Zyberon

Privacy Policy

How we protect and handle your data

Effective Date: July 30, 2025

Last Updated: July 30, 2025

1. Introduction

Welcome to Zyberon. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how Zyberon ("we," "us," or "our"), a company registered in The Netherlands under Chamber of Commerce (KVK) number 86382470, with its registered address at Tolhekstraat 40, 8043VT Zwolle, The Netherlands, collects, uses, shares, and protects information in a multi-tenant environment when you use our AI-powered e-commerce automation platform, including all associated features, tools, and services (collectively, the "Service").

By accessing or using our Service, you agree to the collection and use of information in accordance with this policy. This policy applies to all visitors, users, and others who access the Service ("Users" or "you").

2. Information We Collect

To provide our comprehensive suite of AI tools, we collect information from several sources.

A. Information You Provide Directly to Us:

  • Account Information: When you create a Zyberon account, we collect your name, email address, password, and company name.
  • Payment Information: We use a third-party payment processor (e.g., Stripe) to manage subscriptions. We do not directly store or have access to your full credit card information. We only store metadata related to your subscription, such as the plan type and billing cycle.
  • API Credentials and Authorizations: To power our Service, you must connect your third-party accounts. When you do so, we securely store encrypted API keys, access tokens, or OAuth authorizations for platforms including, but not limited to:
    • Shopify
    • Meta (Facebook & Instagram)
    • Google (for Ads and Analytics)
    • TikTok
    • Email providers (via IMAP/SMTP)
    • Slack
    • Twilio
  • Configuration and Input Data: We collect the data you provide to configure and use our features, such as:
    • Product URLs for the Page Builder, Ad Maker, or Researcher.
    • Keywords for market research.
    • Custom prompts for AI content or image generation.
    • Business rules and thresholds (e.g., for the Profit Calculator and Product Validator).
    • Brand assets, such as logos or reference images.

B. Information We Collect Automatically:

  • Usage Data: We log your interactions with our Service, such as features accessed, workflows executed, number of AI generations, and other performance metrics. This data is used for billing, service improvement, and analytics.
  • Log and Device Data: We automatically collect standard server log information, including your IP address, browser type, operating system, access times, and referring website addresses.

C. Information We Process on Your Behalf from Third-Party Services:

When you connect your third-party accounts, you authorize us to access and process data from those services on your behalf. This is essential for the Service to function. This data includes, but is not limited to:

  • From Shopify: Your product catalog, inventory levels, order details, refund information, and customer data (names, email addresses, shipping addresses).
  • From Meta, Google, TikTok: Advertising campaign data, ad spend, performance metrics (clicks, impressions, conversions), and ad creative information.
  • From Email Providers: The content of incoming support emails, including sender information and message body, to power the AI Support Agent.
  • From Review Platforms (e.g., Trustpilot): Customer reviews, ratings, and reviewer names.

3. How We Use Your Information

We use the collected information for the following legitimate business purposes:

  • To Provide and Maintain the Service: To operate our features, such as processing support tickets, generating ad campaigns, calculating profits, and tracking competitor sales.
  • To Process AI Generations: To pass your inputs and relevant contextual data (like product descriptions or customer questions) to our third-party AI model providers (e.g., OpenAI, Kling) to generate the content you request.
  • To Manage Your Account: To handle your subscription, process payments, and send transactional communications (e.g., invoices, password resets, service alerts).
  • For Analytics and Improvement: To understand how our Service is used, identify trends, and develop new features. Usage data is aggregated and anonymized wherever possible for these purposes.
  • For Security and Fraud Prevention: To protect the integrity of our platform, detect and prevent fraudulent or unauthorized activity, and enforce our Terms of Service.
  • To Comply with Legal Obligations: To cooperate with law enforcement and regulatory inquiries, as required by law.

4. AI Data Processing and Your Responsibility

Your data is used to power our AI features. It is crucial you understand the following:

  • Data Sent to AI Partners: To generate content, we send relevant data to our AI partners (e.g., OpenAI). This may include product information, customer inquiries, or your custom prompts.
  • Data for AI Model Training: We have configured our integrations with our primary AI partners, where such options are available, to request that your data is NOT used for training their general AI models. We are subject to the privacy policies and technical capabilities of these third-party providers.
  • User Responsibility for Output: As outlined in our Terms of Service, you are solely responsible for the review, accuracy, and ethical implications of all content generated by the AI. We provide the tool; you are the final publisher.

5. How We Share and Disclose Information

We do not sell your personal information or the data of your customers. We limit the sharing of your information to the following circumstances:

  • With Service Providers: We share information with trusted third-party vendors who perform services on our behalf. These include:
    • Cloud Infrastructure: Supabase (for database hosting and storage).
    • AI Model Providers: OpenAI and other partners for content generation.
    • Payment Processors: Stripe (for handling subscriptions).
    • Analytics Providers: For analyzing service usage.
  • For Legal Compliance and Protection: We may disclose information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, or prevent fraud.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

6. Data Security

We implement robust technical and organizational measures designed to protect your information against unauthorized access, use, alteration, or destruction. These measures include:

  • Row-Level Security (RLS): Your data is strictly segregated from all other tenants at the database level. Our system is architected to make it impossible for one user to access another user's data.
  • Encryption: All sensitive data, such as API credentials, is encrypted at rest using industry-standard AES-256 encryption. All data is encrypted in transit using TLS/SSL.
  • Access Controls: We enforce strict internal access controls, ensuring that only authorized personnel with a legitimate business need can access user data.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We may also retain your information for a reasonable period thereafter to comply with our legal obligations, resolve disputes, and enforce our agreements. You can request the deletion of your account and all associated data by contacting us.

8. Your Data Protection Rights (GDPR & CCPA)

Depending on your jurisdiction, you have certain rights regarding your personal data. These may include:

  • The Right to Access: You can request copies of your personal data.
  • The Right to Rectification: You can request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The Right to Erasure (Right to be Forgotten): You can request that we erase your personal data, under certain conditions.
  • The Right to Restrict Processing: You can request that we restrict the processing of your data.
  • The Right to Data Portability: You can request that we transfer the data that we have collected to another organization, or directly to you.

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section.

9. International Data Transfers

Our Service is hosted globally. Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. We rely on legally-provided mechanisms to lawfully transfer data across borders, such as Standard Contractual Clauses (SCCs).

10. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and, where appropriate, by other means such as email. We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer.

Zyberon

Chamber of Commerce (KVK) number: 86382470

Address: Tolhekstraat 40, 8043VT Zwolle, The Netherlands

Email: legal@zyberon.ai