Privacy Policy

This Privacy Policy explains how GLOSOFT SOLUTIONS SRL, the operator of Zybots, collects, uses, stores, shares, and protects personal data when you use the Zybots website, application, AI assistants, widgets, APIs, integrations, dashboards, documentation, and related services.

Zybots is operated by GLOSOFT SOLUTIONS SRL, Str. Turda, nr. 98, bl. 29A, sc. 2, et. 8, ap. 26, Sector 1, Bucharest, Romania. Trade Register: J2017000654526. VAT / Tax ID: RO38032549 / CUI 38032549. Website: https://www.zybots.ai. Platform: https://app.zybots.ai.

This Policy applies when you visit the Zybots website, create or use an account, access the dashboard, subscribe to a paid plan, use bots, widgets, APIs, integrations, or AI Actions, contact us, or interact with a Zybots assistant deployed by one of our customers. If you interact with a customer-deployed bot, that customer is usually responsible for explaining how they use your data.

For the purposes of the GDPR, GLOSOFT SOLUTIONS SRL may act as a data controller for its own website, account, billing, security, support, marketing, analytics, and business operations. Where Zybots processes chat, lead, knowledge base, or widget data on behalf of a customer, the customer is usually the data controller and Zybots acts as a data processor.

Zybots acts as controller when it determines why and how personal data is processed for its own purposes, including website operation, account registration, billing and invoicing, support, sales communications, fraud prevention, security monitoring, platform analytics, legal compliance, product administration, and service improvement.

Zybots usually acts as processor when customers use the platform to process data of their own visitors, users, leads, customers, or employees. In these cases, customers are responsible for having a valid legal basis, providing privacy notices, handling data subject requests, and configuring bots lawfully.

The data we collect depends on how you use Zybots. We may process account and workspace data, billing and tax data, technical and device data, usage and product data, conversation and lead data, knowledge base and training source data, support, sales, communication data, and cookies or tracking data.

We may collect personal data from you directly, your employer or organization, invited workspace members, customer websites where the Zybots widget is installed, end users who interact with customer-deployed bots, connected integrations, payment processors, analytics and security tools, public business sources, support, sales, or communication tools, API calls, and technical logs.

We process personal data only where we have a legal basis. This may include contract performance, legal obligation, legitimate interest, consent, and customer instructions where Zybots acts as processor.

We may use personal data to operate and maintain the website and platform, authenticate users, manage accounts and workspaces, process subscriptions, invoices, and payments, provide AI assistant responses, process conversations and leads, train or retrieve from customer-approved knowledge sources, operate AI Actions, APIs, integrations, and widgets, deliver analytics and reports, provide support and troubleshooting, detect abuse, enforce our Terms and policies, send service, billing, legal, and security updates, improve reliability, comply with legal obligations, and protect Zybots, customers, end users, and third parties.

Zybots uses AI systems, retrieval systems, embeddings, prompts, workflow logic, and model providers to generate answers, classify content, summarize conversations, extract leads, run AI Actions, or support similar product features. Inputs and context may be processed by third-party infrastructure or AI/model providers where necessary to deliver the service.

Unless expressly agreed otherwise, conversation data processed through Zybots should not be used to train general-purpose AI models operated by third-party model providers.

Customers are responsible for choosing lawful knowledge sources, avoiding unnecessary sensitive data, informing end users that they interact with AI where required, configuring bot instructions and fallback behavior, reviewing AI outputs where appropriate, and complying with applicable AI, consumer protection, and data protection rules.

We use cookies and similar technologies as described in our Cookie Policy. Essential cookies are used for security, login, consent management, and website functionality.

Analytics and marketing technologies may include tools such as Google Analytics, Google Tag Manager, Meta Pixel, or similar services, depending on active configuration. For users in the EU/EEA, non-essential cookies and similar technologies are used only after consent where required by law.

You can manage cookies using our Cookie Settings tool, browser settings, or device settings.

We do not sell personal data. We may share personal data with providers and parties needed to operate Zybots, including hosting and infrastructure providers, database, storage, queue, and vector search providers, payment processors and invoice providers, email, notification, and support providers, analytics and logging providers, security and abuse prevention providers, AI/model providers, integration providers selected or enabled by the customer, professional advisers, authorities where required by law, and buyers, successors, or affiliates in connection with a merger, acquisition, restructuring, or sale of business assets.

When service providers act on our behalf, we require appropriate confidentiality and data protection obligations. When customers connect third-party integrations, data may be shared according to the customer's configuration and the third party's own terms and privacy practices.

Zybots may use sub-processors such as cloud hosting providers, database and storage providers, vector search providers, AI/model providers, payment processors, email and notification providers, analytics providers, customer support tools, security monitoring tools, logging and observability tools, communication and messaging providers, and integration providers.

Some providers may process personal data outside Romania, the European Union, or the European Economic Area. Where required, international transfers rely on appropriate safeguards such as Standard Contractual Clauses, transfer impact assessments where appropriate, contractual confidentiality and security obligations, access controls, encryption, data minimization, provider due diligence, and other lawful transfer mechanisms.

Customers should review their own international transfer obligations when deploying Zybots for end-user data.

We keep personal data only for as long as needed for the purposes described in this Policy, unless a longer period is required or permitted by law. When data is no longer needed, we delete, anonymize, or securely archive it according to operational and legal requirements.

We use reasonable technical and organizational measures designed to protect personal data, including access controls, authentication controls, encryption in transit, secure infrastructure configuration, logging and monitoring, backup processes, vulnerability management, role-based internal access, staff confidentiality obligations, incident response procedures, and abuse and fraud monitoring.

No system is completely secure. Customers are responsible for securing their own accounts, passwords, API keys, integrations, team access, and deployed websites. If you believe your account or data has been compromised, contact [email protected] immediately.

If we become aware of a personal data breach affecting data for which Zybots acts as processor, we will notify the affected customer without undue delay as required by GDPR and the applicable DPA. Where Zybots acts as controller, we will assess the breach and notify the competent authority and affected individuals where required by law.

Depending on applicable law, you may have the right to access your personal data, request correction, request deletion, request restriction, object to certain processing, withdraw consent, request data portability, object to direct marketing, and lodge a complaint with a supervisory authority.

You can exercise privacy rights by contacting [email protected] or [email protected]. If your data was processed through a bot deployed by one of our customers, we may need to refer your request to that customer because they are usually the controller of that data.

If you are in Romania or the European Union and believe your data protection rights have been violated, you may contact ANSPDCP - Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal at https://www.dataprotection.ro. You may also contact the supervisory authority in your country of residence, workplace, or where the alleged infringement occurred.

We may send product, commercial, or educational communications to users or business contacts where permitted by law. You can unsubscribe from marketing emails at any time, but we may still send non-marketing communications such as billing notices, security alerts, account messages, legal updates, and service-related notifications.

Zybots may use automated systems for product functionality, analytics, abuse prevention, lead extraction, AI responses, recommendations, and workflow automation. We do not intentionally use Zybots website or account data to make decisions that produce legal or similarly significant effects about individuals without appropriate legal basis and safeguards.

Zybots is not intended for children under 16 or under the minimum age required by applicable law. Customers must not deploy Zybots in a way that knowingly collects children's personal data without a valid legal basis, appropriate notices, parental consent where required, and suitable safeguards.

Customers who deploy Zybots widgets, bots, or integrations are responsible for informing visitors that AI-assisted chat technology is used, providing a privacy notice on their own website, explaining what data is collected and why, collecting consent for cookies or tracking where required, ensuring that knowledge sources are lawful, avoiding unnecessary sensitive data, handling end-user privacy requests, configuring retention and exports responsibly, and complying with consumer protection and AI transparency rules.

The Zybots website, dashboard, bots, or integrations may link to or interact with third-party websites, APIs, platforms, or services. We are not responsible for the privacy practices, security, content, or terms of third parties.

We may update this Privacy Policy from time to time. If changes are material, we may notify users through the website, dashboard, email, or other reasonable means. The updated Policy applies from the Last updated date shown above.

For privacy questions, requests, or complaints, contact GLOSOFT SOLUTIONS SRL at [email protected] or [email protected]. Registered office: Str. Turda, nr. 98, bl. 29A, sc. 2, et. 8, ap. 26, Sector 1, Bucharest, Romania. Trade Register: J2017000654526. VAT / Tax ID: RO38032549 / CUI 38032549. Website: https://www.zybots.ai. Platform: https://app.zybots.ai.