Back to Home
ZySec AI

ZySec AI Privacy Policy

ZySec AI ("we", "us", "our") is committed to safeguarding your personal data and is committed to transparency and compliance with global privacy standards. This Privacy Policy outlines how we collect, use, share, and protect your information when you access our website, products, or services.

Information We Collect

Data Provided Voluntarily

We may collect personal information you voluntarily submit through our website, applications, or services, including:

  • Full name
  • Email address
  • Company name and industry
  • Job title and department
  • Business phone number
  • Location (e.g., city, state, country)
  • Account credentials (such as usernames and hashed passwords)
  • Communication preferences and contact history
  • Responses to surveys, feedback forms, and event registrations

Data We Collect Automatically

When you interact with our platforms, we automatically collect certain technical and behavioural data, including:

  • IP address and approximate geographic location
  • Device identifiers (e.g., UUID, MAC address)
  • Browser type, version, and language
  • Operating system and device type
  • Referring and exit URLs
  • Pages viewed and time spent on our services
  • Clickstream and navigation behaviour
  • Date and time of access
  • Error reports, performance logs, and diagnostic data
  • Cookie identifiers and tracking technologies (see our Cookie Policy for more detail)

Sensitive or Enterprise Data

When our products or services are deployed in client-managed environments—such as on-premises infrastructure or private cloud instances—we may process Sensitive or Enterprise Data strictly under the direction and control of the client.

privacy_policy_content.sensitive_enterprise_data_items_desc

  • Proprietary business information
  • Confidential customer or user data
  • Internal documentation or communication records
  • Structured or unstructured data stored in client-managed systems

Important Legal Safeguards:

  • Data Ownership: All enterprise data processed in such environments remains the exclusive property of the client.
  • Access and Use: We only access or process such data in accordance with the client's explicit written instructions, as governed by the applicable services agreement or data processing addendum (DPA).
  • Data Residency and Confidentiality: Enterprise data is not transferred, replicated, or stored outside of the client's designated environment unless contractually agreed upon. All data is handled in accordance with strict confidentiality obligations and relevant data protection legislation.
  • Compliance: We maintain appropriate technical and organizational measures to protect personal and enterprise data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and any other jurisdictionally relevant regulations.

Use of Information

We use the information we collect for the following purposes, each of which is carried out in accordance with applicable data protection laws:

A. To Provide and Maintain Our Services

  • Facilitate access to and use of our websites, applications, and services.
  • Create, manage, and maintain user accounts and service configurations.
  • Deliver technical support and customer service.

B. To Improve and Optimize Our Offerings

  • Analyse usage patterns and diagnostic data to improve functionality and user experience.
  • Conduct internal research and development.

C. For Communications and Marketing

  • Respond to inquiries, requests, or feedback submitted by users.
  • Send administrative communications, including updates, security alerts, or policy changes.
  • Provide information about new features, product updates, or events (in accordance with your communication preferences).

D. To Ensure Security and Prevent Fraud

  • Monitor, detect, and prevent unauthorized access, fraud, abuse, or malicious activities.
  • Enforce our terms of service, acceptable use policy, and other agreements.
  • Conduct audits and investigations as necessary to comply with legal obligations

E. To Comply with Legal Obligations

  • Satisfy reporting obligations, lawful requests from government authorities, or legal proceedings.
  • Comply with export laws, sanctions regimes, and other regulatory requirements.

F. With User Consent

Where required by law, we will request your consent before collecting or using your data for specific purposes

Data Protection & Security

ZySec AI upholds government-grade security standards to protect your data:

  • Organizational safeguards: staffed by a Chief Information Security Officer (CISO), with strict training, role-based access (least privilege), and continuous auditing.
  • Technical measures: end-to-end encryption (SSL/TLS), zero-trust architecture, secure identity and access controls, anonymization/pseudonymization techniques.
  • Certifications & Compliance: ISO 27001, SOC 2, GDPR alignment, and regular vulnerability scans and penetration tests.
  • Incident management: documented breach procedures with rapid notification protocols.

Consent & Privacy Controls

  • We respect user preferences, including existing browser signals like Global Privacy Control (GPC).
  • ZySec AI deploys robust consent frameworks, blocking non-essential tracking until user choice is registered.
  • All cookies and tracking comply with our Cookie Policy and align with GDPR/CCPA best practices.

Third-Party Sharing

We do not sell personal data. We only share or disclose data in the limited circumstances described below:

A. With Service Providers and Subprocessors

We may share personal data with vetted third-party vendors and subprocessors who perform services on our behalf, such as:

  • Cloud hosting and storage providers
  • Customer relationship management (CRM) systems
  • Email and communication tools
  • Analytics and monitoring services
  • IT support and security services

All such parties are contractually obligated to process data only as instructed, maintain confidentiality, and implement appropriate security measures.

B. With Business Partners (Where Applicable)

In cases where you engage with us jointly with a partner (e.g., co-hosted events or co-branded services), we may share relevant information with that partner, subject to your preferences and the partner's privacy practices.

C. In Corporate Transactions

If we are involved in a merger, acquisition, asset sale, or reorganization, personal data may be transferred as part of that transaction, subject to customary confidentiality obligations and applicable data protection laws.

D. For Legal and Compliance Purposes

We may disclose personal data when necessary to:

  • Comply with applicable laws, legal processes, or governmental requests.
  • Protect the rights, property, or safety of our users, our business, or others.
  • Enforce agreements or resolve disputes.

E. With Your Consent

We may share your data for other purposes if you have given us specific consent to do so.

Global Data Transfers

We operate globally. Where personal data crosses borders, we rely on legal safeguards:

  • Standard Contractual Clauses, Privacy Shield alternatives, or adequacy rulings
  • Client-controlled data residency options, especially for enterprise deployments

Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data under applicable privacy laws such as the General Data Protection Regulation (GDPR):

  • Right to Access
  • Right to Rectification
  • Right to Erasure
  • Right to Data Portability
  • Right to withdraw consent
  • Right to Object

How to Exercise Your Rights

To submit a request, please contact us at: hello@zysec.ai.

Data Retention

We retain personal and enterprise data only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

A. Retention of Personal Data

  • Account data: Retained for the duration of your account and a reasonable period thereafter to comply with legal obligations or resolve disputes.
  • Communication records: Emails, support tickets, and form submissions may be stored for auditing, legal, or operational purposes.
  • Marketing data: Retained until you opt out or withdraw consent.

B. Retention of Enterprise Data

  • For clients using on-premises or private cloud deployments, enterprise data is stored and managed within client-controlled environments. We do not retain such data unless explicitly authorized via a services agreement.
  • For cloud-hosted solutions (if applicable), enterprise data is retained in accordance with the data processing agreement (DPA) or master services agreement (MSA) with the client.

C. Deletion and Anonymization

Upon request or at the end of the retention period:

  • Data may be securely deleted or anonymized to prevent identification.
  • Backups containing personal data will be purged according to our backup retention policy.

Children's Privacy

Our services are not directed to, and we do not knowingly collect or solicit personal data from, individuals under the age of 18.

  • We do not knowingly collect, use, or disclose personal information from children under the applicable age threshold.
  • If we become aware that we have inadvertently collected personal data from a child without the appropriate consent, we will take reasonable steps to delete such data as soon as possible.

Policy Updates

We reserve the right to modify, update, or amend this Privacy Policy at any time to reflect changes in our business practices, legal obligations, or service offerings. All changes will be effective immediately upon posting unless otherwise required by applicable law.

Notification of Changes

We will notify users of material changes through appropriate channels, such as:

  • Email notification (if you have provided an email address),
  • A prominent notice on our website or application,
  • Or other legally required methods.

Your continued use of our services after such updates constitutes your acceptance of the revised Privacy Policy.

B. No Warranties or Representations

While we make reasonable efforts to ensure the accuracy and security of our services and communications, we do not warrant that the platform will be error-free, uninterrupted, or immune to security breaches. Use of the service is at your own risk.

  • We provide the services and content "as is" and "as available", without warranties of any kind, express or implied.
  • We are not liable for the content, privacy practices, or operations of third-party websites or services that may be linked from our platform.

C. Use of the Platform as Consent

By accessing or using our services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy, including any updates as posted.

Contact & Governance

We maintain active governance via our CISO and dedicated Privacy & Security team, including:

  • Regular audits and staff training
  • Defined data breach response plans
  • Ongoing risk assessments and policy review
  • Data Protection Officer (or regional equivalent) oversight

For any queries, complaints, or exercise of rights, contact us:

ZySec AI

Email: hello@zysec.ai

Website: https://zysec.ai

Last Updated: 6/25/2025