Home Services Our Work Partnership Pricing Careers About Me Contact Policies Human-First Policy Refund Policy Terms of Service Privacy & Data Workflow Continuity Request a Build

Privacy & Data Protection

Your Data, Protected

Effective Date: May 7, 2026

Contact: contact@zeitra.ai

Applies to: All clients, partners, employees, and contractors of Zeitra.

1. What This Covers

This policy describes how Zeitra collects, handles, stores, and protects data while delivering automation services. It applies to all client engagements regardless of size or duration. By engaging with Zeitra in any capacity, the client acknowledges and accepts this policy.

2. Data We Collect

We collect only the data needed to deliver the agreed services:

  • Contact information (name, email, phone, business name) for communication and billing
  • Business process details shared during discovery, scoping, and walkthrough sessions
  • Credentials and access tokens needed to build and maintain integrations
  • Workflow execution data and error logs from your live automations
  • Documentation of work performed (Build Logs, Elevation Logs, monthly reports)

We don't collect data beyond what's required for the engagement.

3. Credential Handling

Credentials and access tokens are treated with the strictest controls.

Storage

Credentials are pasted directly into your n8n workspace. We don't store credentials in our systems outside of your n8n.

Transfer

When credentials need to be shared with us, we use OneTimeSecret or an equivalent encrypted single-view link. After transfer, the link self-destructs and we paste credentials directly into n8n.

Shared Account Storage

For shared n8n and Hostinger accounts (not your business platform credentials), we use Bitwarden under encrypted entries scoped to your engagement. Bitwarden is the only system where shared account credentials live.

Post-Project Deletion

Credential transfers via OneTimeSecret are deleted within 24 hours of receipt.

4. Data Retention

We retain engagement records (Build Logs, Elevation Logs, agreements, invoices, walkthrough recordings) for the duration of the engagement and for legal record-keeping after the engagement ends. Records of completed engagements are archived rather than deleted, in accordance with standard business record-keeping.

Live workflow data flows through your n8n workspace and stays under your control. We don't extract, copy, or retain workflow execution data outside your n8n instance.

Upon termination of an engagement, you can request deletion of any client-specific information we've stored outside the formal records archive.

5. Who Has Access

Access is limited to the minimum people needed to deliver services:

  • Consultant: full access to engagement records, communications, and admin access to your n8n workspace
  • Operator: access to your n8n workspace and any sub-user invites granted on your business platforms
  • Internal leadership: access to high-level engagement metadata for oversight

No one outside of these roles has access to your data without your explicit consent.

6. Sub-processors

We use the following third-party services to deliver our work. Each one handles a specific function:

  • Hostinger - VPS hosting for your n8n workspace (you can hold the Hostinger account directly)
  • Stripe - payment processing
  • Google Workspace - email and document storage
  • Notion - internal documentation and client hubs
  • Slack - communication channels
  • Bitwarden - encrypted credential vault for shared account access
  • OneTimeSecret - encrypted credential transfers
  • Cognito Forms - intake forms and Build Log
  • Wave - bookkeeping and invoicing

Each sub-processor has its own privacy policy and data handling standards. We select sub-processors with strong security practices.

7. Data Transfers

Data is transferred between systems only as needed to deliver services. Credentials move through encrypted single-view links. Documentation moves through our internal systems (Google Drive, Notion). Communication moves through Slack, email, or your dedicated channel.

We don't sell, lease, or share your data with third parties beyond the sub-processors listed above.

8. Your Rights

You have the right to:

  • Request a copy of any client-specific information we hold about you
  • Request deletion of personal information not required for legal record-keeping
  • Withdraw consent for any optional data uses
  • Receive notification of any data incident affecting your information

To exercise these rights, contact us at contact@zeitra.ai.

9. Breach Notification

In the event of a security incident affecting client data, we will notify you within 72 hours of discovery, describe what happened, what data was affected, what we're doing to contain it, and what steps you can take.

10. Changes to This Policy

We may update this Policy to reflect changes in practices or legal requirements. The effective date will be updated and material changes will be communicated.

Privacy or data questions: contact@zeitra.ai