GDPR Compliance Policy

This policy describes the main GDPR principles followed by Zybots when personal data is processed through the website, the public landing pages, the application, or deployed assistant widgets.

It is intended to give customers, prospects, and end users a clear overview of what data protection commitments apply when the service is used in the European Union or the European Economic Area.

Zybots acts as a data controller for information related to its own business operations, such as account creation, billing, security, support, and direct communications with prospects or customers.

When a customer deploys an assistant on its own website and uses the platform to process visitor conversations, that customer generally remains the data controller for those interactions, while Zybots operates as a processor or sub-processor for the technical delivery of the service.

Depending on the context, Zybots may rely on contract performance, legitimate interests, consent, or legal obligations as the legal basis for processing personal data.

Legitimate interests can include keeping the service secure, preventing abuse, improving reliability, and understanding product usage in a proportionate way. Where consent is required, such as for non-essential marketing or optional tracking, users should be able to withdraw it later.

The platform may process account and workspace details, business contact information, billing details, technical identifiers, service usage signals, and conversation content submitted through assistants.

Customers should avoid uploading unnecessary sensitive data and should not use the service to process special categories of data unless they have a valid legal basis, suitable safeguards, and a documented reason for doing so.

Individuals may request access to the personal data held about them, ask for corrections, request deletion where appropriate, object to certain processing, or request restriction or portability where those rights apply under GDPR.

Requests should be sent with enough detail for verification and handling. When Zybots acts only as a processor, the request may need to be redirected to the relevant customer that controls the data collected through the deployed assistant.

Personal data is kept only for as long as it is reasonably needed to provide the service, meet contractual commitments, resolve disputes, maintain security, or satisfy legal obligations. Different categories of data may have different retention periods.

Where cross-border transfers are necessary, Zybots aims to use appropriate safeguards such as contractual protections, limited access controls, and secure infrastructure arrangements. Technical and organizational measures are used to protect data in transit and at rest, reduce unauthorized access, and support incident response.

Customers are responsible for configuring assistants in a lawful way, selecting data sources they are allowed to use, and making sure their public disclosures match how they use the service.

If a customer collects leads, support messages, or other personal data through a Zybots assistant, the customer should maintain an up-to-date privacy notice and obtain any consents required by local law.

Questions about this GDPR Compliance Policy or privacy-related requests can be sent to [email protected].

If a user believes a request has not been handled correctly, that user may also contact the relevant supervisory authority in the country where they live or work, where applicable.