Privacy Policy

1. Who We Are and What This Policy Covers

This Privacy Policy applies to SZLK.LTD, the SZLKPassport account center, and related products and services within the SZLK ecosystem, including Mystic East, Cyannav, Possibility, SeeVoid, and their related websites, applications, account systems, payment pages, support channels, and cross-product identity mapping features.

If a specific product, campaign, form, or checkout flow provides an additional privacy notice, that supplemental notice will control for that specific context. Any matter not covered by a supplemental notice remains governed by this Policy.

2. Information We Collect

• Account and identity information, such as your name, email address, login credentials, email verification status, session identifiers, product link records, and cross-product identity mapping records.
• Usage and device information, such as IP address, browser and device details, access time, request logs, security events, authentication and risk-control logs, page interaction data, and error records.
• Business content you submit, such as text, project materials, keywords, preferences, strategy inputs, creative assets, support requests, and feedback submitted within our products.
• Payment and transaction information, such as subscription status, order identifiers, billing status, payment amount, taxes, and Stripe customer or subscription identifiers. We generally do not store full payment card numbers ourselves.
• AI and workflow-related information, such as prompts, context, uploaded content, generated output, and quality-diagnostic data associated with generation, analysis, search, distribution, or recommendation features.

3. How We Obtain Information

• Directly from you, for example when you register, purchase, submit a form, contact support, or enter information into a product.
• Automatically when you use our services, for example through logs, sessions, risk controls, device signals, and performance data.
• From third parties or integrated flows you authorize, such as payment confirmations, authentication state, and cross-product Passport link or handoff records.

4. Why We Use Information

• To provide, maintain, and improve our services, including registration, login, identity mapping, content generation, payment processing, notifications, customer support, and operations.
• To protect users and the platform, including identity verification, fraud detection, rate limiting, anomaly detection, access control, auditing, and dispute handling.
• To perform our contract with you, such as activating accounts, processing subscriptions, taking payment, responding to support requests, and delivering generated content or analysis results.
• To carry out reasonable product improvement, performance optimization, troubleshooting, capacity planning, and service measurement.
• To comply with legal, tax, accounting, recordkeeping, and rights-protection obligations where permitted or required by law.

5. Legal Bases for Processing

If you are located in the United Kingdom, the European Economic Area, or another jurisdiction with similar rules, we generally process personal data under one or more of the following bases: performance of a contract with you, compliance with legal obligations, our legitimate interests where they are not overridden by your rights, and consent where consent is required.

Where consent is required, you may withdraw it through product settings, browser settings, or by contacting us. Withdrawal usually does not affect processing carried out before withdrawal.

6. Who We Share Information With

• Infrastructure and hosting providers, such as Cloudflare, for website delivery, Workers, D1, R2, access control, and security functions.
• Payment providers, such as Stripe, for subscriptions, payments, refunds, tax handling, and payment-related risk controls.
• Email and notification providers used to send account verification, password reset, and system notices.
• AI, search, voice, video, or automation vendors. Depending on the product you use, these may include OpenRouter, Tavily, ElevenLabs, Runway, DeepSeek, Exa, and similar providers.
• Professional advisers, auditors, regulators, courts, or law-enforcement authorities where disclosure is reasonably necessary to comply with law, resolve disputes, or protect rights.

7. SZLK Passport and Cross-Product Identity

SZLK uses Passport as a unified account and product-mapping layer. To preserve a continuous identity across products, reduce repeated registration, and support cross-product flows, we may process your email address, unified user identifier, product account identifiers, verification state, link records, and necessary handoff data.

Passport is intended to unify identity, not automatically merge every business entitlement. Access rights, subscriptions, credits, content, and professional functions may still be managed separately by each product.

8. How Long We Retain Information

We retain information for as long as reasonably necessary to fulfill the purposes described in this Policy, taking into account account status, contractual commitments, billing and tax requirements, dispute risk, security-audit needs, and legal obligations.

When information is no longer needed, we delete, anonymize, or isolate it where appropriate. We may still retain a minimal subset of records where reasonably necessary for legal, financial, compliance, anti-fraud, or dispute-handling purposes.

9. International Transfers

Because we use cloud infrastructure, payment, communications, and AI providers, your personal data may be transferred to and processed in jurisdictions outside your home country or region.

Where required by law, we use appropriate transfer safeguards, such as contractual protections, vendor standard terms, access controls, and minimum-necessary handling.

10. Your Rights

• Depending on applicable law, you may have rights of access, correction, deletion, restriction, objection, portability, withdrawal of consent, and complaint.
• If you are located in California or another jurisdiction with similar protections, you may also have rights to know, delete, correct, or limit certain uses of sensitive personal information where required by law.
• You may submit requests through passport@szlk.ai. To protect account security, we may require you to verify your identity before we process certain requests.

11. Cookies, Sessions, and Similar Technologies

We use necessary cookies, session identifiers, and similar technologies to maintain login state, provide security, remember language or core preferences, and support the operation of our services. Depending on the product, we may also use limited performance or diagnostic technologies.

You can manage certain cookies through your browser settings, but disabling necessary technologies may prevent login, payment, account-security functions, or core product features from working correctly.

12. Security Measures

We use technical and organizational measures appropriate to the business risk, including access control, least privilege, password hashing, session management, rate limiting, audit logging, environment separation, and vendor security configurations.

No method of transmission or storage is absolutely secure. If we identify a security incident that may materially affect your rights or interests, we will take notice and mitigation steps in accordance with applicable law and the practical level of risk.

13. Children

SZLK services are designed for adults, professionals, or business users. Minors should not create accounts, make purchases, or submit personal data to us without the consent of a parent or legal guardian. If you believe a minor has provided personal data without authorization, please contact us promptly.

14. Changes to This Policy

We may update this Privacy Policy to reflect service changes, regulatory requirements, or risk-control needs. When we do, we will revise the “Last Updated” date on this page. Where required by law or where changes are material, we may also notify you by email, in-product notice, or account message.