ZoikoVertexTrust & LegalPrivacy Policy

Privacy Policy

How ZoikoVertex collects, uses, shares, and protects personal information — and your choices.

EFFECTIVE[Date — TBC by legal]
UPDATED[Date — TBC by legal]
ENTITYZoiko Tech Inc. · Zoiko Group
CONTACT[privacy@zoikovertex.com]

Pre-publication notice for legal and product review. This Privacy Policy must reflect actual implemented data practices. Legal counsel and product owners must confirm the legal entity, data flows, cookie inventory, AI model providers, subprocessors, retention schedules, international transfer terms, and U.S. state privacy disclosures before publication. Placeholder fields are marked in brackets. Do not publish until all launch blockers are resolved.

Privacy at a Glance

Plain English, first.

Six things you should know about how ZoikoVertex handles your information — before reading the full policy.

WHAT WE COLLECT

Account details, usage data, customer content, support messages, cookie data, billing information, and integration data needed to operate the service.

HOW WE USE IT

To provide and improve ZoikoVertex, manage accounts, support governed marketing workflows, communicate with you, and comply with legal obligations.

CUSTOMER CONTROL

Enterprise administrators control many workspace settings — roles, permissions, approvals, collaborators, and audit visibility within their organization.

AI-ASSISTED WORKFLOWS

ZoikoVertex supports AI-assisted marketing workflows. The policy explains what inputs are processed, whether prompts are stored, and how third-party AI providers are used.

YOUR PRIVACY RIGHTS

Depending on where you are, you may have rights to access, correct, delete, or restrict your personal information. We will explain how to exercise those rights.

ENTERPRISE CUSTOMERS

Processing of enterprise customer data is governed by the customer agreement and Data Processing Addendum — separate from this general Privacy Policy.

Section 01

Scope of This Privacy PolicyAll users

This Privacy Policy applies to personal information collected in connection with the ZoikoVertex website, platform, sales and marketing activities, support interactions, integrations, and related services operated by Zoiko Tech Inc. as part of Zoiko Group.

This policy applies to:

  • Website visitors and people who interact with ZoikoVertex.com
  • Prospective customers, demo requesters, and event contacts
  • Customer account users — Creators, Reviewers, Validators, Approvers, Publishers, Auditors, and Administrators
  • External collaborators and agency users within a customer workspace
  • Support contacts, business partners, and integration contacts
  • Job applicants, where no separate applicant privacy notice exists

This policy does not replace: the customer agreement, Data Processing Addendum, enterprise order form, or subprocessor notice. Enterprise processing is governed separately — see Section 15.

Section 02

Information We CollectData categories

We collect the information described below depending on how you interact with the website or platform. We aim to collect only what is reasonably necessary for the purposes described in this Privacy Policy.

CATEGORYEXAMPLESSOURCEPRIMARY PURPOSE
Account InformationName, email, business role, company, workspace, login credentialsUser / AdminAccount creation, access, authentication
Business ContactName, title, company, email, phone, inquiry detailsForms, salesDemos, sales, customer communication
Platform Usage DataLogins, actions, workflow events, feature usage, audit eventsPlatform activityService operation, security, auditability
Customer ContentDrafts, campaigns, brand assets, approval comments, workflow recordsCustomer usersMarketing workflow functionality
Technical DataIP address, browser, device, OS, timestamps, diagnostic logsDevice / systemsSecurity, diagnostics, fraud prevention
Cookie & Analytics DataCookie IDs, site interactions, referral pages, session dataWebsite toolsPreferences, analytics, measurement
Support CommunicationsMessages, attachments, issue descriptions, contact historyUser contactSupport and issue resolution
Billing & Commercial DataPlan, subscription details, invoice references, payment statusCustomer / processorBilling administration
Integration DataConnected platform IDs, permissions, workflow metadataCustomer integrationsPlatform workflow automation
Applicant DataResume, contact details, employment history, interview notesCandidateRecruiting and hiring evaluation

Legal review required. Counsel must determine whether ZoikoVertex intentionally processes sensitive personal information, special category data, biometric data, precise geolocation, health information, or children's data. The platform should minimize such processing unless a defined legal basis exists.

Section 03

Customer Content and Platform DataEnterprise

ZoikoVertex may process customer content and platform data when users create, review, approve, validate, schedule, publish, analyze, or audit marketing activity inside a customer workspace.

Customer content may include:

  • Marketing drafts, social media posts, and campaign materials
  • Campaign plans, creative assets, and brand guidelines
  • Approval comments, review notes, and validation decisions
  • Publishing instructions and workflow decisions
  • Performance records, analytics outputs, and reporting data
  • Evidence records, audit logs, and governance configurations
  • Workspace settings and role-permission configurations

Customer control. Customers control the content they submit to ZoikoVertex. Enterprise processing of customer content should be governed by the customer agreement and Data Processing Addendum — not this general Privacy Policy.

Section 04

AI-Assisted Workflow DataHigh scrutiny

ZoikoVertex supports AI-assisted marketing workflows. Depending on configuration and product functionality, users may provide prompts, drafts, campaign instructions, brand guidance, or workflow context to receive AI-assisted support. This section requires explicit confirmation before publication.

AI Processing Disclosure Status

All items below must be confirmed by product and legal teams before publication.

AI INPUTS PROCESSED

[Types to be confirmed — e.g., text prompts, campaign briefs, brand guidelines]

PROMPT AND OUTPUT STORAGE

[Whether stored and for how long — confirm with product]

CUSTOMER CONTENT USED FOR MODEL TRAINING

[Confirm explicitly — this is high-scrutiny for enterprise buyers]

THIRD-PARTY AI PROVIDERS

[Provider names, roles, and processing boundaries to be confirmed]

ADMIN CONTROLS FOR AI FEATURES

[What admins can enable, disable, or configure]

AUDIT VISIBILITY FOR AI ACTIONS

AI-assisted actions are traceable within the ZoikoVertex workflow record.

Do not publish broad AI privacy claims such as "AI never uses customer data" unless technically and contractually verified. The correct enterprise posture is specific, testable, and tied to product configuration, providers, retention, auditability, and customer agreements.

Section 05

How We Use InformationPurposes

ZoikoVertex uses personal information primarily to provide the platform, secure user accounts, support governed marketing workflows, communicate with customers, improve the service, and comply with legal or contractual obligations.

  • Provide, operate, maintain, secure, and improve the website and platform
  • Create and manage user accounts and customer workspaces
  • Authenticate users and protect accounts from unauthorized access
  • Enable content creation, review, approval, publishing, and audit trails
  • Provide customer support and resolve technical issues
  • Process sales inquiries, demo requests, subscriptions, and billing
  • Analyze website and product performance to improve our services
  • Detect, prevent, and investigate security incidents and policy violations
  • Enforce terms, contracts, and acceptable-use requirements
  • Comply with legal, tax, regulatory, contractual, and audit obligations
  • Manage recruiting and hiring where applicable

Section 06

Legal Bases and Business PurposesGDPR / Global

Where applicable law requires a legal basis for processing, ZoikoVertex relies on the following bases depending on the activity and jurisdiction.

PROCESSING ACTIVITYPOTENTIAL LEGAL BASIS
Account creation and platform accessContract performance; service operation
Customer supportContract performance; legitimate business interest
Security monitoringLegitimate business interest; legal obligation
Marketing communicationsConsent or legitimate business interest, depending on location
Cookies and analyticsConsent or legitimate business interest, depending on tool and jurisdiction
Billing administrationContract performance; legal obligation
Legal complianceLegal obligation
RecruitingPre-contract steps; legitimate business interest; consent where required

Section 07

Cookies, Analytics & Similar TechnologiesManage anytime

ZoikoVertex uses cookies and similar technologies on the website and platform. You can manage non-essential cookie preferences using the Cookie Preferences center.

CATEGORYPURPOSEYOUR CONTROL
Strictly NecessaryRequired for website and platform functionality, security, authentication, and session operation. Cannot be disabled without breaking core functionality.Required
PreferenceRemember your choices such as region, language, or interface settings across visits.Manageable
AnalyticsUnderstand how the site and platform are used — page views, session data, feature usage, and performance measurement.Consent / Opt-out
MarketingSupport campaign measurement, ad attribution, or relevant communication. May involve third-party ad or measurement services.Consent / Opt-out

Section 08

How We Share InformationDisclosure

We do not sell personal information to third parties. We share information only as described below and only to support the operation, improvement, and security of the platform and business.

WITH WHOMWHY & WHAT
Service providers & subprocessorsHosting, infrastructure, analytics, support, communications, payment processing, AI services, security, and operational vendors.
Customer administratorsEnterprise admins may access user activity, workflow records, roles, permissions, and workspace data within their own organization.
Zoiko Group companiesInformation may be shared within Zoiko Group where appropriate for service delivery, administration, security, support, or business operations.
Professional advisorsLawyers, accountants, auditors, insurers, and consultants engaged in connection with ZoikoVertex's operations.
Legal & safety requirementsAuthorities, courts, or regulators where required by law or necessary to protect rights, users, systems, or security.
Business transfersIn connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate protections.

U.S. state privacy review required. The verified position on sale or sharing of personal information for cross-context behavioral advertising must be confirmed by legal before publication.

Section 09

International Data TransfersCross-border

ZoikoVertex is headquartered in the United States with EU operations in the United Kingdom. Personal information may be transferred to, stored in, or processed in countries other than the country in which you reside.

  • Transfers to the United States are subject to appropriate safeguards including Standard Contractual Clauses (SCCs) where required under GDPR
  • ZoikoVertex relies on EU-approved transfer mechanisms for transfers from the European Economic Area (EEA), UK, and Switzerland
  • Enterprise customers requiring specific data residency or transfer restrictions should contact us to confirm current processing locations
  • Our subprocessors are contractually required to apply equivalent protections to any personal data they process

Section 10

Data Retention

We retain personal information for as long as necessary to provide the service, fulfill the purposes described in this policy, meet legal obligations, resolve disputes, and enforce agreements.

DATA TYPERETENTION PERIOD
Active account dataRetained for the duration of the subscription and a reasonable period after account closure
Audit logs and evidence recordsRetained per customer agreement; minimum 12 months for platform governance records
Support and communication recordsTypically 3 years from last interaction, or as required by applicable law
Billing and transaction records7 years or as required by applicable tax and financial law
Marketing and cookie dataAs set by consent or the relevant cookie lifespan, typically up to 24 months
Recruiting and candidate dataUp to 12 months from last interaction unless consent is given for longer retention

Section 11

Security of Personal Information

ZoikoVertex implements technical, organisational, and administrative security measures to protect personal information against unauthorised access, disclosure, alteration, or destruction.

  • Encryption of data in transit (TLS) and at rest
  • Role-based access controls and least-privilege operating model
  • Audit logging of access to sensitive systems and data
  • Workspace-level data isolation to prevent cross-customer access
  • Vulnerability management and security monitoring
  • Incident response procedures with documented notification timelines
  • Vendor and subprocessor security assessments

Enterprise security review. ZoikoVertex supports formal security, procurement, and compliance review processes. Contact enterprise@zoikogroup.com or visit the Security page for documentation.

Section 12

Your Privacy RightsRights

Depending on your location and applicable law, you may have the following rights regarding your personal information. To exercise any of these rights, contact us at privacy@zoikogroup.com.

RIGHTDESCRIPTION
AccessRequest a copy of the personal information we hold about you
CorrectionRequest that we correct inaccurate or incomplete personal information
DeletionRequest that we delete your personal information, subject to applicable legal and contractual retention obligations
PortabilityReceive your personal information in a structured, machine-readable format where technically feasible
ObjectionObject to processing based on legitimate interests, including direct marketing
RestrictionRequest that we restrict processing in certain circumstances
Withdraw consentWhere processing is based on consent, withdraw it at any time without affecting prior processing
ComplaintLodge a complaint with the relevant data protection authority in your jurisdiction

We will respond to all verified rights requests within 30 days, or 45 days where permitted by applicable law.

Section 13

California & U.S. State PrivacyCCPA

If you are a California resident or resident of another U.S. state with applicable privacy law, you may have additional rights including: right to know, right to delete, right to correct, right to opt out of sale or sharing, and right to non-discrimination.

  • Right to know — categories of personal information collected and purposes for which it is used
  • Right to delete — request deletion of personal information, subject to legal exceptions
  • Right to correct — request correction of inaccurate personal information
  • Right to opt out of sale or sharing — where applicable under state definitions
  • Right to limit use of sensitive personal information — where applicable
  • Right to non-discrimination — we will not discriminate against you for exercising privacy rights

California-specific notice. ZoikoVertex does not sell personal information for monetary consideration. Whether sharing with advertising and analytics vendors constitutes 'selling' or 'sharing' under the CPRA is subject to legal review. California residents may submit requests to privacy@zoikogroup.com.

Section 14

Children's Privacy

ZoikoVertex is an enterprise business platform and is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verifiable parental consent, we will take steps to delete that information. If you believe we have inadvertently collected such information, please contact us at privacy@zoikogroup.com.

Section 15

Enterprise Customers and Data Processing AddendumDPA

Enterprise customers who process personal data belonging to their own customers, employees, or users within ZoikoVertex workspaces act as data controllers for that data. ZoikoVertex acts as a data processor in that context.

Processing in the enterprise customer context is governed by:

  • The customer's master subscription or enterprise agreement with ZoikoVertex
  • The Data Processing Addendum (DPA), which incorporates GDPR Article 28 requirements, Standard Contractual Clauses, and applicable state-law processing terms
  • The subprocessor list, which identifies third-party processors engaged by ZoikoVertex

Request the DPA. Enterprise customers who require a signed DPA should contact

legal@zoikogroup.com. The DPA governs data processing inside customer workspaces — this Privacy Policy governs ZoikoVertex's own processing of personal data.

Section 16

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will update the "Last Updated" date and, where appropriate, notify registered users by email or via an in-platform notice.

Continued use of the platform after the effective date of any update constitutes acceptance of the revised policy.

Section 17

Contact for Data Privacy

For questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact us:

Privacy Enquiries

privacy@zoikogroup.com

Data subject rights requests, general privacy questions, and GDPR/CCPA inquiries.

Legal & DPA

legal@zoikogroup.com

Enterprise DPA requests, subprocessor queries, and legal compliance matters.

Registered Address

Zoiko Tech Inc. · 1401 21st Street, Suite R, Sacramento, CA 95811, USA

EU Representative · 67–69 Great Portland Street, 5th Floor, London W1W 5PF, UK

FAQ

Frequently Asked Privacy Questions

Quick answers for the most common questions about ZoikoVertex data privacy.

Related

Related Trust Pages

Security

Access controls, audit logs, data protection, and enterprise security review.

Cookie Preferences

Manage cookie categories and non-essential tracking preferences.

Data Processing Addendum

Enterprise data processing terms for customer personal information.

Responsible AI

AI-assisted workflows, human oversight, and governance posture.