How we handle
your data.

This privacy policy explains how Zavemi (“Zavemi,” “we,” “us,” or “the studio”) handles personal data when you visit zavemi.com (the “Site”), contact us, or buy a pack and send us a brief. Zavemi is an editorial studio that produces original, AI-generated fashion imagery, based in the United States and selling to brands and businesses worldwide.

It does not cover third-party sites we link to, which run under their own policies. We offer this policy in English and Portuguese; if the two ever conflict, the English version controls. The Site is intended for business use by people aged 18 or over.

We collect only what we need, from three sources:

What you give us. When you use the contact form, we receive your name, email, the topic you pick, and your message. When you buy a pack, you go through Stripe Checkout, which collects your email, name, and billing details. After purchase you complete a creative brief — the brief text and any brand context, reference images, or assets you choose to send. We then produce and deliver finished imagery and revisions for you.

What we collect automatically. Like most sites, we log technical data through cookies and analytics: your IP address, browser and device type, the pages you view, referring links, and timestamps. Our session-analytics tool also records how visitors move through pages — clicks, scrolling, and interaction patterns.

What we receive from others. Stripe sends us confirmation of your payment — the card brand, last four digits, and billing country, never the full card number. When you arrive from an ad, we may receive an ad-click identifier used to attribute that visit to the campaign that sent you.

We use the data above to:

• make and deliver the work you commission — producing your imagery from your brief;
• process your payment through Stripe and send the order and delivery emails;
• answer your messages and provide support;
• measure how our advertising performs and reach similar audiences;
• understand how the Site is used and improve it;
• keep the Site secure and prevent fraud or abuse; and
• meet our legal, tax, and accounting obligations.

We do not sell your data, and we do not use your briefs or your delivered images to train AI models — ours or anyone else’s. Any internal refinement of our craft uses only our own imagery, never customer content.

If you are in the EEA, the UK, or Brazil, the law requires us to have a legal basis for processing your data. Ours are:

• Performance of a contract — to fulfil your order, take payment, and send the emails that go with it.
• Consent — for non-essential cookies and the analytics and advertising tools, where consent is required. You can withdraw it at any time.
• Legitimate interests — to keep the Site secure, prevent abuse, and understand usage at a basic level.
• Legal obligation — to keep the records the law requires us to keep.

The Site uses cookies and a small set of third-party tools. Some are essential; the rest are analytics and advertising tools that load with your consent where it is required:

• Meta Pixel and Conversions API. Measure which ads lead to visits and purchases. To match conversions, we share event data and hashed contact details — such as email, name, and country — with Meta, along with ad identifiers and your IP address and browser. See Meta’s privacy policy.
• Google Analytics 4. Tells us, in aggregate, how the Site is used. See Google’s privacy policy.
• Microsoft Clarity. Records session replays and heatmaps — how visitors move, click, and scroll — so we can improve the Site. See Microsoft’s privacy statement.
• Vercel Analytics and Speed Insights. Privacy-friendly traffic and performance metrics from our host. See Vercel’s privacy policy.

We also set two first-party cookies of our own — _zv_eid, a random visitor ID, and _zv_fbc, an ad-click value — used only to measure advertising. You can control cookies through your browser, opt out of Meta ads in your Meta ad preferences, and opt out of Google Analytics with Google’s opt-out add-on. We honour the Global Privacy Control (GPC) signal.

We don’t sell your personal data. We share it only with the service providers that help us run the studio, and only with what each needs to do its job:

• Stripe — payment processing.
• Resend — delivers our emails, to you and to our studio inbox.
• Meta — advertising measurement, as described above.
• Google — Site analytics.
• Microsoft — session analytics.
• Vercel — hosting and infrastructure.

We may also disclose data when the law requires it, to protect our rights, or as part of a merger or sale of the studio. Note that sharing data with advertising tools like the Meta Pixel can count as “sharing” for cross-context advertising under California law — see your region’s section below for how to opt out.

Payments are processed by Stripe. We never see, store, or have access to your full card number — Stripe handles that directly, under its own terms and PCI-DSS certification. We receive only confirmation of the charge and the limited billing details Stripe returns to us.

We keep data only as long as we have a reason to:

• order and billing records — for as long as tax and accounting law requires, mostly held within Stripe;
• your brief and the images we deliver — for the time needed to complete, re-send, and support the work;
• contact messages — for as long as needed to handle your enquiry; and
• analytics and advertising data — for the retention period each tool applies.

Because we have no customer accounts and no central database, we hold very little ourselves — most data lives with the providers above. When we no longer need something, we delete it or ask the provider to.

We use reputable providers, serve the Site over HTTPS, and collect as little as we can — no accounts to breach, and no card numbers on our side. No method of storage or transmission is ever completely secure, but we work to protect your data and to limit who can reach it.

We are based in the United States, and our providers process data there and in other countries. If you are in the EEA, the UK, or Brazil, this means your data may be transferred abroad. Where it is, we and our providers rely on recognised safeguards — such as Standard Contractual Clauses and Data Privacy Framework certifications — to protect it.

You have rights over your personal data. Depending on where you live, these include the right to:

• access the data we hold about you;
• correct it if it’s wrong;
• delete it;
• receive a copy in a portable format;
• object to or restrict certain processing; and
• withdraw consent you gave for cookies or marketing.

To exercise any of these, email studio@zavemi.com and we’ll respond within the time the law allows. We won’t treat you differently for asking.

Every model we create is original and AI-generated. The people in our imagery are synthetic — they don’t depict, scan, or reuse the likeness of any real, identifiable person, and we don’t build them from a real model’s photos.

We don’t use your brief or your delivered imagery to train AI models, and we don’t create non-consensual likenesses of real people. If a project ever calls for a real person’s likeness, that requires their consent and yours — see our terms and ethics policies.

The Site and the work we sell are for businesses and people aged 18 or over. We don’t direct the Site at children and we don’t knowingly collect data from anyone under 18. If you believe a minor has sent us data, email us and we’ll delete it.

Some regions add specific rights on top of the ones above. The rights in section 11 apply to everyone; here’s what changes depending on where you are.

We may update this policy as the studio grows or the law changes. When we do, we’ll change the “last updated” date at the top. Material changes won’t apply retroactively to data we’ve already collected under the old version, and continuing to use the Site after an update means you accept it.

Questions, requests, or concerns about your privacy go to studio@zavemi.com. Write to us before you buy if anything here is unclear — we’d rather answer first.