Privacy Policy

1. Introduction

Welcome to ZyxAI ("we," "us," or "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI voice agent platform and services (the "Service").

This policy applies to all users of the Service, including account holders, contacts, and website visitors. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, company name, job title
• Billing Information: Payment card details, billing address (processed by Stripe)
• Contact Data: Contact information you upload or create (names, phone numbers, emails, companies)
• Call Content: Audio recordings, transcripts, and metadata from calls made through the Service
• Communications: Messages you send to us or through the Service
• Profile Information: Profile picture, bio, preferences, and settings

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, actions taken
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, error logs
• Cookies: Session tokens, preferences, analytics data
• Performance Data: Load times, errors, system performance

2.3 Information from Third Parties

• VAPI: Call metadata, recordings, transcripts
• HubSpot: CRM data, contact information, deals, pipelines
• Authentication Providers: Google, Microsoft (if you use OAuth)
• Payment Processors: Stripe payment and subscription data

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

• Create and manage your account
• Process and execute voice calls
• Store and manage contacts and campaigns
• Synchronize with CRM systems
• Provide call transcription and analytics
• Enable team collaboration features

3.2 Business Operations

• Process payments and prevent fraud
• Send transactional emails and notifications
• Provide customer support
• Monitor and improve Service performance
• Develop new features and services

3.3 Legal and Security

• Comply with legal obligations
• Enforce our Terms of Service
• Protect against fraud and abuse
• Respond to legal requests and prevent harm

3.4 Analytics and Marketing

• Analyze usage patterns and trends
• Send marketing communications (with your consent)
• Conduct surveys and research
• Personalize your experience

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on:

• Contract Performance: Processing necessary to provide the Service to you
• Legitimate Interests: Improving the Service, fraud prevention, security
• Legal Obligation: Compliance with applicable laws
• Consent: Where you have given explicit consent (e.g., marketing emails)

5. How We Share Your Information

We do not sell your personal information. We may share your information with:

5.1 Service Providers

• VAPI: For voice calling capabilities
• Supabase: For database and authentication
• Stripe: For payment processing
• HubSpot: For CRM synchronization (if you enable it)
• Vercel: For hosting and infrastructure
• Sentry: For error monitoring

5.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest
• Access Controls: Role-based access control and authentication
• Monitoring: Continuous security monitoring and logging
• Audits: Regular security audits and penetration testing
• Compliance: SOC 2, GDPR, and CCPA compliance measures

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Account Data: Retained while your account is active
• Call Recordings: Retained for 2 years or as required by law
• Billing Records: Retained for 7 years for tax purposes
• Marketing Data: Retained until you unsubscribe
• Deleted Data: Soft-deleted for 90 days, then permanently deleted

8. Your Rights and Choices

8.1 GDPR Rights (EEA Users)

If you are in the EEA, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Restrict processing of your data
• Data Portability: Receive your data in a structured format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time
• Lodge a Complaint: File a complaint with your data protection authority

8.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know: Request information about data collected, used, and shared
• Delete: Request deletion of your personal information
• Opt-Out: Opt-out of the sale of your data (we do not sell data)
• Non-Discrimination: Not be discriminated against for exercising your rights

8.3 How to Exercise Your Rights

To exercise any of these rights:

• Visit your account settings to update or delete data
• Email us at privacy@zyxai.com
• Use the data export feature in security settings

We will respond to your request within 30 days. We may require verification of your identity before processing your request.

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for Service functionality (cannot be disabled)
• Analytics Cookies: Help us understand how the Service is used
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Track effectiveness of marketing campaigns

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we use appropriate safeguards such as:

• Standard Contractual Clauses approved by the European Commission
• Privacy Shield certification (where applicable)
• Other legally approved transfer mechanisms

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact our EU representative at: [EU Representative Contact]

14. Additional Information for Specific Regions

For California Residents

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

For Nevada Residents

Nevada residents may opt-out of the sale of personal information. We do not sell personal information as defined under Nevada law.