Privacy Policy

Tezio is a web application for creating, editing, previewing and exporting business proposals using AI features. The service is owned and operated by Zhandar Company Ltd (BIN: 240640900334), legal address: Republic of Kazakhstan, Astana, Yesil district, Mangilik El Avenue, building 55/18.

This Privacy Policy explains what data we collect, how we use it, where we store it and when we may share it with third-party services. By registering in Tezio, you confirm that you have read this Policy and agree to its terms.

1. What data we collect

• Account data: name, email, password hash, interface language and account settings.
• Company profile data: company name, description, history, contact details, social links, logo, brand colors, default currency, team info, previous projects and cases.
• Client data: client name, contact person, email, phone, industry and notes.
• Business proposal data: proposal titles, sections, texts, prices, discounts, taxes, deadlines, terms, contacts, team, projects, cases and design settings.
• AI usage metadata: action type, success or error status, date and usage count.
• Payment metadata (not yet active): paid billing is not currently active, so we do not collect or store any payment data. If paid plans are introduced, this may include amount, currency, payment status, provider transaction ID and payment date.
• Technical data: cookies, session data and technical logs.

We do not process or store bank card data. Passwords are stored as hashes.

2. How we use data

• Creating and managing accounts.
• Authorization and session protection.
• Saving company profile, clients and business proposals.
• Generating and editing texts using AI.
• Preview and PDF export.
• Sending verification and password-reset emails.
• Tracking AI usage limits and preventing abuse.
• Customer support.

3. AI and cross-border data transfer

When a user uses AI features, some data is transferred to the configured external AI provider. Depending on our configuration, this provider may be OpenAI (OpenAI, L.L.C., USA), Anthropic (Anthropic PBC, USA), or Google Gemini (Google LLC, USA). The data sent may include brief text, proposal section content, company profile data (workspace name and description), client data, proposal title and language, and other context needed for generating or editing text.

This data transfer is carried out to servers located outside the Republic of Kazakhstan. By registering and using AI features, you give explicit consent to such cross-border transfer in accordance with Article 22 of the Law of the Republic of Kazakhstan "On Personal Data and Their Protection".

We do not send passwords or API keys to AI providers. Generated text applied to a proposal is saved as part of its content. We do not separately store the prompts sent to the AI provider or the AI responses; we retain only usage metadata (action type, success or error status, and timestamp).

4. Email services

We send transactional emails — specifically email-address verification and password-reset messages. To deliver these, we use Resend (Resend, Inc., USA) as an email service provider. Your email address is transferred to Resend solely to send these messages. We do not use email for marketing.

5. Payment providers (not yet active)

Paid billing is not currently active in Tezio: we do not collect payments and do not process any payment or bank card data. If we introduce paid plans in the future, we will use third-party payment providers, will not store full bank card numbers or CVV codes, and will update this Policy before such processing begins.

6. Cookies and sessions

We use cookies for account login, session maintenance and saving interface language settings. Advertising and tracking cookies are not used.

7. Data storage

Data is stored on secure servers and cloud infrastructure required for Tezio to operate.

8. Third-party data transfers

We transfer limited data to third-party sub-processors only to the extent necessary for the product to function: the configured AI provider (OpenAI, Anthropic or Google Gemini, all USA), our email provider Resend (USA), and our hosting / VPS infrastructure provider. A summary is provided in the sub-processors list below.

We do not sell users' personal data.

Sub-processors

• AI provider — OpenAI, Anthropic or Google Gemini (USA) — generating and editing proposal text; receives the proposal/company/client content described in section 3 when AI features are used. Which provider is used depends on our configuration.
• Resend (USA) — transactional email delivery; receives your email address to send verification and password-reset messages.
• Hosting / VPS infrastructure provider — hosting the application and database; stores the data needed for Tezio to operate.

9. User data separation

Data is separated by accounts and workspaces. A user has access only to data associated with their account or workspace.

10. Retention and deletion

We store data while the account is active or as long as necessary to provide the service. At any time, from your Account settings, you can export your data (a machine-readable copy) and delete your account and its associated data yourself. You may also request access, correction or deletion of your data through the contacts below; we process such requests within 15 business days of receipt.

11. Security

We apply reasonable security measures: password hashing, authorization sessions, workspace-based access control. However, no method of data transmission or storage is completely secure.

12. User rights

A user may request access to their data, data correction, account deletion or termination of service use.

You also have the right to lodge a complaint with the authorized body of the Republic of Kazakhstan — the Committee for Information Security of the Ministry of Digital Development, Innovation and Aerospace Industry (MDDIAI RK).

13. Policy changes

We may update this Privacy Policy. Any changes will be posted on this page with an updated date. We may also notify registered users by email where appropriate. We currently send email only for transactional purposes such as account verification and password resets, not for marketing.

14. Contacts

For privacy questions, contact us: