ZiLync Privacy Policy

Welcome to ZiLync's Privacy Policy. At ZiLync ("Zync", "we", "our", or "us"), we are committed to protecting your privacy and handling your business information with transparency and care. This Privacy Policy explains in detail how we collect, use, disclose, and safeguard your business information when you interact with our services, including our websites (zynctek.com and associated subdomains), mobile applications, communication platforms, and any related services that reference this Privacy Policy (collectively, the "Services").

This document describes our practices regarding:
- The types of information we collect
- How we use and process your information
- With whom we may share your information
- Your rights and choices regarding your information
- How we protect and retain your information
- International data transfers
- How we handle policy changes

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services. We may modify this Privacy Policy from time to time as described in Section ("Changes to This Policy").

This Privacy Policy applies to all business customers, partners, and professional users who interact with ZiLync's Services. It governs the collection and use of information in the context of:
- Account registration and management
- Service provisioning and support
- Business communications and transactions
- Marketing and business development activities

This policy does not apply to:
- Personal information collected from ZiLync employees or job applicants, which is governed by separate policies
- Customer data that we process on behalf of our clients under data processing agreements (DPAs)
- Information collected through third-party services that may be linked to from our Services but are not operated by us

For clarity, when we act as a data processor for our clients (such as when providing our software services to enterprise customers), the processing of personal data is governed by our Data Processing Addendum (DPA) rather than this Privacy Policy.

We collect various types of personal information to provide and improve our Services. The specific data we collect depends on your interactions with us, but generally falls into these categories:

A. Information You Provide Directly:
- Contact Information: Full name, email address, phone number, company name, job title, and physical business address
- Account Credentials: Username, password, security questions
- Professional Details: Industry, company size, job function
- Payment Information: Billing address, payment method details (processed by our payment processors)
- Communications: Support tickets, chat transcripts, survey responses, feedback
- Marketing Preferences: Subscription choices, communication preferences

B. Information Collected Automatically:
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages visited, features used, time spent, clickstream data
- Location Data: Approximate location derived from IP address (more precise location only with consent)
- Cookies and Tracking Technologies: As described in our Cookie Policy

C. Information from Third Parties:
- Business partners and affiliates
- Publicly available business databases
- Social media platforms (when you connect your accounts)
- Service providers who assist with identity verification or fraud prevention

We do not intentionally collect sensitive personal data (such as racial/ethnic origin, political opinions, religious beliefs, health data, etc.) unless required by law or voluntarily provided by you in connection with support requests.

We use your personal information for legitimate business purposes, including:

A. Service Delivery and Business Operations:
- To create and manage your account
- To provide, maintain, and improve our Services
- To process transactions and send related information
- To deliver customer support and respond to inquiries
- To authenticate users and prevent unauthorized access
- To monitor and analyze usage trends and preferences

B. Business Communications:
- To send administrative messages (service announcements, policy updates)
- To deliver requested product information and documentation
- To respond to your comments, questions, and requests
- To conduct surveys and gather feedback

C. Marketing and Business Development (with consent where required):
- To send promotional communications about products and services
- To personalize content and recommendations
- To administer contests, events, or webinars
- To develop new products and service offerings

D. Legal and Security Purposes:
- To comply with legal obligations and regulatory requirements
- To protect the rights, property, or safety of ZiLync, our users, or others
- To investigate and prevent fraud, security breaches, or other prohibited activities
- To enforce our terms of service and other agreements

We process your personal information based on:
- The necessity to perform our contract with you
- Your consent (for certain marketing activities)
- Our legitimate business interests (when balanced with your rights)
- Compliance with legal obligations

We may disclose your information in the following circumstances:

A. Service Providers:
We engage carefully selected third-party companies and individuals to facilitate our Services ("Service Providers"), including:
- Cloud hosting providers ( AWS, Google Cloud, Render, Cloudflare )
- Payment processors (Stripe, Razorpay)
- Marketing and analytics tools (Google Analytics)
- Communication services (SendGrid, Twilio)

These Service Providers have access to your information only to perform specific tasks on our behalf and are contractually obligated to protect your data.

B. Business Transfers:
If ZiLync is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, subject to confidentiality agreements.

C. Legal Requirements:
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

D. Business Partners:
With your consent, we may share information with trusted business partners for joint marketing efforts or integrated service offerings.

E. Affiliates:
We may share information with our corporate affiliates for consistent service delivery across our business units.

F. Advertising Partners:
If you opt-in to targeted advertising, we may share limited information with advertising platforms to deliver relevant ads.

We do not sell your business information to third parties for their independent marketing purposes without your explicit consent.

We retain your business information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our data retention framework follows these principles:

A. General Retention Criteria:
- Maximum retention period for all business data: 5 years
- All deleted data undergoes a 30-day soft deletion period before permanent destruction
- Retention extensions beyond 5 years require explicit consent and additional payment for enterprise clients

B. Retention Considerations:
We determine specific retention periods based on:
- The nature and sensitivity of the business data
- The original purposes for processing
- Legal, contractual, or regulatory requirements
- Legitimate business needs and operational requirements

C. Specific Retention Periods:
- Account Data:
* Active accounts: Retained continuously
* Terminated accounts: 6 months after termination
- Transaction Records:
* Standard: 7 years for tax/financial compliance
* Extended retention: Available with paid subscription
- Marketing Data:
* Active subscribers: Until unsubscription
* Inactive subscribers: 2 years after last engagement (auto-purged)
- Support Communications:
* Standard: 5 years from issue resolution
* Extended cases: Up to 7 years with premium support plans
- Website Analytics:
* Standard: 26 months from last visit
* Extended: Configurable up to 5 years for enterprise clients

D. Data Disposition Process:
1. Soft Deletion Phase (30 days):
- Data marked as deleted but recoverable
- No longer visible in active systems
- Only accessible by privileged administrators
2. Permanent Destruction:
- Automated secure erasure after 30 days
- Cryptographic shredding of digital records
- Physical media destruction for any backups

E. Extended Retention Options:
For business-critical data requiring retention beyond 5 years:
- Available through our Data Preservation Service
- Requires annual subscription payment
- Includes enhanced security and access controls
- Subject to separate Data Retention Addendum

You may request early deletion of your data as described in Section 8 ("Your Choices"), though certain data may be retained where required by law or for legitimate business purposes during dispute resolution periods.

We implement comprehensive technical and organizational security measures to protect your business information from unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Safeguards:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Regular security audits and vulnerability testing
- Network protection systems (firewalls, intrusion detection)
- Multi-factor authentication for administrative access
- Regular data backups with disaster recovery procedures

Organizational Measures:
- Strict access controls and role-based permissions
- Employee security training and confidentiality agreements
- Vendor security assessments and contractual obligations
- Incident response and breach notification procedures

While we strive to protect your business information, no security system is impenetrable. We cannot guarantee absolute security of information transmitted to us, and you provide your personal information at your own risk. In the event of a data breach that affects your information, we will notify you and relevant authorities as required by applicable law.

You can help maintain security by:
- Using strong, unique passwords for your account
- Keeping your login credentials confidential
- Logging out after using shared devices
- Promptly reporting any suspicious activity

You have several choices regarding your business information:

A. Access and Updates:
- You may review and update your account information at any time by logging into your account settings
- You can request a copy of your business data by contacting us at support@zynctek.com

B. Marketing Communications:
- You can opt-out of marketing emails by clicking the "unsubscribe" link in any marketing email
- You can adjust your communication preferences in your account settings
- Even if you opt-out, we may still send you service-related communications

C. Cookies and Tracking:
- You can manage cookie preferences through your browser settings
- Our Cookie Policy provides details on opting out of specific tracking technologies

D. Data Deletion and Restriction:
- You may request deletion of your business data, subject to legal retention requirements
- You can request restriction of processing in certain circumstances
- To make these requests, please contact us at support@zynctek.com

E. Account Termination:
- You may deactivate your account through your account settings
- Note that some information may persist in backup systems for a limited time

We will respond to all legitimate requests within 30 days, though it may take longer for complex requests. We may need to verify your identity before processing certain requests.

As a global company, ZiLync may transfer, store, and process your business information in countries other than your country of residence, including the United States and other locations where our Service Providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer business data outside the European Economic Area (EEA), United Kingdom, or Switzerland, we implement appropriate safeguards as required by applicable law, which may include:

- Standard Contractual Clauses approved by the European Commission
- Binding Corporate Rules for intra-group transfers
- Other legally recognized mechanisms for international data transfers

For transfers to the United States, we rely on the EU-U.S. Data Privacy Framework (DPF) where applicable, as ZiLync complies with the DPF Principles regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and Switzerland to the United States.

By using our Services, you consent to:
1. The transfer of your information to countries outside your country of residence
2. The application of the laws of those countries to the information collected

You may request more information about the specific mechanisms we use for international data transfers by contacting us at privacy@zynctek.com.

We may update this Privacy Policy from time to time to reflect:
- Changes in our data practices
- New legal or regulatory requirements
- Improvements in our privacy protections
- Feedback from customers or regulators

When we make material changes, we will:
1. Post the updated policy on our website with a clear "Last Updated" date
2. Provide notice through our Services or by email (for significant changes)
3. Obtain your consent where required by law

The "Effective Date" at the top of this policy indicates when it was last revised. We encourage you to periodically review this page for the latest information about our privacy practices.

Your continued use of our Services after any modification to this Privacy Policy will constitute your:
- Acknowledgement of the modified policy
- Agreement to abide and be bound by the updated terms

If you object to any changes, you must immediately stop using our Services and may request deletion of your account and personal data as described in Section 8 ("Your Choices").

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact at:

Email: support@zynctek.com

We take all privacy concerns seriously and will respond to your inquiry within 30 days. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact your local data protection authority.