ZenAI

Effective date: January 15, 2026

Privacy Policy

This Privacy Policy explains how ZenAI collects, uses, and safeguards the personal data processed through our SaaS platform, APIs, dashboard, and related services.

1. Data We Collect

  • Account data: name, email, organization, billing details required to provision subscriptions.
  • Catalog data: product descriptions, images, inventory counts, and pricing supplied via CSV import or API.
  • Usage signals: clickstream, recommendation performance metrics, and device metadata captured for analytics and fraud prevention.
  • Support interactions: tickets, chat transcripts, and feedback sent to ZenAI.

2. How We Use Data

We process collected data to:

  • Authenticate users and manage access to the dashboard and APIs.
  • Generate and improve product recommendation models, search relevance, and reporting.
  • Provide customer success, technical support, and billing operations.
  • Detect abuse, secure the platform, and comply with legal obligations.

3. Sharing & Disclosure

ZenAI never sells customer data. We disclose limited information to vetted sub-processors (e.g., cloud hosting, logging, email delivery) under contracts that mirror this policy and applicable DPAs. We may also share data when required by law or to protect the rights, property, or safety of ZenAI, our customers, or the public.

4. Security

We enforce TLS encryption, network segmentation, MFA for internal tools, and continuous monitoring. Access to production data is strictly role-based and audited. Security incidents are disclosed to affected controllers without undue delay.

5. Retention

Account and billing data are retained for the duration of the contract and as required for tax/accounting obligations. Catalog uploads, derived embeddings, and analytics are deleted within 30 days of account closure unless otherwise requested through the dashboard or via a written instruction.

6. International Transfers

Where personal data crosses borders, we rely on Standard Contractual Clauses and regional hosting controls.

7. Your Rights

Controllers can exercise GDPR/CCPA-style rights (access, correction, deletion, restriction, portability, objection) by using the account tools or contacting us. We respond to verified requests within 30 days.

8. Contact & Updates

Questions about this Privacy Policy or our data practices should be directed to office@zenaisoftware.com. We will post updates on this page and notify account owners when material changes occur.