This Privacy Policy explains how Zorro AI Ltd ("Zorro AI", "we", "us", or "our") collects, uses, shares, and protects personal data in connection with our software-as-a-service platform, website, and any associated services (collectively, the "Platform").
Zorro AI Ltd is a company registered in England and Wales (Company No. 16358589) with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.
1. Data we collect
We collect and process the following types of information:
1.1 Personal information you provide
- Name, company name, job title
- Email address, phone number
- Login credentials and profile information
- Any content or messages submitted through forms, chat, or emails
1.2 Automatically collected information
When you interact with the Platform, we automatically collect:
- Device data: IP address, browser type, operating system, screen resolution
- Usage data: pages visited, links clicked, time spent, navigation paths
- Interaction events: buttons clicked, forms submitted, inputs changed
- Session replays: full recordings of user interactions within the Platform
- API call logs: full capture of API calls and related metadata
1.3 Cookies and tracking technologies
We use cookies and similar technologies to:
- Authenticate users
- Remember preferences
- Enable functionality
- Track engagement for product improvement
- Conduct marketing analytics
Cookies may be set by us or third-party providers such as Google Analytics, Facebook/Meta Pixel, LinkedIn Insight Tag, and other ad and retargeting networks.
You can manage cookie settings via your browser or device settings.
2. Tools and providers we use
To operate and improve the Platform, we use the following services:
- PostHog · user behaviour, event data, logs, replays, API usage
- Sentry · technical errors and stack traces
- Google Analytics · aggregated data on visits, traffic sources, UTMs, conversions
- Facebook Pixel / LinkedIn Tag · ad optimisation and retargeting
- Email providers, support chat tools, and CRM platforms to manage user support and engagement
3. How we use personal data
We use your data for the following purposes:
- To provide and improve our Platform
- To personalise the user experience
- To monitor, analyse, and optimise Platform performance
- To offer user support and troubleshoot issues
- To communicate updates, service notices, and product news
- To run marketing campaigns and retargeting
- To meet legal obligations and enforce terms
4. Legal basis for processing (UK GDPR)
We rely on the following legal grounds:
- Contractual necessity · to deliver the services agreed with you
- Legitimate interests · product improvement, security, business operations
- Consent · for optional tracking and marketing where legally required
- Legal obligation · for recordkeeping, compliance, and rights protection
5. Sharing and disclosure
We do not sell your personal data. We may share it with:
- Cloud service providers and subcontractors (data processors)
- Marketing and analytics vendors
- Legal authorities, when required by law
All third parties are bound by strict data protection agreements.
6. International transfers
Some of our service providers may store or process data outside the UK. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).
7. Data retention
We retain personal data only as long as necessary for the purposes stated in this policy, or to comply with our legal obligations. Session replays, logs and analytics data may be kept for up to 12 months.
8. Your rights
Under the UK GDPR, you have the right to:
- Access your data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict or object to processing
- Port your data to another provider
- Withdraw consent (where applicable)
To exercise your rights or submit a complaint, email us at [email protected].
You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Security
We use technical and organisational measures to protect personal data, including:
- Encryption in transit and at rest
- Access controls and role-based permissions
- Monitoring and alerting for suspicious activity
10. Changes to this policy
We may update this Privacy Policy from time to time. The latest version will always be available at getzorro.ai/privacy. We will notify you of material changes where required.