Privacy Policy

1. Introduction

Welcome to UpZento ("Company," "we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Customer Relationship Management (CRM) platform and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when using our Service:

• Account Information: Name, email address, password, company name, job title, phone number
• Profile Information: Profile photo, bio, preferences, timezone settings
• Payment Information: Billing address, credit card details (processed securely by our payment providers)
• Contact Data: Information about your customers and contacts that you store in the Service
• Communication Data: Messages, emails, and correspondence you send through the Service
• Form Submissions: Data collected through forms you create using the Service
• Support Requests: Information provided when you contact our support team

2.2 Information Collected Automatically

When you access our Service, we automatically collect certain information:

• Device Information: IP address, browser type and version, operating system, device type
• Usage Data: Pages visited, features used, time spent on pages, click patterns
• Log Data: Access times, error logs, referring URLs
• Cookies and Tracking: Information collected through cookies, pixels, and similar technologies
• Location Data: General geographic location based on IP address

2.3 Information from Third Parties

We may receive information from third-party sources:

• OAuth Providers: When you connect Google, Microsoft, Facebook, or other services
• Integration Partners: Data from connected third-party applications
• Public Sources: Publicly available business information

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Provide, maintain, and improve our Service
• Process transactions and send related notifications
• Create and manage your account
• Enable features like appointment scheduling, email marketing, and CRM functionality
• Sync data with connected third-party services

3.2 Communication

• Send service-related emails (account updates, security alerts, billing)
• Respond to your inquiries and support requests
• Send marketing communications (with your consent)
• Notify you about changes to our Service or policies

3.3 Analytics and Improvement

• Analyze usage patterns to improve the Service
• Develop new features and functionality
• Conduct research and analysis
• Monitor and prevent technical issues

3.4 Security and Compliance

• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service
• Comply with legal obligations
• Respond to legal requests and prevent harm

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on:

• Contract Performance: Processing necessary to provide our Service to you
• Legitimate Interests: Processing for our legitimate business interests (improving Service, security, marketing)
• Consent: Processing based on your explicit consent (marketing emails, cookies)
• Legal Obligation: Processing required by applicable laws

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud hosting and infrastructure providers
• Payment processors (Stripe, PayPal)
• Email delivery services
• Analytics providers
• Customer support tools

5.2 Third-Party Integrations

When you connect third-party services (Google Calendar, Microsoft Outlook, etc.), we share necessary data to enable the integration as directed by you.

5.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to:

• Comply with legal obligations
• Protect our rights, privacy, safety, or property
• Prevent fraud or security issues
• Protect the rights of third parties

5.4 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.5 With Your Consent

We may share information for other purposes with your explicit consent.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained while your account is active and for a reasonable period thereafter
• Transaction Data: Retained for 7 years for tax and accounting purposes
• Usage Logs: Typically retained for 12 months
• Marketing Data: Retained until you opt out or withdraw consent

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access and authentication requirements
• Infrastructure Security: Secure cloud infrastructure with regular security audits
• Monitoring: Continuous security monitoring and incident response
• Employee Training: Regular security awareness training for our team

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

8.1 General Rights

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a structured, machine-readable format
• Opt-out: Unsubscribe from marketing communications

8.2 GDPR Rights (EEA/UK)

• Right to restrict processing
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

8.3 CCPA Rights (California)

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising CCPA rights

To exercise any of these rights, please contact us at privacy@upzento.com. We will respond to your request within the timeframe required by applicable law.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. Types of cookies we use:

• Essential Cookies: Required for the Service to function properly (authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use the Service
• Marketing Cookies: Used to deliver relevant advertisements (with consent)

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Service functionality.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with service providers
• Ensuring adequate levels of data protection

11. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately, and we will take steps to delete such information.

12. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. Data Processing for Customers

When you use our Service to store and process data about your own customers and contacts ("Customer Data"), you act as the data controller, and we act as the data processor. Our processing of Customer Data is governed by our Data Processing Agreement (DPA), available upon request.

You are responsible for:

• Ensuring you have lawful basis to collect and process Customer Data
• Obtaining necessary consents from your customers
• Responding to data subject requests from your customers
• Complying with applicable data protection laws

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Displaying a notice within the Service

The "Last updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@upzento.com
• Support: support@upzento.com
• Website: https://upzento.com

For data protection inquiries in the EU, you may also contact our Data Protection Officer at dpo@upzento.com.