Last updated 10 May 2026

Privacy policy

This policy explains what personal information Zillo collects, how we use it, and the rights you have under Australian privacy law, NZ privacy law, and equivalent laws elsewhere. We try to write privacy policies you’d actually want to read.

1. Who this covers

This policy applies to two groups of people: merchants who use Zillo to sell things, and customers who buy things on a merchant’s storefront. The relationship is different in each case.

For merchants, Zillo is the controller of your personal data: you signed up directly with us. For customers, the merchant you bought from is the controller; Zillo is a processor acting on their behalf.

2. What we collect from merchants

When you create a Zillo merchant account, we collect:

  • Identity: name, email, business name, country, time zone.
  • Authentication: hashed passwords, device sessions, IP address at sign-in.
  • Storefront content: the prompts you write, the products you create, the brand assets you upload.
  • Communication: messages you send to our AI assistant, support requests, feedback.
  • Stripe linkage: the connected account ID, charge status, and payout status. We do not see card numbers, bank account numbers, or KYC documents. Those live with Stripe.

3. What customers’ data we receive on a merchant’s behalf

When a customer buys something on a merchant’s storefront, the merchant collects:

  • Order details: name, email, optional phone, items purchased, price, billing/shipping address if relevant.
  • Customer questions: dietary requirements, skill levels, custom intake fields the merchant has set up.
  • Payment metadata: the last four digits of the card, card brand, country. The full card number and CVC stay with Stripe and never reach our servers.
  • Redemption events: when a customer redeems a ticket, voucher, gift card, or membership, we record the time, location (if a staff app scan), and the staff member who processed it.

We process this data as a processor on the merchant’s behalf. The merchant decides retention, marketing communications, and what to do with the data. We provide the controls; we don’t use the customer data for our own purposes.

4. How we use merchant data

  • To run your account, your storefront, and your payouts.
  • To answer your questions through the AI assistant.
  • To detect fraud and abuse on the platform.
  • To send service emails (receipts, payout notifications, security alerts) and, with your consent, product updates.
  • In aggregated and anonymised form, to improve Zillo. We do not train AI models on individual prompts that contain customer personal data.

5. AI processing

Zillo uses third-party AI providers (currently Anthropic) to power the AI builder and support assistant. When you submit a prompt or ask a support question, the relevant text is sent to the AI provider’s API. The AI provider processes the text to produce a response and returns it to us.

We have a data processing agreement with our AI provider that prohibits the use of your prompts to train their public models. Prompts may be retained briefly by the provider for abuse detection and then deleted on the provider’s schedule.

If you’d rather your prompts not be processed by our AI provider, you can disable AI features in your dashboard. Some functionality (the AI builder, AI support) won’t work in that mode.

6. Sharing

We share data only with parties needed to run Zillo:

  • Stripe for payment processing, payouts, and dispute handling.
  • Anthropic for AI generation and AI support.
  • Resend for transactional email (receipts, sign-up confirmations).
  • AWS for cloud hosting and our database (Supabase, hosted on AWS).
  • Unsplash when the AI fetches stock placeholder imagery for your storefront.

We do not sell personal data. We do not share data with advertising networks.

7. International transfers

Zillo is hosted in Australia. Some processors (Stripe, Anthropic, Resend, Unsplash) are based in or use infrastructure in the United States and the European Economic Area. Where data is transferred internationally, we rely on standard contractual clauses and the adequacy decisions applicable to those transfers.

8. Retention

  • Merchant accounts: retained for as long as the account is open. After closure, customer-export-ready data is retained for 90 days, then deleted from active systems and from backups within a further 35 days.
  • Customer order data: retained as long as the merchant’s account is open, plus the 90-day window after closure. Merchants can delete individual customer records on request from their dashboard.
  • Financial and tax records: retained for at least seven years to meet Australian statutory record-keeping obligations (and the equivalent NZ obligations where they apply).
  • Support chat logs: retained for two years for quality and abuse review, then deleted.

9. Your rights

Under the Australian Privacy Act 1988 and the NZ Privacy Act 2020 (and equivalent laws if you’re elsewhere), you can:

  • Ask what personal information we hold about you.
  • Ask us to correct anything that’s wrong.
  • Ask us to delete your data, where we don’t have a legal reason to keep it.
  • Object to certain processing (for example marketing emails, where there’s an unsubscribe link in every one).
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC), or with New Zealand’s Office of the Privacy Commissioner if you’re a NZ resident, if you’re unhappy with how we’ve handled your data.

To exercise any of these, ask the AI inside your dashboard or email privacy@zillo.app. We respond within 30 days, in line with the Australian Privacy Act and within 20 working days for NZ requests under the NZ Privacy Act.

10. GDPR-style rights

If you’re in the EU or UK, you also have rights to data portability, restriction of processing, and to object to automated decision-making. Email privacy@zillo.app and we’ll help.

11. Security

We use TLS for all traffic, hash passwords with industry-standard algorithms, isolate customer data via row-level security in our database, and review access regularly. Stripe handles card data under PCI DSS Level 1; we never see full card numbers. We’ll notify affected merchants without undue delay if a security breach affects your data.

12. Children

Zillo is intended for adults running businesses. We don’t knowingly collect personal information from children under 13. If you think we have, contact us and we’ll delete it.

13. Changes

We’ll update this policy as the product evolves. Material changes will be notified at least 30 days in advance, by email and a banner in your dashboard.

14. Contact

Privacy questions: privacy@zillo.app. Postal: Pocket Labs Pty Ltd (ACN 695 191 621), Sydney, New South Wales, Australia.