Privacy Policy

Zephyr Advisory Group LLC ("Company," "we," "us," or "our") is the data controller for personal information collected through Lokavine ("Service"). Lokavine is a product of Zephyr Advisory Group LLC, accessible at lokavine.com and zephyradvisorygroup.com.

2.1 Information You Provide

• Account information: email address and name. We use passwordless email magic links for authentication — we do not collect or store passwords.
• Business information: company name, address, city, state, phone number, and website URL.
• Content: blog post approvals, edits, and other content you submit or approve through the Service.

2.2 Information Collected Automatically

• Usage data: pages visited, features used, and interaction patterns.
• Device information: browser type, operating system, and IP address.
• Cookies: session and authentication cookies (see our Cookie Policy).

2.3 Information from Third Parties

• Google OAuth: when you connect your Google account, we receive your Google profile information and store encrypted OAuth tokens (AES-256-GCM) to access Google Search Console and Google Business Profile on your behalf.
• Google Search Console: search performance metrics (clicks, impressions, rankings) for your connected properties.
• AI search engines: when AI Search Tracking is enabled, we receive search responses from AI providers (Perplexity and Anthropic Claude) that may contain mentions of your business, including text snippets and cited URLs.
• Stripe: we store Stripe customer IDs and subscription information. We do not store your full credit card number; payment details are handled entirely by Stripe.

• To provide and maintain the Service, including generating AI-powered blog content.
• To monitor your business visibility in AI search engines by sending search queries containing your business name, city, state, and industry to AI search providers.
• To process payments and manage subscriptions.
• To communicate with you about your account, including transactional emails.
• To connect and interact with your Google Business Profile and Search Console.
• To improve the Service and develop new features.
• To comply with legal obligations.

We share data with the following third-party services as necessary to operate the Service:

• Supabase: database hosting and authentication. Data is stored with row-level security (RLS) enabled.
• Stripe: payment processing. Subject to Stripe's Privacy Policy.
• Google: OAuth authentication, Search Console, Business Profile, and Places APIs. Subject to Google's Privacy Policy.
• Anthropic (Claude): AI content generation and AI search visibility monitoring. Your business information is sent to Anthropic to generate blog content; when AI Search Tracking is enabled, your business name, city, state, and industry are also sent to Claude (with web search) to check whether your business is recommended. Subject to Anthropic's Privacy Policy.
• Resend: transactional email delivery.
• Perplexity: AI search visibility monitoring. When enabled, your business name, city, state, and industry are sent to Perplexity to check whether AI search engines mention your business. Subject to Perplexity's Privacy Policy.
• Brave Search: industry research for content generation.
• Inngest: background job orchestration for scheduled tasks such as content generation, review sync, and AI search tracking.
• Vercel: application hosting and deployment.
• Upstash: Redis-based rate limiting. Temporarily stores IP addresses and request counters to protect the Service from abuse.
• Sentry: error monitoring. Collects error reports and limited diagnostic information (such as URL path and browser type) to help us fix bugs. Subject to Sentry's Privacy Policy.

We implement appropriate technical and organizational measures to protect your personal information, including:

• AES-256-GCM encryption for stored Google OAuth tokens.
• Row-level security (RLS) policies on our database to ensure data isolation between organizations.
• HTTPS encryption for all data in transit.
• Secure session management via Supabase Auth.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: request correction of inaccurate personal information.
• Deletion: request deletion of your personal information.
• Portability: request a copy of your data in a portable format.
• Objection: object to certain processing of your personal information.

To exercise any of these rights, contact us at privacy@zephyradvisorygroup.com.

If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of your personal information. We do not sell your personal information. To exercise your CCPA rights, contact us at privacy@zephyradvisorygroup.com.

If you are located in the European Economic Area, our legal bases for processing your personal information include: performance of a contract (providing the Service), legitimate interests (improving the Service and communicating with you), and consent (where applicable). You have the right to lodge a complaint with your local data protection authority.

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete that information promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Zephyr Advisory Group LLC
Email: privacy@zephyradvisorygroup.com
Website: zephyradvisorygroup.com