You Are in Control
You can access, correct, export, and delete your personal data. You decide what you share with your Superuser and AIIO.
This Privacy Policy ("Policy") describes how In Creates Out, LLC ("Company," "we," "us," or "our") collects, uses, discloses, and protects the personal information of users ("you" or "your") when you access or use our websites at zala.ai and lifeonzala.com (the "Site"), the ZALA Mobile App, the AIIO Companion, the Superuser Marketplace, and any related services, software, and content (together, the "Services"). By using the Services, you consent to the practices described in this Policy.
This Policy is incorporated into and forms part of our Terms of Use. Capitalized terms not defined here have the meanings given in the Terms.
Read this carefully. This Policy explains what we collect, why, who we share it with, how long we keep it, and what choices you have. It also explains how the AIIO Companion and the Rules Engine process your data — and the bright lines we have drawn around AI decision-making.
Sections · 16 total
- Who We Are & Scope
- Information We Collect
- Sources of Information
- How We Use Information
- AIIO & AI Processing
- The Rules Engine
- Sharing with Superusers
- Other Disclosures & Service Providers
- Cookies, Pixels & Tracking
- International Transfers
- Data Retention
- Your Rights & Choices
- Children & Youth Pathway
- Security
- Changes to This Policy
- Contact Us
01Who We Are & Scope
The "Company," "we," "us," and "our" refers to In Creates Out, LLC, a Delaware limited-liability company operating the ZALA brand. ZALA is a Health, Wellness, Education, and Personal-Growth platform that unites members and independent Superusers through the AIIO Companion and a deterministic Rules Engine.
This Policy applies to personal information we collect when you (a) visit our Site, (b) use the Mobile App, (c) interact with AIIO, (d) work with a Superuser through our Marketplace, (e) connect a wearable or third-party data source, (f) contact us, or (g) participate in research, surveys, or the Pioneer Cohort.
02Information We Collect
We collect categories of personal information described in the table below. Some categories may not apply to every member; collection depends on which features you use and what you choose to share.
Category
Examples
Why we collect it
Identity & Account
Name, email, password (hashed), phone, time zone, profile photo, username.
Create & secure your account; communicate with you; bill you.
Intake & Profile
Responses to "What's your ZALA?", goals, sport, role, lifestyle pathway preference, baseline questionnaire answers, medical-history disclosures you choose to share.
Route you to the right pathway (Lifestyle / Youth / Pro), tune dose, support Superuser pairing.
Wearable & Biometric
Heart rate, HRV, sleep stages, recovery score, strain, activity, steps, calories, cycle data, and other fields you authorize from Whoop, Oura, Apple Health, and similar providers.
Surface daily readiness; populate the day-phase plan; support Superuser decisions; trigger safety-floor checks.
Habit & Compliance
Habit completion, workout logs, photos/video you upload, voice notes, mood/affect inputs, day-phase check-ins.
Track your progress; tune your periodized plan; produce summaries for you and your Superuser.
Communications
Messages with AIIO, with your Superuser, with ZALA Support; in-app comments; LIVED. quotes; member-spotlight submissions.
Deliver the conversation; route safety signals; build the member-spotlight pipeline (with approval).
Payment & Billing
Billing name, address, last four digits of card, payment-method tokens, subscription tier, renewal status, charge history. Full card data is held by our payment processor, not ZALA.
Process subscriptions, channel purchases, refunds, dunning; comply with tax and accounting rules.
Device & Usage
IP address, browser type, operating system, device identifiers, crash logs, time stamps, pages viewed, in-app actions, AIIO query volume, feature-flag exposure.
Keep the Service running; debug; secure accounts; measure feature performance.
Location (coarse)
Country/region inferred from IP; time zone from device; postal code if you provide it for sales-tax or marketplace pairing.
Tax compliance; pair you with Superusers in your jurisdiction; localize the experience.
Inferences & State Vector
Derived state from the Rules Engine: (flag · pathway · gate · affect · direction) + confidence; detection-signal flags; safety-signal flags; pairing-classifier scores.
Determine which prompts and dose to surface; route Superuser matches; enforce safety floors and hard stops.
We do not knowingly collect protected health information ("PHI") as defined under HIPAA, and ZALA does not generally act as a HIPAA-covered entity. If your Superuser is a covered entity or business associate in their jurisdiction, additional protections may apply between you and them.
03Sources of Information
We collect personal information from the following sources:
- Directly from you — when you sign up, complete intake, message a Superuser or AIIO, upload a photo, or submit a LIVED. quote.
- From your device — through cookies, SDKs, and standard server logs.
- From your wearable provider — Whoop, Oura, Apple Health, and similar providers, only with your consent and only for the fields you authorize.
- From your paired Superuser — observations, session notes, program plans, and check-ins your Superuser logs about you within the Service.
- From our payment processor — transaction confirmations and statuses (we do not receive full card numbers).
- From service providers — fraud-prevention vendors, identity-verification vendors (for Pioneer Cohort or Superuser onboarding), hosting and analytics providers.
- From publicly available sources — limited to what is needed to verify professional credentials of Superusers.
04How We Use Information
We use the information we collect to:
- Provide the Services — create your account, route you to the appropriate pathway (Lifestyle, Youth, Pro), and deliver the day-phase plan and member lifecycle (Inbound → Intake → Eval → POC → Today → Session → Remote → Compound);
- Operate AIIO & the Rules Engine — generate drafts, summaries, and pattern insights; compute the state vector; enforce safety floors and hard stops; queue Intervention, Readiness, Support, and Communication actions;
- Support your Superuser — surface relevant intake, wearable, habit, and communication data in their Lab / Roster / Eagle Eye / Jarvis / Superuser views;
- Communicate with you — service announcements, billing notices, security alerts, and (where you've consented) news, tips, or marketing;
- Process payments — for ZALA-set subscription tiers, Superuser-set channel pricing, and any à-la-carte features;
- Personalize — tune dose, modify defaults, and tailor recommendations to your population and current state;
- Secure the Services — prevent fraud, abuse, account takeover, and impersonation of AIIO or Superusers;
- Improve the platform — run analytics, A/B tests, and quality reviews, generally on aggregated or de-identified data;
- Comply with the law — meet tax, accounting, and regulatory obligations and respond to lawful requests.
05AIIO & AI Processing
"AIIO" is ZALA's named AI companion. AIIO drafts messages, summarizes activity patterns, and supports the people who serve you. AIIO is software — not a clinician, therapist, or coach — and does not provide medical, mental-health, legal, or financial advice.
AIIO · Manual Attribution Standard
"Drafted by AIIO. Sent by you."
When a Superuser uses AIIO to draft a message, the message is attributed in a manner consistent with this standard. AIIO composes; your Superuser reviews and sends.
Model providers
AIIO is currently powered by Anthropic's Claude models, including Claude Sonnet 4.6 and Claude Opus 4.6 premium. Your inputs to AIIO and the relevant context the Rules Engine attaches (state vector, recent activity summaries, relevant habit logs) may be transmitted to Anthropic's API for inference. Anthropic processes data under its own terms; ZALA does not consent to your data being used to train third-party models, and our agreements with model providers prohibit such use where contractually offered.
What AI is not allowed to do
- AI does not classify safety. Safety-signal classification, pathway routing, and hard-stop decisions are made by the deterministic Rules Engine — not by any large language model. This is a doctrine-level rule (CR-13).
- AI does not autonomously contact you. Member-facing messages drafted by AIIO are reviewed and sent by your Superuser unless you have explicitly opted into auto-send for a low-risk surface.
- AI does not act on your account. AIIO does not modify your subscription, change your pathway, or move you between Superusers without human review.
Your AI choices
Where applicable law gives you the right to opt out of solely automated decision-making, you may exercise that right by contacting us (see Section 16). You may also request a human review of any decision you believe was driven by automated processing, and you may turn off AIIO-drafted suggestions from within your account settings where available.
AI & cost
ZALA operates AIIO within published cost-cap targets per Superuser per day. These caps protect service quality and platform sustainability; if you hit a cap, certain AIIO features may be temporarily rate-limited.
06The Rules Engine
The Rules Engine is a deterministic system that orders the platform and protects you. It is doctrine, not optimization.
Rules Engine · Architecture Summary
Four layers: Hard Stops → Gates → Modulators → Optimization.
Nine-tier precedence ladder orders conflicting signals; LLM-based classification is forbidden.
Five-tier queue: Safety Floor · Intervention · Readiness · Support · Communication.
Detection signals (14) and safety signals (8) feed a five-dimensional state vector — flag · pathway · gate · affect · direction — with confidence.
The Rules Engine processes your inputs to decide which prompts, doses, and surfaces are shown to you and what is queued to your Superuser. We treat Rules Engine outputs (signals, state-vector values, queue assignments) as personal data and protect them under this Policy.
You may not access raw signal thresholds or precedence tables because exposing them would compromise the safety floor for others, but you may request a human-readable summary of which signals influenced a specific decision affecting you (e.g., a temporary pause, a pathway suggestion, an escalation).
07Sharing with Superusers
When you are paired with a Superuser through the Marketplace, you authorize us to share the categories of data your Superuser needs to serve you. The default scope includes:
- Your name, profile photo, and contact preferences;
- Your intake responses (including your answer to "What's your ZALA?");
- Wearable and biometric data fields you have connected;
- Habit-compliance, workout, and check-in data;
- Messages within the Service between you and your Superuser, and AIIO-drafted suggestions related to your channel;
- State-vector summaries (population, current phase, current direction, and certain safety/readiness flags) needed for Superuser decision support.
Superusers are bound by their Superuser Agreement to keep your data confidential, use it only to serve you, and refrain from transferring it elsewhere. Superusers are independent providers; we are not responsible for their professional advice. If you change Superusers, your prior Superuser's continued access is removed within a reasonable period, subject to legal and operational retention.
08Other Disclosures & Service Providers
We disclose personal information to:
- Service providers — vendors that host the Services, process payments, send transactional email and SMS, provide customer support tools, analytics, error monitoring, fraud prevention, and identity verification. These providers act on our instructions and are bound by confidentiality and data-protection terms.
- AI model providers — currently Anthropic (Claude Sonnet 4.6, Opus 4.6) for AIIO inference, under terms that prohibit use of your inputs to train their models where contractually offered.
- Payment processors — for example, Stripe or Apple In-App Purchase, which receive billing data necessary to process transactions.
- Wearable providers — solely to receive the data you have authorized them to share with ZALA. We do not push data back to them unless you direct us to.
- Professional advisors — accountants, auditors, and lawyers, under confidentiality.
- Affiliates & successors — within the In Creates Out group, and in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor the protections in this Policy.
- Authorities — to comply with law, lawful requests, court orders, or to protect the rights, property, and safety of ZALA, our members, our Superusers, or others.
We do not sell your personal information for money. We do not "share" personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, except where you have consented.
09Cookies, Pixels & Tracking
What we use
We use cookies, pixels, tags, SDKs, and similar technologies (collectively, "cookies") to operate the Site and Mobile App, remember preferences, secure sessions, measure performance, and — where you have consented — deliver relevant marketing.
Types of cookies
- Strictly necessary — required for the Service to work (login, security, fraud prevention). You cannot opt out of these.
- Functional — remember your preferences (language, time zone, notification settings).
- Analytics — help us understand how the Site and App are used so we can improve them; deployed only where permitted by your consent or local law.
- Marketing — measure the effectiveness of our campaigns and deliver relevant ZALA content off-platform; deployed only where you have consented.
Managing cookies
You can manage cookie preferences through your browser settings (Chrome, Safari, Firefox, Edge) and through any cookie banner we may surface. Blocking strictly-necessary cookies will break parts of the Service.
Do Not Track
Our Site does not currently respond to "Do Not Track" browser signals because no industry standard governs how such signals should be interpreted. We honor Global Privacy Control ("GPC") signals where applicable law requires.
10International Transfers
ZALA is based in the United States. If you access the Services from outside the U.S., your information will be transferred to, processed in, and stored in the U.S. and other countries where we or our service providers operate. We rely on appropriate safeguards for international transfers (including, where required, Standard Contractual Clauses) and we apply this Policy uniformly regardless of where data is processed.
11Data Retention
We retain personal information only as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. In practice:
- Active accounts — we retain data for the life of your account.
- Closed accounts — we may retain your data for up to seven (7) years following account termination, consistent with our Terms, to support accounting, fraud prevention, dispute resolution, and legal compliance.
- Aggregated and anonymized data — we may keep aggregated or de-identified data indefinitely for analytics, research, and product improvement.
- Wearable data — retained for as long as your account is active and according to the retention windows of the underlying integrations; disconnecting a wearable removes future syncing but does not automatically delete historical data — request deletion via Section 12.
- AIIO conversation history — retained to enable continuity across sessions; deletable on request, subject to safety-related holds.
12Your Rights & Choices
Depending on where you live, you may have the following rights:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to correct inaccurate or incomplete data.
- Deletion — ask us to delete personal data, subject to our right to retain certain data for safety, legal, or accounting purposes.
- Portability — receive your data in a structured, commonly used, machine-readable format.
- Restriction or objection — ask us to restrict or object to certain processing, including profiling.
- Withdraw consent — where we rely on consent (for example, wearable connections, marketing communications), you may withdraw it at any time.
- Opt out of marketing — via the unsubscribe link in any marketing email, or by contacting us.
- Opt out of solely automated decisions — where applicable, request human review of decisions that produce legal or similarly significant effects.
- Non-discrimination — for California residents, we will not discriminate against you for exercising your rights under the California Consumer Privacy Act ("CCPA") / California Privacy Rights Act ("CPRA").
- Authorized agents — California residents may use an authorized agent to make a request; we may require reasonable verification.
- Appeal — Virginia, Colorado, Connecticut, and certain other state residents may appeal a denied request; we will respond within the statutory window.
- Lodge a complaint — EU/UK residents may complain to their local data-protection authority.
To exercise any right, contact us as described in Section 16. We will verify your request using information already associated with your account.
13Children & Youth Pathway
The Services are intended for users 18 years and older by default. We do not knowingly collect personal information from children under 13 in the United States or under the equivalent age of consent in other jurisdictions.
The Youth pathway, surfaced as ZALA Academy, may serve users between 13 and 17 only under verified parental or guardian consent and supervision, and in compliance with the Children's Online Privacy Protection Act ("COPPA") and equivalent regional laws. For Youth users we apply additional protections: limited marketing communications, reduced data retention, and parent/guardian access to account settings.
If you believe a child has provided personal information to us in violation of this Policy, contact us and we will take prompt steps to delete the information and disable the account.
14Security
We use a combination of administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit, access controls, vendor due diligence, secure development practices, monitoring, and incident-response procedures.
No method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for notifying us promptly of any actual or suspected compromise.
15Changes to This Policy
We may update this Policy from time to time. We will post material changes on this page with a revised effective date and, where required, give you reasonable notice in-app or by email. Continued use of the Services after the effective date constitutes acceptance of the revised Policy.
16Contact Us
For questions, complaints, or requests regarding this Policy, please contact us:
- Web — zala.ai/contact
- Email — privacy@increatesout.com (privacy requests) · support@increatesout.com (account & service)
- Mail — In Creates Out, LLC · Privacy Office
If you reside in the European Economic Area, United Kingdom, or Switzerland and require an EU/UK representative, please contact privacy@increatesout.com and we will route your request appropriately.
In creates out · What's your ZALA? · Life. On. Purpose.