Legal
Privacy Policy
Last updated: June 2, 2026
This Privacy Policy explains how Zaiya ("Zaiya," "we," "our," or "us") collects, uses, shares, and protects personal information when you use zaiya.studio, the Zaiya application, public gallery links, the Atrium for clients and planners, forms, proposals, invoices, and related services (together, the "Service").
Summary. Zaiya collects account information, studio workspace content, client and planner records, gallery and file metadata, billing records, support messages, and basic usage data so we can provide and secure the Service. We do not sell personal information. We use trusted service providers such as Supabase, Stripe, Resend, Cloudflare, Vercel, and, when enabled by you, Google.
This policy is provided for transparency and is not legal advice. If you have questions, contact us at hello@zaiya.studio.
1. What Zaiya Is
Zaiya is a studio workspace for luxury wedding photographers. The Service helps photographers manage clients, planners, galleries, proposals, contracts, invoices, payments, files, communication, and workflow automations.
2. Controller And Processor Roles
For information about your own Zaiya account, subscription, and use of the Service, Zaiya generally acts as the controller. For personal information you upload about your clients, planners, vendors, collaborators, and wedding guests, you generally act as the controller and Zaiya acts as your processor or service provider.
You are responsible for giving your own clients and collaborators any privacy notices and consent requests required for your photography business. Zaiya processes that data to provide the Service to you.
3. Information We Collect
3.1 Account And Workspace Information
- Name, email address, authentication credentials, and user ID
- Workspace name, studio profile, business details, and preferences
- Subscription, plan, usage, and account status
3.2 Studio Content You Add
- Client, planner, vendor, and collaborator records
- Event details, timelines, notes, moodboards, files, and messages
- Gallery records, image metadata, favorites, and access settings
- Proposals, packages, invoices, payments, and contract content
- Blog posts, forms, public pages, and other content you publish
3.3 Atrium And Public Link Data
When clients, planners, or guests use the Zaiya Atrium, gallery share link, proposal, invoice, contract, or form, we may process the information they submit, the records they access, timestamps, IP address, browser user-agent, and audit information needed to provide the requested experience.
3.4 Payments
We use Stripe for subscription billing and, when enabled, studio-owned invoice payments. Stripe processes card and bank payment information. Zaiya does not store raw card numbers.
3.5 Integrations
If you connect Google, Stripe, Gmail, Calendar, gallery hosts, or other integrations, we process the tokens, identifiers, settings, and content needed to provide those integrations. Google API data is used only to provide user-facing features you request and is not used to train generalized AI models.
3.6 Support, Contact, And Marketing
If you contact us, join a waitlist, submit a form, or subscribe to updates, we collect the information you provide, such as name, email, studio name, message content, and source page.
3.7 Usage, Logs, And Device Data
We collect standard technical information such as IP address, user-agent, requested URL, timestamps, error logs, and aggregate product usage. We use this to operate, secure, troubleshoot, and improve the Service.
4. How We Use Information
- Provide, maintain, and secure the Service
- Create accounts, authenticate users, and manage workspaces
- Operate the Atrium and deliver galleries, proposals, invoices, contracts, and forms
- Process subscriptions and connected payment workflows
- Send transactional emails, notifications, and support replies
- Respond to contact requests and product inquiries
- Detect abuse, fraud, spam, security incidents, and outages
- Comply with legal obligations and enforce our Terms
- Improve the Service using aggregated or de-identified information
5. AI Features
Zaiya may offer AI-assisted drafting, summaries, and workflow tools. These tools are intended to help you draft or organize content; you remain responsible for reviewing outputs before sending them to clients or collaborators. We do not use your client records or studio content to train generalized AI models.
6. How We Share Information
We share personal information only as needed to provide the Service, comply with law, protect rights and security, or complete a business transaction such as a merger or acquisition. We do not sell personal information or share it for cross-context behavioral advertising.
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, and storage infrastructure |
| Stripe | Subscription billing and connected payment workflows |
| Resend | Transactional and contact-form email delivery |
| Cloudflare | Security, content delivery, and object storage |
| Vercel | Application hosting and deployment |
| OAuth, Gmail, and Calendar features when enabled by you |
7. Legal Bases For Processing
Where GDPR, UK GDPR, or similar laws apply, our legal bases may include contract performance, legitimate interests, consent, and legal obligations. For client and collaborator data you add to your workspace, you are responsible for identifying the lawful basis for your own photography business.
8. Data Retention
We keep personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Active workspace content is retained while the workspace remains active. After account cancellation or deletion, we delete or de-identify data within a reasonable period unless retention is required by law, security, backup integrity, or payment records.
9. Security
We use technical and organizational safeguards including TLS, access controls, encrypted sensitive fields where appropriate, role-based permissions, monitoring, and service-provider controls. No system is perfectly secure, so you should use strong passwords, protect Atrium links, and grant collaborator access carefully.
10. Your Choices And Rights
Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. California residents may also have rights to know, delete, correct, opt out of sale or sharing, and not be discriminated against for exercising rights. Zaiya does not sell or share personal information for cross-context behavioral advertising.
To make a privacy request, contact hello@zaiya.studio. We may need to verify your identity before fulfilling a request.
11. Cookies
Zaiya uses essential cookies and similar technologies for authentication, session management, security, workspace routing, and product functionality. We may also use limited analytics to understand aggregate usage and improve the Service.
12. International Transfers
The Service and its providers may process information in the United States, Canada, and other locations where our providers operate. When required, we rely on contractual safeguards or other lawful transfer mechanisms.
13. Children
Zaiya is not directed to children under 16 and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact us so we can take appropriate steps.
14. Changes To This Policy
We may update this Privacy Policy from time to time. The "Last updated" date shows when the latest version took effect. Material changes may be communicated by email, in-app notice, or posting on this page.
15. Contact
Questions or requests about this Privacy Policy can be sent to hello@zaiya.studio.
This policy should be reviewed by counsel for your operating entity, jurisdiction, and commercial launch requirements.