Privacy Policy.

Last updated: May 7, 2026

1. Who we are

ZUUZ, Inc. ("ZUUZ", "we", "us", or "our") is a Texas C-Corporation operating the ZUUZ platform — an agentic AI decision layer above customer relationship management (CRM) systems. This Privacy Policy describes how ZUUZ collects, uses, shares, and protects information when customers and end users interact with our website, products, and services.

2. What data we collect

We collect three categories of information:

• Account data: name, work email, company, role, billing details, and authentication tokens you provide when creating or using a ZUUZ account.
• Usage data: pages visited, features used, audit logs, IP address, device and browser metadata, and cookies for session management and analytics.
• Content data (processed by AI): with your authorization, ZUUZ reads email metadata and message content, CRM records and pipeline data, calendar metadata, and document content (RFPs, contracts, proposals, MSAs) connected through your integrations. ZUUZ uses this content to surface signals, draft replies, and write updates back to your CRM.

We do not collect special category data (biometric, health, financial account numbers) intentionally. If such data appears in connected content, ZUUZ does not target it for processing.

3. How we use data

We use customer data to:

• Provide and operate the ZUUZ service — read signals, draft outputs, and synchronize records back to your CRM.
• Improve our AI models only with explicit, written opt-in from your organization's authorized administrator. Default is no training on customer data.
• Detect, prevent, and respond to security incidents, fraud, and abuse.
• Communicate with you about your account, service updates, and security advisories.
• Comply with applicable legal obligations.

4. Sharing and subprocessors

We do not sell customer data. We share data only with the following categories of subprocessors, each bound by a written data processing agreement:

• Cloud infrastructure: Amazon Web Services (AWS) for hosting, storage, and compute.
• AI inference: OpenAI and Anthropic for model inference. Customer content sent to inference providers is governed by zero-retention or short-retention enterprise agreements.
• Operational vendors: billing, support ticketing, analytics, and email delivery (placeholder list — full subprocessor schedule available on request).

We never sell customer data, and we do not share customer content with advertisers or data brokers under any circumstances.

5. Retention

We retain customer content data for the duration of your subscription. Upon account termination, we delete customer content within 30 days, except where retention is required by law. Audit logs are retained for 12 months for security and compliance purposes. Customers may request earlier deletion of specific records by contacting privacy@zuuz.ai.

6. Your rights

Subject to applicable law, you have the right to access, correct, port, or delete personal data we hold about you. You may also object to or restrict certain processing. To exercise these rights, contact privacy@zuuz.ai. We will respond within 30 days. If you are an end user (e.g. a sales rep at a ZUUZ customer), please contact your organization's administrator first, as they control the configuration of ZUUZ within your environment.

7. Security

ZUUZ is designed with enterprise-grade security from day one — tenant isolation at the infrastructure level, encryption at rest (AES-256) and in transit (TLS 1.2+), permission-aware access mirroring your connected systems, human approval gates on all customer-facing AI outputs, and audit trail on every action. SOC 2 Type II certification is in active progress, and ISO 27001 readiness is on the roadmap. Customers can request our current security documentation at security@zuuz.ai.

8. International data transfers

ZUUZ is headquartered in the United States and processes data primarily in US-based AWS regions. If you are accessing ZUUZ from outside the US, your data will be transferred to and processed in the US under standard contractual clauses or equivalent safeguards, as required by applicable data protection law (GDPR, UK GDPR, etc.).

9. Updates to this policy

We may update this Privacy Policy as our service, regulatory environment, or business practices change. Material changes will be communicated to current customers by email at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

For privacy questions or to exercise your rights:

Email: privacy@zuuz.ai (data subject requests) · legal@zuuz.ai (general legal)

Mailing address: ZUUZ, Inc., Austin, Texas, USA (suite address available on request)