Zakki

Privacy Policy

Last updated: May 2026

Zakki is a personal hobby project — not a company. I built it to mint small keepsakes from moments worth keeping. This page describes what Zakki stores, where, and how to get your data out. Zakki tries to collect as little about you as it reasonably can.

What Zakki collects

Authentication. When you sign in with Google, Google shares your email address and a stable unique identifier with Zakki. These are used to sign you in and associate your data with your account.

Profile data. An optional display name and any model preferences you configure on the Profile page.

Journal entries. For each keepsake you save: the title, the thought you captured, any optional notes, the AI-generated image, the prompt sent to OpenAI (stored verbatim — it includes the structured directives Zakki uses internally to guide rendering), the tokens you selected, and any locations or structured metadata Zakki derived from your inputs.

Your OpenAI API key (BYOK)

Your OpenAI API key is stored only in your browser's local storage (IndexedDB) and is never transmitted to Zakki's servers. Your AI requests go directly from your browser to OpenAI.

You can verify this yourself in DevTools → Network: you will not see your key in any request to a Zakki domain.

Zakki's server stores a single boolean flag indicating whether you've configured a key. The key itself never reaches Zakki's server.

Any charges incurred from generating images are billed directly to your OpenAI account. Zakki has no visibility into or control over those charges. I recommend setting a per-key usage limit at platform.openai.com/account/limits.

Signing out attempts to clear your local browser data (including your saved API key). Rare conditions like private-browsing mode or storage quota can prevent the wipe — on shared devices, clear your browser storage manually after signing out.

Data stored only in your browser

Some data lives only in your browser via IndexedDB and is never sent to Zakki's servers: your OpenAI API key, in-progress drafts on the Press, and your local press history (the before-you-save scratchpad). Clearing your browser storage removes it.

Where data is stored

Your account data, journal entries, and tile images are stored in Supabase (Postgres + Supabase Storage) in the region Zakki deploys to. Data is stored encrypted at rest as part of the Supabase platform.

Beta state (honest disclosure)

During the beta, your journal entries and tile images are stored in Supabase in a form Zakki's maintainer can technically read. Client-side encryption (where even the maintainer cannot read your content) is on the roadmap for a future version and will be opt-in with a recovery code. Until then: use Zakki at your own risk, and don't store anything you can't afford to lose.

Sub-processors

Zakki relies on the following third-party services. Each has its own privacy policy.

  • Supabase — Postgres database and Storage for your tile images. Authentication uses Supabase Auth; the session itself is kept as a first-party cookie in your browser (see Cookies below).
  • Google — sign-in provider. Google shares your email and a stable unique identifier with Zakki when you sign in.
  • OpenAI — your browser calls OpenAI directly using your own API key (BYOK). Zakki's server never sees your key or any image-generation traffic.
  • Vercel — application hosting. Vercel sees standard HTTP request metadata (IP, user agent) for serving pages and API routes.

What Zakki doesn't do

  • Zakki does not sell user data.
  • Zakki does not analyze journal contents for advertising, training, or profiling purposes.
  • Zakki does not use your prompts or images to train models.
  • Zakki does not share your data with third parties except the sub-processors listed above.

Cookies

Zakki uses first-party cookies only for authentication sessions. There are no tracking or advertising cookies.

Export your data

You can download a ZIP of every keepsake on your shelf — including the original tile images and a JSON manifest — from your Profile page.

Account deletion

You can delete your account from the Profile page. Deletion removes your profile, all journal entries, and all tile images. This action cannot be undone.

Your data rights

For a copy of your data, use the export feature on your Profile page. For other requests (corrections, deletion via email, or questions), reach out to [email protected] — responses are best-effort given the project’s hobby nature.

Changes to this policy

This policy may be updated from time to time. When that happens, the “Last updated” date at the top of this page changes. Continued use of Zakki after changes constitutes acceptance of the revised policy.

Contact

Questions about this policy? Reach out at [email protected].