ZenoPay is a payment intelligence platform operated by Huit.AI, Inc., based in Anchorage, Alaska. We provide payment orchestration, autonomous decision-making, and revenue intelligence services to businesses ("Customers"). References to "we," "us," or "our" refer to Huit.AI, Inc.
For privacy inquiries, contact us at derek@huit.ai.
ZenoPay operates in a B2B context. The information we handle falls into two distinct categories:
Customer Account Information. Information provided by businesses that access ZenoPay, including contact names, business email addresses, company names, billing information, and API credential records. This information is used to administer accounts and provide the Services.
Customer Payment Data (Data Processed on Behalf of Customers). When Customers activate the ZenoPay platform, the system processes payment-related data on their behalf, which may include:
| Data Type | How It Is Handled |
|---|---|
| Payment method tokens | Stored encrypted (AES-256-GCM). Raw card numbers (PANs) are never stored. |
| Transaction records | Stored per-tenant with row-level security. Used for audit logging and rail performance analysis. |
| Behavioral signals | Usage patterns used by the autonomous brain for churn scoring and upgrade detection. Stored per-tenant, not shared across tenants. |
| Fraud signals | Anonymized indicators (card BIN prefixes, IP ranges) may be shared across tenants as part of the cross-tenant fraud network, without any personally identifying information. |
| Audit log entries | Natural-language records of autonomous decisions. Append-only, immutable. Accessible to the Customer for compliance review. |
| Consent records | Timestamped records of customer utterances captured as payment authorization. Single-use with 30-minute expiry. |
ZenoPay is the data processor for Customer Payment Data. The Customer is the data controller and is responsible for ensuring they have a lawful basis to process their end-customers' data and to share it with ZenoPay for processing.
We use Customer Account Information to:
We process Customer Payment Data solely to:
We do not sell Customer data or Customer Payment Data to third parties. We do not use Customer Payment Data for advertising.
Each Customer's data is isolated at the database level using row-level security. One Customer cannot access another Customer's data. The only exception is the anonymized cross-tenant fraud signal network, which shares indicator types (card BIN prefixes, IP ranges) without any customer-identifying or end-customer-identifying information.
ZenoPay routes transactions to third-party payment processors on your behalf. These processors receive the payment data necessary to execute transactions under their own privacy policies and terms. Current payment rail integrations include Stripe, Authorize.net, Adyen, Braintree, GoCardless, Checkout.com, and Coinbase Commerce.
We use Supabase for database infrastructure and Vercel for hosting. Both operate under their own privacy and security certifications. We do not use these providers to process your data beyond what is necessary to provide the ZenoPay platform.
We use Anthropic's Claude API to power autonomous decision-making. Decision inputs may include anonymized transaction context. We do not send raw personally identifiable end-customer data to the Anthropic API.
Customer Account Information is retained for the duration of the Customer relationship and for a reasonable period afterward for legal and billing purposes.
Audit log entries are retained indefinitely by design — they are immutable records of autonomous decisions. Customers may request an export of their audit log data at any time.
Payment tokens and transaction records are retained for the duration of the Customer subscription. Upon termination, Customers have 30 days to request a data export before records are deleted.
We implement commercially reasonable technical and organizational security measures, including:
No security measure is perfect. In the event of a data breach affecting your information, we will notify you as required by applicable law.
As a Customer (business account holder), you have the right to:
To exercise any of these rights, contact us at derek@huit.ai.
End-customer rights. If you are an end-customer of a business that uses ZenoPay, your data rights should be exercised directly with that business. ZenoPay will assist Customers in responding to end-customer rights requests as required under applicable data processing agreements.
ZenoPay is operated from the United States. If you access ZenoPay from outside the United States, your information will be transferred to and processed in the United States. We rely on standard contractual clauses and other appropriate safeguards for transfers of data from jurisdictions with applicable data protection laws.
The ZenoPay marketing website (zenopay.ai) does not currently use tracking cookies or third-party analytics. If this changes, this policy will be updated accordingly and notice will be provided.
The ZenoPay dashboard (app.zenopay.ai) uses session-based authentication tokens stored in secure cookies. These are strictly necessary for platform operation and are not used for tracking.
ZenoPay is a business platform not directed at individuals under 18. We do not knowingly collect information from minors.
We may update this Privacy Policy from time to time. We will notify Customers of material changes by email at least 30 days before they take effect. The effective date at the top of this document reflects the most recent revision.
For privacy questions, data requests, or concerns:
Huit.AI, Inc. — ZenoPay
Anchorage, Alaska
derek@huit.ai