Last Update: April 14th ,2025 |
Thank you for using Z Chat!
ZHIPU HENGYAO TECHNOLOGY PTE.LTD., along with its affiliates (collectively referred to as “ZHIPU”, “we”, “our”, or “us”), is committed to respecting your privacy and diligently protecting any information we gather from or about you. This Privacy Policy outlines how we process Personal Data that we collect from or about you in connection with your use of our websites, applications, and other services (together referred to as the “Services”).
Please note that this Privacy Policy does not apply to any content we process on behalf of customers using our business offerings, such as our API. The handling of such data is governed by the specific customer agreements that regulate access to and use of those business solutions.
1 Data Controller
The Services are provided and controlled by ZHIPU HENGYAO TECHNOLOGY PTE.LTD. with its registered address in 12 WOODLANDS SQUARE #13-79 WOODS SQUARE TOWER ONE SINGAPORE (737715). ZHIPU HENGYAO TECHNOLOGY PTE.LTD. is the controller and is responsible for the processing of your Personal Data as described in this Privacy Policy. If you have any questions about how we use your personal data, please contact user_feedback@z.ai.
2 What Personal Data We Collect
We collect personal data relating to you (“Personal Data”) as follows:
Personal Data You Provide to Us Directly
We collect Personal Data if you create an account to use our Services or communicate with us as follows:
Account information. We collect information that you provide when you set up an account, such as your date of birth (where applicable), username (where applicable), email address, and password.
User Content. When you use our Services, we may collect your text input, prompt, uploaded files, feedback (for example, by using the thumbs up/thumbs down icon—we will store the related conversation as part of your feedback), chat history, or other content that you provide to our model and Services (“Prompts” or "Inputs"). We generate responses (“Outputs”) based on your Inputs. If you include personal data or reference external content in your Inputs, we will collect that information and this information may be reproduced in your Outputs.
Communication Information. When you contact us, we collect the information you send us, such as proof of identity or age, contact details, feedback or inquiries and the contents of any messages you send.
Personal Data We Receive from Your Use of the Services:
We automatically collect certain information from you when you use the Services, including internet or other network activity information such as your IP address, unique device identifiers, and cookies.
Device and Network Information. In accordance with the permissions set on your device or browser, your device or browser automatically provides us with information regarding the timing and manner in which you install, access, or use our Services. This information may include details such as your device type, operating system, browser data and referring web pages, mobile network and connection details, mobile carrier or internet service provider (ISP), time zone configuration, IP address (including location information inferred from your IP address), and various identifiers (such as device or advertising identifiers, probabilistic identifiers, and other unique personal or online identifiers).
Usage Information. We collect information about your use of the Services, such as the dates and times of access, browsing history, search, information about the links you click, pages you view, and other information about how you use the Services, and technology on the devices you use to access the Services.
Log Information. We collect information about how our Services are performing when you use them. This information includes log files. In the event that you or your device encounters an error, we may collect details about the error, the time it occurred, the feature in use at that moment, the application's state when the error happened, and any communications or content present at the time of the error.
Cookies & Similar Technologies. We use cookies and similar tracking technologies to operate and provide the Service. For example, we use cookies to remember your language preferences, and for security purposes. We will obtain your consent to our use of cookies where required by law. For more information about cookie and instructions on how to set up your browser to accept, delete or disable cookies, see www.allaboutcookies.org .
Personal Data We Receive from Other Sources
We may receive the information described in this Privacy Policy from other sources, such as:
Log-in, Sign-up, or Linked Services. Where available, if you choose to sign-up or log-in to the Services using a third-party service such as Google or GitHub, or link your account to a third-party service, we may collect information from the service, such as access token.
Security Information. We receive information from our trusted partners, such as security partners, to protect against fraud, abuse, and other security threats to our Services.
Public Information. We may obtain publicly available information via the Internet sources in order to train our models and provide services.
3 How We Use Your Personal Data
We use your information to operate, provide, develop, and improve the Service, including for the following purposes set out in the table below. We may also aggregate or anonymize Personal Data in such a way that it no longer identifies you and use this data for the purposes mentioned above, such as analyzing how our Services are being utilized, enhancing and adding new features, and conducting research. We will keep and use the anonymized data in its de-identified form and will not attempt to re-identify it, unless required by law.
Purpose | Type of Personal Data processed, depending on the processing activity | Legal basis, depending on the process activity |
To provide, analyze, and maintain our Services | Account Information User Content Communication Information Data We Receive from Other Sources Log Information Usage Information Device and Network Information Cookies and Similar Technologies | Where necessary to perform a contract with you, such as processing a user’s prompts to provide a response. |
To improve and develop our Services and conduct research | Account Information User Content Communication Information Data We Receive from Other Sources Log Information Usage Information Device and Network Information Cookies and Similar Technologies | Where necessary for our legitimate interests and those of third parties and broader society, including in developing, improving, or promoting our Services, such as when we train and improve our models. |
To communicate with you, including to send you information about our Services and events | Account Information Communication Information Log Information Usage Information Device and Network Information Cookies and Similar Technologies | Where necessary to perform a contract with you, such as processing your contact information to send you a technical announcement about the Services. Your consent when we ask for it to process your Personal Data for a specific purpose that we communicate to you, such as processing your contact information to send you certain forms of marketing communications. |
To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services | Account Information User Content Communication Information Data We Receive from Other Sources Log Information Usage Information Device and Network Information Cookies and Similar Technologies | Where necessary to comply with a legal obligation. Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties, including in protecting our Services from abuse, fraud, or security risks, such as processing data from security partners to protect against fraud, abuse and security threats in our Services. |
To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, ZHIPU, or third parties | Account Information User Content Communication Information Data We Receive from Other Sources Log Information Usage Information Device and Network Information Cookies and Similar Technologies | Where necessary to comply with a legal obligation, such as retaining transaction information to comply with record-keeping obligations. |
4 How We Share Your Personal Data
We may disclose your personal data to the following categories of recipients:
Affiliates: our affiliated companies in the ZHIPU Group and/or their designated service providers, who provide data processing services necessary to provide you with our Services;
Vendors and Service Providers: third party vendors and service providers partners who provide data processing services to us as necessary to provide you with our Services, or assist us in delivering our products, services, websites and platforms as well as improving and optimising the same, or who otherwise process personal data for purposes described in this Privacy Policy;
Business Transfers: any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or any debt or asset sale) involving any of the Companies;
Government Authorities or Other Third Parties: any competent law enforcement body, regulatory, government agency, court or other third party (such as our professional advisers) where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights or so a third party can defend theirs, or (iii) to protect your vital interests or those of any other person; and
With your consent: any other person, with your consent to the disclosure.
Depending on where you live, you may have certain rights with respect to your personal information, such as the right to know how we collect and use your personal information. You may also have the right to access, change, oppose, request a copy of your authorization, file complaints before the competent authorities, withdraw your consent, or limit our collection and use of your personal information as well as to request that we delete it, and potentially others. In certain circumstances, you can also ask us to provide additional information about our collection and use of your personal information. Please note that your exercise of certain rights may impact your ability to use some or all of Services' features and functionalities.
Right to know: the right to know what personal data we process about you, including the categories of personal data, the categories of sources from which it is collected, the business or commercial purposes for collection, and the categories of third parties to whom we disclose it.
Access & data portability: the right to request a copy of the personal data we process about you, subject to certain exceptions and conditions. In certain cases and subject to applicable law, you have the right to port your information.
Deletion: the right to request that we delete personal data collected from you when you use our Services, subject to certain exceptions. You also are able to delete individual conversations, which will be removed immediately from your conversation history and automatically deleted from our back-end.
Correction: the right to request that we correct inaccurate personal data we retain about you, subject to certain exceptions. Please note that we cannot guarantee the factual accuracy of Outputs. If Outputs contain factually inaccurate personal data relating to you, you can submit a correction request and we will make a reasonable effort to correct this information—but due to the technical complexity of our large language models, it may not always be possible for us to do so.
Objection: the right to object to processing of your personal data, including profiling conducted on grounds of public or legitimate interest. In places where such a right applies, we will no longer process the personal data in case of such objection unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise or defense of legal claims.
Restriction: the right to restrict our processing of your personal data in certain circumstances.
Withdrawal of consent. Where our processing of your personal data is based on consent, you have the right to withdraw your consent. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Automated decision-making: We do not engage in decision making based solely on automated processing or profiling in a manner which produces a legal effect (i.e., impacts your legal rights) or significantly affects you in a similar way (e.g., significantly affects your financial circumstances or ability to access essential goods or services).
Please contact us by using the contact information provided in this Privacy Policy if you would like to exercise any of your rights. We will respond to your request consistent with applicable law and subject to proper verification.
You can control and access some of your personal information directly through settings. For example, you can manage your chat history. Should you choose to do so, you may also delete your chat history via your settings. If you choose to delete your account, you will not be able to reactivate your account or retrieve any of the content or information in connection with your account.
6 The Security of Your Personal Data
The security of your personal data is a priority for us. We implement commercially reasonable technical, administrative, and physical security measures to protect your personal data from unauthorized access, theft, disclosure, alteration, or loss. We regularly assess our security practices to incorporate new technologies and methods. However, please note that no Internet or email transmission is completely secure or error-free. Specifically, emails sent to or from us may not be fully secure. As a result, we advise you to exercise caution when deciding what information to send to us via the Services or email. Additionally, we are not responsible for any bypassing of privacy settings or security measures on the Service or third-party websites.
7 How Long Do We Keep Your Personal Data
We retain personal data for as long as it is needed to provide our Services and for the other purposes outlined in this Privacy Policy. Additionally, we retain personal data when required to fulfill contractual and legal obligations, when we have a legitimate business interest (such as improving and developing our Services and enhancing their safety, security, and stability), and for the exercise or defense of legal claims.
Retention periods vary based on the volume, type, and sensitivity of the personal data, the purposes for which we use it, and any legal requirements, among other factors. For instance, when we process your personal data to provide you with the Services, we retain it as long as you have an account. This includes your account information, input. If you violate any of our terms, policies, or guidelines, we may immediately remove your account information, input from public view, but we will keep the personal data as needed to address the violation.
When the personal data collected is no longer required by us, we and our service providers will perform the necessary procedures for destroying, deleting, erasing, or converting it into an anonymous form as permitted or required under applicable laws.
8 Where We Store Your Personal Data
Depending on your location and the features of our Services that you access or use, your personal data may be transferred and processed outside the jurisdiction in which you reside, including to an affiliated company within the ZHIPU Group or a third party (as outlined in section 4) located overseas. These countries may have data protection laws that differ from those of your jurisdiction and, in some cases, may offer less protection.
We generally provide the Services from Singapore, and our group companies and their designated service providers are typically located in Singapore and/or China. As a result, your personal data is generally processed in one or both of these countries.
We implement appropriate safeguards to ensure that your personal data remains protected in line with this Privacy Policy and applicable laws, and we only transfer your data abroad in compliance with applicable laws and legally recognized transfer mechanisms.
9 Personal Data relating to children
Our Services are not directed to, or intended for, the individual under 18. We do not knowingly collect Personal Data from children under 13. If you have reason to believe that a child under 13 has provided Personal Data to us through the Services, please contact us via the contact details set out below. We will investigate any notification and, if appropriate, delete the Personal Data from our systems. Users under 18 must have permission from their parent or guardian to use our Services.
We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date on this page, unless another type of notice is required by applicable law. We recommend that you review the Privacy Policy each time you access our Services to stay informed of our privacy practices.
Questions, comments and requests regarding this policy should be addressed to user_feedback@z.ai.