Last updated: 9 June 2025
Effective date: 9 June 2025

1. Scope

This Privacy Policy explains how GZOO Media LLC (“GZOO,” “we,” “our”) collects, uses, discloses, and safeguards information when you visit gzoo.net or use any of our software-as-a-service products, mobile apps, integrations, or related services (collectively, the “Service”).

2. Information We Collect

Category Examples Source
| Account Data  | Name, email, company, telephone, billing address, login credentials  | You
| Transactional Data  | Subscription tiers, payment tokens, support interactions  | You; payment processor
| Usage Data  | IP address, browser type, device IDs, pages viewed, actions taken, error logs  | Automatic
| Cookies & Similar Tech  | Session cookies, preference cookies, marketing pixels, analytics tags  | Automatic
| AI Prompt & Output Data  | Text, files, or instructions you submit to AI features, and resulting model outputs  | You
| Third-Party Integrations  | CRM records, contact lists, or other data you connect via our API  | Third parties (with your permission)

Sensitive Data: We do not intend to collect protected health information, children’s data, or other special-category data. Do not upload such data unless we have a separate written agreement authorizing it.

3. How We Use Information

We process information to:

1. Provide, maintain, and improve the Service;
2. Authenticate you and secure accounts;
3. Process payments, invoices, and renewals;
4. Monitor performance, detect fraud, and troubleshoot errors;
5. Send transactional notices (e.g., password resets, billing reminders);
6. Respond to support tickets and customer requests;
7. Deliver marketing communications (with opt-out);
8. Train, validate, and monitor AI models only on anonymized or aggregated data unless you explicitly opt in;
9. Comply with legal obligations and enforce our Terms of Service.

Legal Bases (GDPR / UK GDPR)

We rely on: Contract necessity, Legitimate interests (e.g., security, product improvement), Consent (for non-essential cookies/marketing), and Legal obligation where applicable.

4. Sharing & Disclosure

We never sell personal data. We may share it only with:

Recipient Purpose Safeguards
| Cloud hosting & infrastructure providers  | Operate core platform  | Data processing agreements (DPAs)
| Payment processors  | Handle subscription billing  | PCI-DSS compliant; tokenized payments
| AI model vendors  | Provide optional AI features  | Encrypted in transit; no training on your raw data without opt-in
| Authorized integrators  | Connect to services you choose (e.g., Slack, HubSpot)  | OAuth / API keys
| Professional advisers & authorities  | Legal, accounting, audits, law-enforcement requests  | Minimum necessary disclosure
| Corporate transactions  | Merger, acquisition, asset sale  | Notice and choice provided

5. Cookies, Analytics & Tracking

We use first- and third-party cookies for essential functionality, analytics (e.g., Plausible, Google Analytics 4), and marketing. You can disable non-essential cookies via our Cookie Preferences banner or your browser settings. See our dedicated [Cookie Notice] for details.

6. AI & Machine Learning Specifics

• Prompt Handling. Prompts and files you submit to AI endpoints may be forwarded to vetted third-party LLM providers under strict DPAs.
• Model Training. Unless you opt in via Account > Privacy Settings, your identifiable data is excluded from model fine-tuning; we rely on anonymized or synthetic data sets.
• Human Review. Limited, access-controlled human review may occur to resolve abuse reports or improve safety filters. Reviewers are bound by confidentiality obligations.

7. Marketing Communications

We may email existing customers about product updates or promotions under legitimate interest. You can opt out at any time via the Unsubscribe link or account settings. Prospective marketing email is sent only with opt-in consent.

8. Your Rights & Choices

Region Rights
| EU/EEA & UK  | Access, rectification, erasure, restriction, portability, objection, and automated-decision review
| California (CCPA/CPRA)  | Know, delete, correct, opt out of “sharing” for cross-context ads; no discrimination
| Other Jurisdictions  | Similar rights provided where required by local law

To exercise rights, email privacy@gzoo.net or submit a request through Account > Privacy Settings. We will verify identity before responding.

9. Data Security

We follow industry-standard safeguards: encryption in transit and at rest, network segregation, MFA on admin access, regular penetration tests, and least-privilege access controls. No system is 100 % secure; you play a role by using strong passwords and keeping credentials confidential.

10. Data Retention

We keep personal data only as long as needed for the purposes stated, plus any legally required retention period (e.g., tax, accounting). Backups are purged on a rolling 30-day schedule. AI prompt logs are retained 90 days unless you request earlier deletion.

11. International Transfers

We store data on servers in [United States / AWS us-west-2]. If you are outside the U.S., your data may be transferred and processed there. We rely on Standard Contractual Clauses or other legal mechanisms for cross-border transfers.

12. Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect data from minors. If you believe a child has provided us personal data, contact us and we will delete it.

13. Changes to This Policy

We will update this Privacy Policy when necessary. If changes are material, we’ll provide 30 days’ notice via email or in-app message. The “Last updated” date reflects the latest revision.

14. Contact Us

Data Controller: GZOO Media LLC
Lompoc, CA 93436, USA
Email: privacy@gzoo.net