Privacy Policy

Zendora ("Zendora", "we", "us", or "our") provides an AI-powered sales development platform that helps customers research prospects, generate outreach, and manage campaigns (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have under applicable law, including the EU/UK General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA"), and other US state privacy laws (collectively, "US State Privacy Laws").

This Policy applies to our marketing website, in-product experience, and related services. It does not apply to third-party websites or services.

For personal data about visitors and account holders, Zendora acts as the data controller. For personal data that customers upload, import, or otherwise process through the Service about their own prospects and recipients ("Customer Data"), Zendora acts as a processor / service provider on behalf of the customer, who is the controller.

Privacy inquiries: info@zendora.ai.

We collect the following categories of personal data:

• Account data: name, work email, password hash, organization, authentication identifiers (including data from sign-in providers such as Google).
• Usage data: pages visited, features used, log files, device and browser information, IP address, and approximate location derived from IP.
• Connected mailbox data: with your permission, message headers, metadata, and content needed to send and track outbound campaigns and to detect replies.
• Customer Data: prospect names, business email addresses, company information, enrichment data, notes, and email content you generate or import.
• Billing data (if applicable): name, billing address, and limited payment metadata; full payment details are handled by our payment processor.
• Communications: support requests and correspondence with us.

• Provide, secure, and operate the Service — performance of a contract.
• Authenticate users, prevent fraud and abuse, and maintain logs — legitimate interests and legal obligations.
• Generate AI-assisted research, drafts, and suggestions at your request — performance of a contract.
• Send service announcements and security notices — legitimate interests or legal obligations.
• Send marketing communications, where permitted — consent or legitimate interests, with an easy opt-out in every message.
• Analytics and product improvement — consent for non-essential cookies and similar technologies; otherwise legitimate interests using aggregated data.

The Service uses artificial intelligence, including large language models provided by third parties such as Google and OpenAI, to generate research summaries, drafted emails, reply suggestions, and other content from inputs you or your team supply.

• Inputs and outputs are processed solely to deliver the requested feature and are not used by Zendora to train foundation models. We contractually require our AI sub-processors not to use Customer Data to train their general-purpose models.
• AI outputs may be inaccurate or incomplete. You remain responsible for reviewing AI output before sending it to a recipient and for ensuring your use complies with applicable law, including anti-spam laws (e.g., CAN-SPAM, CASL) and the EU AI Act.
• We do not use the Service to make decisions that produce legal or similarly significant effects about a data subject solely by automated means without human review. Customers must not configure the Service to do so.
• You can request information about the logic involved in AI features that materially affect you by contacting us at info@zendora.ai.

We use strictly necessary cookies to operate the Service and, with your consent, analytics and marketing cookies. See our Cookie Policy for details and to change your preferences at any time.

We share personal data with:

• Sub-processors that host or power the Service, including cloud infrastructure, database and authentication providers (Supabase), AI model providers (Google, OpenAI), email delivery providers, and analytics providers.
• Professional advisors (lawyers, auditors) under confidentiality.
• Authorities when required by law, legal process, or to protect rights, safety, or property.
• In a corporate transaction such as a merger, acquisition, or asset sale, subject to this Policy.

We do not sell personal data, and we do not "share" personal data for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.

We are based in the United States and our sub-processors may operate globally. When we transfer personal data from the EEA, UK, or Switzerland to a country that is not deemed adequate, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum) and apply supplementary measures where appropriate.

We keep account and Customer Data for as long as your account is active and as needed to provide the Service. After termination, we delete or anonymize data within a reasonable period unless we are required to retain it (e.g., for tax, accounting, or legal compliance). Backups are purged on a rolling schedule.

We use encryption in transit, encryption at rest for stored data, least-privilege access, audit logging, and regular reviews. No system is perfectly secure, and you are responsible for safeguarding your account credentials.

Subject to GDPR, you may:

• access, rectify, or erase your personal data;
• restrict or object to processing;
• request data portability;
• withdraw consent at any time (without affecting prior lawful processing);
• lodge a complaint with your local data protection authority.

To exercise these rights, contact info@zendora.ai. If your data is Customer Data, please contact the customer who controls it; we will assist them in responding.

Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, and other states with comprehensive privacy laws have the right to know, access, correct, delete, obtain a portable copy of, and opt out of certain processing of their personal data, including profiling that produces legal or similarly significant effects. We honor Global Privacy Control (GPC) signals as an opt-out of targeted advertising where applicable.

We do not sell personal information and do not share it for cross-context behavioral advertising. We do not knowingly process the personal information of consumers under 16 for sale or sharing.

Submit requests to info@zendora.ai. You may designate an authorized agent. We will verify your request using the information associated with your account and respond within the timeframes required by law. You may appeal a denied request by replying to our response email.

The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal data from children.

We may update this Policy from time to time. We will post the new version with an updated date and, for material changes, provide additional notice (e.g., email or in-product).

Zendora — info@zendora.ai.