transferred to the US under Standard Contractual Clauses (SCCs) incorporated into our sub-processor contracts.

Changes to this Policy

If we make material changes, we'll email you at least 30 days before they take effect. For minor changes (typos, clarifications), we'll update this page and bump the effective date.

Contact

privacy@usezeke.com
McKit Solutions LLC, [physical address placeholder — to be filled before public launch]