Privacy Policy
Your privacy is fundamental to our mission of transforming customer engagement through AI. This comprehensive policy explains how we collect, use, protect, and respect your personal information in accordance with global privacy regulations including GDPR, CCPA, and other applicable laws.
Privacy Policy Overview
Zuqo Corporation ("Zuqo," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency about how we handle your personal information. This Privacy Policy applies to all users of our AI-native customer engagement platform, website visitors, and anyone who interacts with our services.
As a provider of enterprise AI solutions, we understand the critical importance of data protection and privacy. We have designed our platform with privacy by design principles, ensuring that privacy considerations are integrated into every aspect of our technology and business processes.
This policy covers our practices as both a data controller (for our own business operations) and as a data processor (when processing data on behalf of our enterprise customers). We are committed to transparency, accountability, and giving you control over your personal information.
Information We Collect
We collect and process personal data only as necessary to provide our services, improve your experience, and fulfill our legal obligations. Here's what we collect and why.
Personal Information
Information that identifies you personally when using our services
Examples: Name, email address, phone number, job title, company name, business address, account credentials, billing information, communication preferences
Legal Basis: Contract performance and legitimate business interests
Retention: 7 years after account closure or as required by law
Purpose: Service delivery, customer support, and account management
Usage and Analytics Data
Information about how you interact with our platform and services
Examples: Platform usage patterns, feature interactions, performance metrics, system logs, error reports, session duration, click-through rates, user journey data
Legal Basis: Legitimate business interests and service improvement
Retention: 2 years from collection date
Purpose: Service improvement, optimization, and technical support
Technical Information
Technical data collected automatically when you use our services
Examples: IP addresses, geographic location, browser type and version, operating system, device identifiers, hardware information, network details, cookies and tracking technologies
Legal Basis: Legitimate business interests and security
Retention: 1 year from collection date
Purpose: Security, fraud prevention, and technical optimization
Customer Interaction Data
Data processed on behalf of our enterprise customers
Examples: Conversation transcripts and recordings, interaction analytics, sentiment data, customer journey patterns, support ticket content, custom AI model training data
Legal Basis: Processing on behalf of data controller (customer)
Retention: As directed by customer data retention policies
Purpose: Service delivery as data processor for our customers
Your Privacy Rights
You have comprehensive rights regarding your personal data under GDPR, CCPA, and other privacy regulations. We make it easy to exercise these rights through our privacy portal and dedicated support team.
Right of Access
Request access to your personal data and information about how we process it
Response time: 30 days
• Request a copy of all personal data we hold about you
• Information about how your data is used and processed
• Details about who your data is shared with
• Information about data retention periods
Right to Rectification
Request correction of inaccurate or incomplete personal data
Response time: 30 days
• Correct any inaccurate personal information
• Complete incomplete personal data
• Update outdated information
• Verify accuracy of processed data
Right to Erasure (Right to be Forgotten)
Request deletion of your personal data under certain circumstances
Response time: 30 days
• Delete data when no longer necessary for original purpose
• Remove data when consent is withdrawn
• Erase data when processing is unlawful
• Delete data to comply with legal obligations
Right to Data Portability
Receive your personal data in a structured, machine-readable format
Response time: 30 days
• Receive data in commonly used electronic format (JSON, CSV)
• Transfer data to another service provider
• Obtain data without hindrance from Zuqo
Right to Restriction of Processing
Request limitation of how we process your personal data
Response time: 30 days
• Restrict processing while accuracy is verified
• Limit processing when unlawful but deletion not wanted
• Maintain data but restrict further processing
Right to Object
Object to processing of your personal data for certain purposes
Response time: 30 days
• Object to processing for direct marketing purposes
• Object to processing based on legitimate interests
• Object to automated decision-making and profiling
Security Measures
We implement industry-leading security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.
Data Encryption
Comprehensive encryption protecting data at rest and in transit
• AES-256 encryption for all stored data
• TLS 1.3 for all data transmission
• End-to-end encryption for sensitive communications
• Hardware security modules (HSMs) for key management
• Perfect forward secrecy for all connections
Access Controls
Strict access controls ensuring only authorized personnel can access data
• Multi-factor authentication for all accounts
• Role-based access control (RBAC) implementation
• Principle of least privilege access
• Regular access reviews and deprovisioning
• Zero-trust network architecture
Monitoring and Auditing
Continuous monitoring and comprehensive audit trails
• 24/7 security operations center (SOC) monitoring
• Comprehensive audit logging of all data access
• Real-time anomaly detection and alerting
• Regular security assessments and penetration testing
Physical Security
Physical protection of data centers and infrastructure
• Tier III+ certified data centers
• Biometric access controls and security guards
• Environmental monitoring and controls
• Redundant power and cooling systems
International Compliance
We comply with privacy regulations across all jurisdictions where we operate, ensuring your data is protected regardless of your location.
GDPR (General Data Protection Regulation)
European Union — Fully Compliant
Last Compliance Audit: November 2024
• Lawful basis for all data processing activities
• Data protection by design and by default
• Data protection impact assessments (DPIAs)
• Appointment of Data Protection Officer (DPO)
• Data breach notification within 72 hours
• International data transfer safeguards
CCPA (California Consumer Privacy Act)
United States — Fully Compliant
Last Compliance Audit: October 2024
• Consumer rights notice and disclosure
• Right to know about personal information collection
• Right to delete personal information
• Right to opt-out of sale of personal information
• Right to non-discrimination for exercising rights
PIPEDA
Canada — Compliant
Last Compliance Audit: September 2024
• Consent for collection, use, and disclosure
• Limiting collection to identified purposes
• Accuracy and safeguarding of personal information
• Individual access to personal information
California State Privacy Laws
California, United States — Fully Compliant
Last Compliance Audit: December 2024
• California Consumer Privacy Act (CCPA) compliance
• California Privacy Rights Act (CPRA) requirements
• SB-1001 privacy policy disclosure requirements
• California Online Privacy Protection Act (CalOPPA)
California Privacy Rights
Additional privacy rights for California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Right to Know
California residents have the right to know what personal information we collect, use, disclose, and sell
• Categories of personal information collected
• Sources from which personal information is collected
• Business purposes for collection
• Categories of third parties with whom we share information
Right to Delete
California residents can request deletion of personal information we have collected
• Delete personal information from our records
• Direct service providers to delete information
• Exceptions for legal compliance and legitimate business purposes
• Verification required to prevent fraudulent requests
Right to Opt-Out of Sale
We do not sell personal information to third parties for monetary or other valuable consideration. We do not sell personal information of minors under 16 years of age.
Right to Non-Discrimination
California residents cannot be discriminated against for exercising their privacy rights. No denial of goods or services, no different prices or rates, and no different level or quality of services.
California Disclosures
Required disclosures under California privacy laws regarding our data collection and sharing practices (Last 12 Months).
| Category | Collected | Sold |
|---|---|---|
| Personal Information Identifiers, contact info, commercial info, internet activity | Yes | No |
| Protected Classifications Age range, gender (optional) | Limited | No |
| Biometric Information Voice patterns for authentication | Yes (Voice) | No |
| Geolocation Data IP-based approximate location | Yes (IP-based) | No |
Cookies & Tracking Technologies
We use cookies and similar technologies to enhance your experience, analyze usage patterns, and provide personalized content. You have control over these technologies.
Strictly Necessary Cookies
Essential for website functionality and security — Cannot be disabled
Retention: Session or up to 1 year
Examples: Authentication tokens, session management, security features, load balancing
Performance Cookies
Help us understand how visitors interact with our website — Can be disabled
Retention: Up to 2 years
Examples: Page views, time on site, bounce rate, error tracking
Functional Cookies
Enable enhanced functionality and personalization — Can be disabled
Retention: Up to 1 year
Examples: Language preferences, region settings, accessibility options, UI preferences
Marketing Cookies
Track visitors across websites for marketing purposes — Can be disabled
Retention: Up to 1 year
Examples: Ad targeting, campaign tracking, social media integration, marketing analytics
Third-Party Services
We work with trusted third-party service providers to deliver our services. Here's information about these partnerships and how they handle your data.
Google Analytics
Website analytics and performance monitoring
Data Shared: Usage patterns, page views, user demographics
Salesforce
Customer relationship management and support
Data Shared: Contact information, interaction history, support tickets
AWS (Amazon Web Services)
Cloud infrastructure and data hosting
Data Shared: All platform data as infrastructure provider
Stripe
Payment processing for enterprise subscriptions
Data Shared: Payment information, billing details, transaction data
Data Breach Notification
In the unlikely event of a data breach that affects your personal information, we are committed to transparent and timely communication. Our data breach response procedures include:
Immediate Response (0-24 hours)
Incident containment and assessment, internal incident response team activation, preliminary impact assessment, law enforcement notification if required.
Communication (24-72 hours)
Regulatory authority notification (within 72 hours), affected individual notification (without undue delay), customer and partner communication, public disclosure if legally required.
We maintain comprehensive incident response procedures and regularly test our breach response capabilities. Our goal is to minimize any potential impact and keep you fully informed throughout the process.
Privacy Contact Information
If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a privacy concern, please contact us using the information below.
Data Protection Officer
dpo@zuqo.ai — For GDPR and privacy matters
Privacy Team
privacy@zuqo.ai — For general privacy inquiries
Phone Support
+1 (818) 852-2669 — Business hours: 9 AM - 6 PM PST
Mailing Address
Zuqo Corporation
Attn: Privacy Officer
103 N Whitnall Hwy
Burbank, CA 91505