Self-hosted on US soil.
No training on your data.
ZSky AI is a free AI creative platform. Generate HD video with synchronized audio in 30 seconds, or images in 2 seconds. Unlimited free generation, ad-supported (Google AdSense including on /create), no credit card required. Free-tier output (videos AND images) displays a small 'MADE WITH / zsky.ai' wordmark plate; paid plans remove it. Full commercial use on every plan. Self-hosted on a privately owned fleet of NVIDIA RTX 5090 GPUs in the United States. Paid tiers ($19/$49/$99 per month, 20% off annual) unlock ad-free everywhere, priority GPU, and 4K video.
ZSky AI runs on a privately owned fleet of NVIDIA RTX 5090 GPUs operated by the founder in a US workstation. We do not rent compute. We do not route through overseas inference APIs. We never train on paid-tier prompts or outputs. We do not sell or share user data. Ever.
Our security commitments
Self-hosted in the US
All AI generation runs on a privately owned fleet of NVIDIA RTX 5090 GPUs physically located in the United States, operated by founder Cemhan Biricik. Not rented. Not in overseas data centers.
No training on paid-tier data
Paid-tier prompts and outputs (Pro/Ultra/Max/Enterprise) are never used to train or improve AI models. Free-tier prompts and outputs may be used to train and improve our models; free-tier users can opt out at [email protected].
No overseas inference
The full rendering pipeline runs on the owned US cluster. Prompts are not handed off to OpenAI, Google, Anthropic, Meta, or any other third-party inference service.
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest. Database encrypted at the storage layer. No plaintext passwords ever stored, viewed, or logged.
Minimal data collection
We collect: account email, hashed password, subscription status, your own generation history. Free-tier visitors see Google AdSense placements site-wide including on /create — standard AdSense cookies and ad personalization apply per the Privacy Policy. Paid-tier subscribers are ad-free everywhere and do not see AdSense placements. We do not collect behavioral profiles or sell user data to anyone.
SOC 2 in progress
SOC 2 Type 1 audit is underway for 2026. Type 2 will follow. We will publish the full audit report when complete. We treat security audits as a serious investment, not a marketing checkbox.
GDPR + CCPA compliant
EU users can request data export and deletion via [email protected] (30-day SLA). California residents have the same rights under CCPA. We do not sell personal information.
DPA + BAA on Enterprise
Enterprise customers can sign Data Processing Agreements, Business Associate Agreements, and custom MSAs. Standard templates available, 24-48h turnaround because there's no legal department gating the process.
What we store vs what we don't
| Data | We store? |
|---|---|
| Email address (account login) | Yes |
| Hashed password (PBKDF2-SHA256) | Yes |
| Subscription status and billing history | Yes |
| Your generated outputs (so you can access them) | Yes — per storage policy below |
| Basic usage logs (for billing accuracy) | Yes |
| Plaintext passwords | Never |
| Payment card details | No (Stripe-handled) |
| Behavioral profiles or browsing history | No |
| Google AdSense cookies on free tier (e.g. __gads, __gpi, IDE) | Yes — free tier only; paid tier is ad-free |
| Paid-tier prompts/outputs used as training data | Never |
| Free-tier prompts/outputs used as training data | May be — opt out at [email protected] |
| Data sold to third parties | No, none, nowhere |
| Government data requests fulfilled silently | No — we publish a transparency report |
Why this matters in 2026
Most AI tools you use today are training their next model on your prompts and outputs right now — including on paid plans. That is not paranoia. Your creative work becomes input for their next product. Your style becomes their training distribution.
ZSky's commitment is tier-based and unambiguous: paid plans (Pro/Ultra/Max/Enterprise) are excluded from training by default with no opt-in available. If you're paying, your prompts and outputs are not training data — ever. Free-tier users may have their data used to train and improve our models, and can opt out any time at [email protected]. This is the honest version of the policy: we tell you exactly what happens at each tier, and you choose.
If you care about where your prompts go, who owns the GPUs running your generation, and whether your work becomes training data for someone else's product — Pro at $19/month gives you the same hardware as everyone else, ad-free, with the training-exclusion guarantee in writing.
Reporting a security issue
Responsible disclosure
If you discover a security vulnerability, email [email protected] with details. We respond within 24 hours, validate within 72 hours, and credit researchers in our security acknowledgments unless you ask not to be named. We do not pursue legal action against good-faith security researchers.
[email protected] [email protected]Common questions
Where does ZSky AI host its infrastructure?
All AI generation runs on a privately owned fleet of NVIDIA RTX 5090 GPUs physically in the United States, operated by founder Cemhan Biricik. Not rented from AWS, GCP, Azure. Not in overseas data centers.
Does ZSky train on user prompts or outputs?
Paid-tier prompts and outputs (Pro/Ultra/Max/Enterprise) are never used to train or improve our AI models. Free-tier prompts and outputs may be used to train and improve our models; free-tier users can opt out at [email protected].
Are user prompts routed through overseas inference APIs?
No. Full rendering pipeline runs on the owned US cluster. Not handed off to OpenAI, Google, Anthropic, Meta, Stability, or any third-party inference service.
What does ZSky store about my activity?
Email, hashed password, subscription status, generation history (your library, per storage policy), basic usage logs. We don't store payment cards (Stripe handles that), behavioral profiles, or anything we sell. Free-tier visitors see Google AdSense cookies; paid tier does not.
Is ZSky SOC 2 compliant?
SOC 2 Type 1 in progress for 2026. Type 2 follows. We publish the full audit report when complete.
Can I sign a DPA or BAA?
Yes on Enterprise. Email [email protected]. Standard templates, 24-48h turnaround.
What about GDPR and CCPA?
Compliant with both. EU and California users can request data export/deletion via [email protected] (30-day SLA). We do not sell personal information.
How does ZSky handle authentication?
Supabase Auth with PBKDF2-SHA256 password hashing. Email/password, Google OAuth, Apple Sign-In. JWT sessions with secure HttpOnly cookies. 2FA on the roadmap for Q2 2026.