ZenithJoin the private beta
Privacy Policy

How we handle your data.

Last updated: 12 May 2026

This privacy notice explains what data we collect when you use Zenith, why we collect it, how it's handled, and the choices you have. We've tried to keep it plain. If anything's unclear, write to us at privacy@cometstudio.io.

1. Who we are

Zenith is operated by Comet Studio Kft., a company registered in Hungary. We are the data controller for the personal data described below. You can reach us by post or email — details at the end of this page.

2. What we collect

Information you give us

  • Account details: your email address, name, and (optionally) profile picture, when you sign up for the private beta or create an account.
  • Workspace content: the design files, tokens, components, and comments you create or upload to Zenith. We treat this as your data; we don't read it for marketing or training.
  • Billing details: if you become a paying customer, our payment provider collects card information directly. We store invoice records and the last 4 digits.
  • Support & correspondence: anything you send us by email, chat, or form.

Information collected automatically

  • Usage data: pages viewed, features used, errors encountered. We use this to understand how Zenith is being used and to fix problems.
  • Device & technical data: browser type, OS, screen size, language, approximate location (from IP), and similar diagnostics.
  • Cookies: small files used to keep you signed in and remember preferences. See Cookies & similar technologies below.

3. Why we use your data

  • To run and improve Zenith — sync your work across devices, render your designs, deliver multiplayer features.
  • To authenticate you, secure your account, and prevent abuse.
  • To respond to your messages and provide support.
  • To send essential transactional emails (account confirmations, billing receipts, security alerts).
  • To send product updates and release notes — only if you've opted in.
  • To comply with legal obligations, including tax and accounting rules.

We rely on these legal bases under GDPR: performance of a contract (running the service for you), legitimate interests (improving the product, fraud prevention), consent (marketing emails, optional cookies), and legal obligation (tax, accounting).

4. Who we share data with

We never sell your data. We share it only with the vendors that help us run Zenith, and only what they need:

  • Hosting & infrastructure: AWS / Cloudflare for compute, storage, and content delivery.
  • Database & sync: Neon (Postgres) and PartyKit for real-time collaboration.
  • Authentication: Better Auth, with email magic links sent via Resend.
  • Analytics: a privacy-focused analytics provider (no cross-site tracking).
  • Payments: Stripe (we never see your card number).
  • Error monitoring: Sentry, for crash reports and diagnostics.

Each of these vendors operates under their own privacy policy and a data processing agreement with us. We also disclose data if legally required (court order, lawful request from authorities).

5. Where your data lives

Our primary infrastructure is hosted in the EU. Some vendors (e.g. Stripe, Sentry) process data outside the EU; in those cases we rely on Standard Contractual Clauses or an equivalent transfer mechanism approved under GDPR.

6. How long we keep it

  • Account & workspace content: as long as your account is active. Deleted projects are recoverable from trash for 30 days, then permanently removed.
  • Billing records: up to 8 years, as required by Hungarian accounting law.
  • Support correspondence: up to 2 years after the last interaction.
  • Backups: rotated out within 35 days.

If you close your account, we delete or anonymise your personal data within 30 days, except where retention is legally required.

7. Your rights

You can:

  • Ask us what data we hold about you.
  • Correct anything that's wrong.
  • Delete your account and your data.
  • Export your data in a portable format.
  • Restrict or object to certain types of processing.
  • Withdraw consent (e.g. unsubscribe from marketing) at any time.
  • Complain to your local data protection authority. In Hungary that's the NAIH.

To exercise any of these, write to privacy@cometstudio.io. We'll respond within 30 days.

8. Cookies & similar technologies

We use cookies for two things: keeping the app working, and (only with your permission) understanding how it's used. Nothing is shared with advertisers.

Essential cookies (always on)

  • Session & CSRF tokens: set when you sign in, so you stay signed in and form posts stay safe. Clearing these signs you out.
  • Preferences: a small record that remembers your theme and editor settings.

Analytics cookies (opt-in)

The first time you visit, a banner asks whether we can load Google Analytics (gtag.js, measurement ID G-RXD3WWF0QQ). If you accept, Google sets a few first-party cookies (_ga, _ga_*) that record anonymised, aggregate visit data: pages viewed, browser, approximate location from a truncated IP, and how you arrived on the site. We use this to understand how people use Zenith and to fix problems. We don't run advertising scripts.

If you reject, no analytics scripts are loaded — none of those cookies get set.

Changing your mind

The choice is stored in your browser. To revisit it, clear site data for this domain — the banner will reappear and you can pick the other option. You can also block cookies entirely in your browser settings.

9. Security

We use industry-standard practices: TLS in transit, encryption at rest, scoped database credentials, signed authentication tokens, and continuous monitoring. No system is perfectly secure, but we take this seriously. If you discover a vulnerability, please disclose responsibly to security@cometstudio.io.

10. Children

Zenith isn't intended for anyone under 16. We don't knowingly collect data from children. If you believe a child has signed up, contact us and we'll remove the account.

11. Changes to this policy

We may update this policy as the product evolves. When we make material changes, we'll let you know — by email, an in-product notice, or both. The “Last updated” date at the top always reflects the current version.

12. Contact

Privacy questions, data requests, or anything in between:

Comet Studio Kft.
privacy@cometstudio.io
cometstudio.io/contact

← Back to Zenith