Privacy Policy
Effective Date: February 14, 2026
Last Updated: February 14, 2026
Pathnomic Labs FZ-LLC ("Pathnomic Labs," "Company," "we," "us," or "our"), a company registered in the Ras Al Khaimah Economic Zone (RAKEZ), United Arab Emirates, with its registered office at Compass Building – Al Hulaila, Al Hulaila Industrial Zone-FZ, Ras Al Khaimah, 16111, United Arab Emirates, is committed to protecting your privacy.
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Zeugma mobile application ("App") and any associated services (collectively, the "Services"). It also describes your rights regarding your personal data.
By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Services.
1. Information We Collect
1.1. Information You Provide Directly
| Data Category | Examples | Purpose |
|---|---|---|
| Account Information | Name (first and last), email address, password (hashed), date of birth | Account creation, authentication, age verification |
| Profile and Onboarding Data | Gender/identity, profession, lifestyle activities, personal goals, aspirations, personality quiz responses | Personalizing AI advisor interactions and wellness recommendations |
| Chat and Conversation Data | Text messages, voice transcriptions, conversation history with AI advisors | Providing and improving AI-powered wellness guidance |
| Voice Data | Audio recordings via microphone (processed for speech-to-text) | Enabling voice-based interactions with AI advisors |
| Preferences | Notification settings, daily learning goals, reminder times, language preferences, word highlighting preferences | Customizing your experience |
| Feedback | Messages and feedback submitted through the App | Improving our Services |
| Payment-Related Identifiers | Subscription status, plan type (we do not directly collect payment card details) | Managing subscription access and features |
1.2. Information Collected Automatically
| Data Category | Examples | Purpose |
|---|---|---|
| Device Information | Device type, operating system version, device name, internal build ID, unique device identifier | Service delivery, security, troubleshooting |
| App Usage Data | Features accessed, session duration, interaction patterns, screen views, button taps | Improving the App experience |
| Analytics Data | Event-level usage metrics (e.g., sign-in method, settings changes, feature engagement, onboarding progress) | Product analytics and optimization |
| Push Notification Tokens | Expo push notification tokens | Delivering push notifications |
| Timezone Data | Device timezone offset | Scheduling reminders and notifications |
1.3. Information from Third-Party Services
| Source | Data Received | Purpose |
|---|---|---|
| Google Sign-In | Name, email address, profile picture, Google account identifier | Account authentication |
| Apple Sign-In | Name, email address (may be relay address), Apple user identifier | Account authentication |
| RevenueCat | Subscription status, purchase history, entitlements | Subscription management |
2. How We Use Your Information
We process your personal information for the following purposes:
2.1. Service Delivery
- Providing personalized AI wellness guidance through advisor interactions
- Processing your voice inputs and generating AI responses
- Maintaining your conversation history for continuity
- Managing your account, preferences, and settings
- Delivering push notifications and reminders
2.2. Personalization
- Tailoring AI advisor responses based on your profile, goals, and conversation history
- Adapting content to your preferred language
- Customizing your experience based on your onboarding responses
2.3. Subscription and Quota Management
- Verifying subscription status and entitlements
- Enforcing usage quotas (free tier: daily message limits and monthly token limits)
- Processing promotional codes
2.4. Analytics and Improvement
- Understanding how users interact with the App
- Identifying and fixing bugs, errors, and performance issues
- Developing new features and improving existing ones
- Conducting aggregate analysis of usage trends
2.5. Communication
- Sending service-related notifications (e.g., account changes, security alerts)
- Delivering push notifications for reminders and updates
2.6. Safety and Security
- Detecting and preventing fraud, abuse, and unauthorized access
- Enforcing our Terms of Service
- Complying with legal obligations
3. Third-Party AI Processors
3.1. Zeugma's AI-powered features are delivered using a combination of third-party AI providers, chosen on a per-task basis to deliver the best response for each use case. All providers act solely as data processors on our behalf:
| Provider | Models | Purpose |
|---|---|---|
| OpenAI | GPT (chat), Whisper (speech-to-text) | AI advisor replies, horoscope generation, personality insights, nutrition guidance, voice transcription |
| Gemini (chat/LLM), Gemini TTS | Chat responses, alternative LLM routing, text-to-speech voice playback | |
| Anthropic | Claude (chat) | AI advisor replies for tasks where Claude's capabilities are best suited |
All providers process your data under their standard API Data Processing terms. None of these providers use content submitted via our API calls to train their foundation models, and none retain request content beyond the short operational window required to fulfill the request. References: OpenAI API data usage, Google Gemini API terms, and Anthropic API privacy.
3.2. All AI processing is initiated from our secure backend. The mobile app never communicates directly with an AI provider.
3.3. Data sent to an AI provider, by feature (minimum required only):
| Feature | Data Transmitted |
|---|---|
| AI chat with advisors | Your typed message, recent conversation history for context, and any image or PDF you choose to attach in the chat |
| Voice messages | The audio you chose to send (transcribed, then discarded by the provider) |
| Text-to-speech playback | The message text to be spoken aloud |
| Daily horoscope | Birth date, zodiac sign, and any wellness goals you voluntarily entered during onboarding |
| Nutrition guidance | Dietary preferences and meal descriptions you chose to share |
| Personality insights | Your answers to self-discovery questions |
3.4. Data we never send to AI providers: email address, password, authentication tokens, device identifiers, precise location, contacts, photo library, or payment information.
3.5. AI features are user-initiated. No data is transmitted to an AI provider unless you actively use an AI feature.
3.6. We retain your conversation history in our own database to provide continuity across sessions, allow advisors to reference prior context (the advisor's "memory" of your preferences), and let you review past conversations. You can delete individual chats or your stored memory at any time in Settings, or delete your account to remove all AI-related data.
3.7. We log AI usage metadata (token counts, model name, timestamps) for quota enforcement and service monitoring. These logs do not contain the content of your conversations.
3.8. We do not sell, monetize, or share your personal data with any third parties outside the processors listed in Section 4.1.
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data.
We may share your information with the following categories of recipients:
4.1. Service Providers
| Provider | Service | Data Shared |
|---|---|---|
| OpenAI | AI chat, speech-to-text (Whisper) | Message content, voice audio, images/PDFs the user attaches |
| Google AI (Gemini) | AI chat, text-to-speech | Message content, text for voice playback |
| Anthropic (Claude) | AI chat | Message content for tasks routed to Claude |
| Google Cloud | Translation | Text content |
| MongoDB Atlas | Database hosting | All stored user data (encrypted) |
| Amazon Web Services (AWS) | Cloud infrastructure | Data processed through our servers |
| Cloudflare R2 | File and media storage | Uploaded media files |
| RevenueCat | Subscription and payment management | User ID, subscription status |
| Mixpanel | Product analytics | Anonymized usage events, user ID |
| Ably | Real-time messaging infrastructure | Chat messages in transit |
| Expo | Push notification delivery | Push tokens, notification content |
| Mailjet | Transactional email | Email address, notification content |
| Heroku | Application hosting | Data processed through our servers |
All service providers are contractually obligated to process your data only as instructed by us and to implement appropriate security measures.
4.2. Legal and Regulatory Disclosures
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to:
- Comply with applicable laws or regulations
- Protect our rights, property, or safety, or that of our users or the public
- Detect, prevent, or address fraud, security, or technical issues
- Respond to a lawful request from public authorities
4.3. Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred to the successor entity. We will notify you of any such transfer and any changes to this Privacy Policy.
5. Data Storage and Security
5.1. Your data is stored on servers operated by our cloud service providers (MongoDB Atlas, AWS, Heroku, Cloudflare R2). Our primary data processing occurs through infrastructure located in the United States and Europe.
5.2. We implement industry-standard technical and organizational security measures to protect your data, including:
- Encryption of data in transit (TLS/SSL)
- Encryption of data at rest
- Secure authentication using JWT tokens and OAuth 2.0
- Hashed password storage (passwords are never stored in plaintext)
- Regular security assessments and monitoring
- Access controls limiting employee access to personal data on a need-to-know basis
5.3. Local data stored on your device (via MMKV secure storage) includes authentication tokens and cached preferences. This data is stored in your device's secure storage area.
5.4. While we strive to use commercially acceptable means to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
6.1. We retain your personal data for as long as your account is active and as necessary to provide the Services.
6.2. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Conversation history | Until account deletion |
| AI usage logs (metadata) | 12 months from creation |
| Analytics data | 24 months from collection |
| Voice recordings | Processed in real-time and not persistently stored; transcriptions may be retained as part of conversation history |
| Device and push tokens | Until account deletion or token invalidation |
6.3. Upon account deletion, we will delete or anonymize your personal data within thirty (30) days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).
6.4. Anonymized or aggregated data that cannot be used to identify you may be retained indefinitely for analytical and research purposes.
7. International Data Transfers
7.1. Pathnomic Labs is based in the United Arab Emirates. Your personal data may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers maintain infrastructure.
7.2. When transferring data internationally, we ensure that appropriate safeguards are in place, including:
- Contractual obligations with service providers requiring them to protect your data
- Compliance with applicable data protection regulations in both origin and destination jurisdictions
- Use of service providers that maintain industry-standard security certifications
7.3. By using the Services, you consent to the transfer of your data to countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
8.1. Right of Access — You may request a copy of the personal data we hold about you.
8.2. Right to Rectification — You may update or correct inaccurate personal data through the App's settings (Personal Info screen) or by contacting us.
8.3. Right to Deletion — You may delete your account and all associated personal data at any time through the App's settings. You may also request deletion by contacting us.
8.4. Right to Data Portability — You may request your personal data in a structured, commonly used, and machine-readable format.
8.5. Right to Restrict Processing — You may request that we limit the processing of your personal data in certain circumstances.
8.6. Right to Object — You may object to the processing of your personal data for certain purposes, including direct marketing.
8.7. Right to Withdraw Consent — Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within thirty (30) days. We may ask you to verify your identity before processing your request.
For Users in the European Economic Area (EEA)
If you are located in the EEA, your personal data is processed in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing include:
- Performance of a contract (Art. 6(1)(b)) — to provide the Services you have requested
- Legitimate interests (Art. 6(1)(f)) — for analytics, security, and service improvement, where our interests do not override your fundamental rights
- Consent (Art. 6(1)(a)) — for optional features such as push notifications and voice interactions
You have the right to lodge a complaint with your local data protection supervisory authority.
For Users in the United Arab Emirates
Your personal data is processed in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL") and its implementing regulations. You have the right to access, correct, and request deletion of your personal data, as well as the right to object to processing in certain circumstances.
9. Children's Privacy
9.1. The Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.
9.2. If we become aware that a child under 13 has provided us with personal information without parental consent, we will take steps to delete such information promptly.
9.3. If you believe that a child under 13 has provided us with personal information, please contact us at [email protected].
10. Push Notifications
10.1. With your consent, we may send push notifications to your device for reminders, wellness updates, and service-related communications.
10.2. You can manage push notification preferences within the App's settings or through your device's system settings.
10.3. Even if you disable push notifications, we may still send essential service notifications related to your account security or Terms of Service changes.
11. Analytics and Tracking
11.1. We use Mixpanel for product analytics. Mixpanel collects usage events tied to your user identifier to help us understand feature engagement, onboarding completion, and user behavior patterns.
11.2. Analytics data is used solely for product improvement and is not shared with advertisers or used for targeted advertising.
11.3. You may request that we cease collecting analytics data associated with your account by contacting us at [email protected].
12. Microphone and Speech Data
12.1. The App requests access to your device's microphone to enable voice-based interactions with AI advisors via speech recognition.
12.2. Microphone access is optional. You can use the App with text-based input only.
12.3. Voice data is transmitted to our servers and processed through OpenAI's Whisper speech-to-text service to convert speech to text. Audio is processed in real-time and is not persistently stored on our servers or retained by OpenAI beyond the request.
12.4. The resulting text transcriptions may be retained as part of your conversation history.
12.5. You can revoke microphone access at any time through your device's system settings.
13. Third-Party Links and Services
13.1. The App may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties.
13.2. We encourage you to review the privacy policies of any third-party services you access through the App.
14. Changes to This Privacy Policy
14.1. We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.
14.2. We will notify you of material changes through the App (via in-app notification or push notification) or via email to the address associated with your account.
14.3. The "Last Updated" date at the top of this Policy indicates when it was last revised. Your continued use of the Services after any changes constitutes your acceptance of the updated Privacy Policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Pathnomic Labs FZ-LLC Compass Building – Al Hulaila Al Hulaila Industrial Zone-FZ Ras Al Khaimah, 16111 United Arab Emirates
Privacy Inquiries: [email protected]
General Legal: [email protected]
For data subject access requests, please email [email protected] with the subject line "Data Subject Request" and include sufficient information to verify your identity.