Privacy Policy
Last Updated: May 15, 2026
Zee Solution LLC ("we," "us," or "our") operates the DocuGuide AI platform at docuguide.zeesolution.net and related subdomains. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our Service.
1. Information We Collect
1.1 Information You Provide (Subscribers)
When you create an account and use our Service, we collect:
| Data | Purpose | Basis |
|---|---|---|
| Email address | Account login, verification, password reset, service notifications | Contract |
| Password (hashed) | Authentication | Contract |
| Business name | Profile display, widget branding | Contract |
| Website URL | Profile display, widget referrer tracking | Contract |
| Uploaded documents (PDF, DOCX, TXT) | Indexed for fast retrieval so the widget can answer questions from your content | Contract |
| Document metadata | File name, size, page count, processing status | Contract |
| Widget configuration | Welcome message, bot name, colors, custom instructions | Contract |
| Payment information | Subscription billing (processed by Stripe; we do not store card numbers) | Contract |
1.2 Information Collected Automatically
| Data | Purpose | Retention |
|---|---|---|
| Session tokens | Authentication | 30 days (auto-deleted when expired) |
| Question counts | Usage tracking and plan limits | Reset monthly |
| Storage usage | Plan quota enforcement | Updated as documents change |
| IP addresses | Rate limiting and abuse prevention (in-memory, not persisted) | Not persisted |
| Basic request logs | Debugging, security monitoring | Rotated regularly |
1.3 End-User Data (Widget Visitors)
When visitors to our Subscribers' websites interact with an embedded DocuGuide AI widget, we process and store:
- Questions submitted through the widget
- Answers generated and returned by the AI
- Source citations (which document and page the answer came from)
- Feedback (thumbs up / thumbs down and optional comments)
- A random session identifier stored in the visitor's browser (sessionStorage) so that follow-up questions within the same visit share conversation context
We do not ask End Users for names, email addresses, or phone numbers through the standard widget. This data is made available to the Subscriber in their dashboard so they can review conversations and improve their documents.
1.4 Landing Page Analytics
Our landing page uses privacy-first analytics that:
- Does not use tracking cookies
- Does not track individual visitors across sites
- Does not collect personally identifiable information
- Collects only aggregate data: page views, referrers, countries, browsers, and device types
2. How We Use Your Information
We use collected information to:
- Provide, operate, and improve the Service
- Process uploaded documents so the widget can find the most relevant passages and answer from your content
- Generate AI answers to end-user questions grounded only in your uploaded documents
- Process payments and manage subscriptions
- Send transactional emails (verification, password reset, billing notifications)
- Monitor usage against plan limits
- Protect against fraud, abuse, and unauthorized access
- Respond to your inquiries and support requests
We will never sell, distribute, or lease your personal information, your documents, or your end-user conversations to third parties unless we have your permission or are required by law to do so.
Zee Solution staff does not read the content of your documents or conversation history in the ordinary course of business. Access is limited to automated processing required to deliver the Service, except where you specifically request support that requires manual review.
We do not use your documents, questions, or generated answers to train any AI model.
3. Third-Party Services
We share limited data with the following service providers, solely to operate the Service:
| Provider Type | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, billing info (card numbers never touch our servers) |
| AI provider | Generating embeddings and answers | Document text (at upload time) and end-user questions plus retrieved chunks (at query time). Content is processed in real time and is not retained by the provider for training. |
| Cloud storage provider | Storing uploaded document files | Encrypted document files |
| Email delivery provider | Transactional email delivery | Email address, message content |
| Hosting provider | Application and database hosting | All account data (encrypted at rest) |
| CDN / DNS | Widget delivery, DNS, landing page analytics | Aggregate page view data (no PII) |
Each provider processes data only as needed to deliver their service and is bound by their own privacy and security commitments. We do not share your data with advertising networks, data brokers, or marketing platforms.
4. Cookies
We use a single essential session cookie ("session") to keep you logged in to the dashboard. This cookie:
- Is httpOnly (not accessible to JavaScript)
- Is secure (transmitted only over HTTPS in production)
- Expires after 30 days
- Contains only a random session token (no personal data)
The embeddable widget uses browser sessionStorage (not a cookie) to hold a random session identifier for the duration of a single browser tab, so that follow-up questions share conversation context. This identifier is cleared when the tab is closed.
We do not use tracking cookies, advertising cookies, or third-party cookies.
5. Data Security
We implement the following security measures to protect your data:
- Passwords are hashed using bcrypt with 12 salt rounds (never stored in plain text)
- Session tokens are generated using cryptographically secure random bytes (256-bit)
- All data in transit is encrypted via HTTPS / TLS
- Document files are stored with encryption at rest in our cloud storage provider
- Database access is restricted and encrypted at rest
- Rate limiting protects against brute-force and abuse attacks
- Stripe webhook signatures are verified to prevent spoofing
- Standard browser security headers are enforced via Helmet
- Expired sessions are automatically purged on a regular schedule
No system is 100% secure, but we work continuously to protect your data and improve our security posture.
6. Data Retention
- Active accounts: Your account information, uploaded documents, and conversation history are stored on our infrastructure for the duration of your subscription, so you can access and use them. Documents are encrypted at rest (see Section 5) and accessed only as described in Section 2.
- Deleted documents: When you delete a document from the dashboard, the original file and its vector index entries are purged within 24 hours.
- Canceled accounts: Account data, remaining documents, and conversation history are retained for 30 days after cancellation, then permanently deleted, except where longer retention is required by law or for fraud prevention.
- Session data: Expired sessions are automatically deleted on a regular schedule.
- Question counts: Reset at the start of each billing period.
7. Your Rights
You have the following rights regarding your personal data:
7.1 All Users
- Access: You may request a copy of all personal data we hold about you.
- Correction: You may update your profile information through the dashboard at any time.
- Deletion: You may delete individual documents, conversation history, or your entire account from the dashboard, or request deletion by contacting us at contact@zeesolution.net.
- Portability: You may request an export of your account data and conversation history in a machine-readable format.
- Opt Out of Marketing: You may opt out of marketing emails at any time. Transactional emails (billing, security, account activity) cannot be opted out of while your account is active.
7.2 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request details about the categories and specific pieces of personal information we collect, the purposes for collection, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Opt Out of Sale: We do not sell your personal information to third parties. As such, there is no need to opt out. However, you may contact us at any time to confirm this.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise any of these rights, contact us at contact@zeesolution.net. We will respond within 45 days.
7.3 European Economic Area, UK, and Switzerland Residents (GDPR)
If you are located in the EEA, UK, or Switzerland, the GDPR or equivalent local laws apply to your personal data. Zee Solution LLC is the data controller.
We process your personal data to provide the Service (including hosting your account and processing your uploaded documents to answer end-user questions), to secure our platform and prevent fraud, and to comply with legal obligations such as tax and accounting. With your consent, we may also send marketing communications or use non-essential cookies. You can withdraw consent at any time.
In addition to the rights in section 7.1, you have the right to access, correct, delete, restrict processing of, port, and object to the processing of your personal data, and to lodge a complaint with your local data protection authority.
Our infrastructure is located in the United States. When personal data is transferred outside the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses and equivalent UK safeguards with our sub-processors. To exercise any GDPR right, contact contact@zeesolution.net. We respond within one month.
7.4 Do Not Sell My Personal Information
Zee Solution LLC does not sell, rent, or trade your personal information, your uploaded documents, or your end-user conversations to any third party for monetary or other valuable consideration. This applies to all users, including California residents under the CCPA.
8. Children's Privacy
The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.
9. International Data Transfers
Our Service is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, which has different data protection laws than your jurisdiction.
For users in the EEA, UK, or Switzerland, transfers are protected by Standard Contractual Clauses (SCCs) and equivalent UK safeguards with our sub-processors. See section 7.3 above for details on your GDPR rights and the supervisory authorities you may contact.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the dashboard at least 30 days before taking effect. The "Last Updated" date at the top of this page indicates when the policy was last revised.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Email: contact@zeesolution.net
Website: zeesolution.net