Privacy Policy

zeldaLabs LLC (“zeldaLabs”, “we”, “our”, “us”) is committed to safeguarding the privacy and security of the personal data entrusted to us by visitors to zeldalabs.com, customers of our products and services, Lab Partners, podcast listeners, and other contacts.

This Privacy Policy describes how we handle personal data in connection with our website, AI products (including AskZelda), the townHall Sessions podcast, the Lab Partners programme, and the services we provide (the “Services”).

This Privacy Policy is aligned with applicable data protection laws, including:

• UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL)
• EU General Data Protection Regulation (Regulation (EU) 2016/679) and UK GDPR, where applicable to visitors located in the EEA or the United Kingdom
• Any other regulations applicable to the jurisdictions in which we operate or to which the Services are directed

By using the Services, you acknowledge the practices described in this Policy. Where the law requires consent, we will ask for it explicitly (for example, before loading non-essential cookies or before subscribing you to our newsletter).

1. Categories of Data Processed

Depending on how you interact with us, we may process the following categories of data:

2. Purpose and Legal Basis of Processing

zeldaLabs processes personal data only for the following purposes, and on the legal bases indicated:

• Service delivery — to operate the website, AskZelda, and our products and services, including answering your questions and managing the Lab Partners programme. Basis: performance of a contract or pre-contractual steps; legitimate interests.
• Communications — to reply to enquiries, send transactional and programme emails, and (with your consent) deliver newsletter content. Basis: consent for marketing; legitimate interests for transactional replies.
• Improvement and research — to understand how the site and AskZelda are used and to improve them. Where we use AskZelda transcripts for quality review or model improvement, we work with de-identified data where practicable. Basis: legitimate interests; consent for analytics cookies.
• Compliance and security — to prevent abuse, protect against fraud and unauthorised access, and comply with legal obligations. Basis: legitimate interests; legal obligation.

3. Data Sharing and Disclosure

zeldaLabs does not sell personal data and does not share it with advertising networks. We share data only with the following categories of recipients:

• Service providers acting on our behalf, including: Vercel (hosting); Amazon Web Services (DynamoDB, region eu-north-1, used for Lab Partners and newsletter records); Google LLC (Gemini API for generating AskZelda answers, and Google Analytics for site usage measurement subject to your consent); Google Workspace / Gmail (for transactional and reply emails).
• Legal authorities, where disclosure is required by law, regulation, or judicial order applicable to us.
• Successors in interest, in connection with a merger, acquisition, or transfer of assets, subject to equivalent confidentiality safeguards.

All processors are bound by contractual obligations equivalent to those required of zeldaLabs under applicable data protection law.

4. Data Protection and Security

zeldaLabs maintains administrative, technical, and organisational safeguards designed to:

• Protect personal data against unauthorised access, alteration, loss, or disclosure.
• Restrict access to personal data to authorised personnel only, on a need-to-know basis.
• Encrypt data in transit (TLS) and at rest where supported by the underlying platform.

In the event of a confirmed data breach affecting personal data, zeldaLabs will notify affected individuals and, where required, the competent supervisory authority, within the timeframes required by applicable law.

5. Data Retention and Deletion

• Contact and Lab Partners submissions: retained for up to 24 months after last contact, then deleted unless we have a continuing contractual or legal reason to keep them.
• AskZelda transcripts: retained for up to 90 days for quality, abuse, and safety review, then deleted. De-identified extracts may be retained longer for product improvement.
• Newsletter subscribers: retained until you unsubscribe via the link in any email or at /unsubscribe.
• Analytics data: retained in Google Analytics for up to 14 months at the user-level; aggregated reports may be retained longer.
• Server and error logs: retained for up to 90 days for operational and security purposes.

6. Rights of Users

Subject to applicable law, you have the right to:

• Access and obtain a copy of the personal data we hold about you.
• Request rectification or correction of inaccurate data.
• Request deletion of personal data, subject to contractual or legal retention requirements.
• Object to or restrict processing carried out under legitimate interests.
• Request portability of data you provided to us in a structured, commonly used format.
• Withdraw consent at any time, where consent is the legal basis — including cookie consent, which you can revoke at any moment via the “Cookie settings” link in the footer.

Requests may be submitted by emailing townsquare@zeldalabs.com. You also have the right to lodge a complaint with a supervisory authority in your country of residence.

7. Cookies

For details on the specific cookies this site uses and how to change your choice, see the Cookie Policy.

8. International Data Transfers

Some of our service providers are located outside the United Arab Emirates — in particular within the European Economic Area and the United States. Where personal data is transferred internationally, zeldaLabs relies on the providers’ standard contractual clauses, equivalent safeguards, or recognised adequacy decisions, in line with applicable law.

9. Children's Data

The Services are not directed at children. We do not knowingly collect personal data from individuals under 16 years of age. If we become aware that we have collected such data, we will delete it promptly.

10. Policy Updates

This Privacy Policy may be revised from time to time to reflect changes in law, technology, or our practices. Material updates will be reflected in the “Last updated” date at the top of this page and, where appropriate, communicated through the website or by email.

11. Contact Details

For all privacy-related queries, rights requests, or concerns, please contact: