Privacy Policy

Effective Date: September 27, 2025
Last Updated: February 13, 2026

1. Introduction

Zadro Solutions, Inc. ("Zadro.ai," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect information when you use our B2B lead intelligence service ("Service").

By using Zadro.ai, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration:

  • Name (first and last)
  • Email address
  • Organization name
  • Password (stored as bcrypt hash)
  • Optional: Phone number, job title, timezone

Billing Information:

  • Payment card details (processed and stored by Stripe; we do not store full card numbers)
  • Billing address
  • Tax identification numbers (when required)

Research Input Data:

  • Company domain names you research
  • Industry vertical selections
  • Optional prospect context: company name, contact name, location, phone number, requirements/notes

Communications:

  • Messages sent through contact forms
  • Support ticket contents
  • Feedback and survey responses

2.2 Information Collected Automatically

Usage Data:

  • API requests and dashboard actions
  • Research queries submitted and results generated
  • Feature usage patterns
  • Login timestamps and session duration
  • API key creation and revocation events

Technical Data:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • User agent string
  • Referrer URL
  • Page views and navigation paths

Cookies and Tracking Technologies:

  • Essential Cookies: Session management and authentication (CodeIgniter session cookies)
  • Analytics Cookies: Usage statistics and performance monitoring (if implemented)
  • Preference Cookies: User interface settings and saved preferences

You can control cookies through your browser settings, but disabling essential cookies may impair Service functionality.

2.3 Information from Third Parties

Payment Processors:

  • Stripe provides payment confirmation, transaction status, and billing metadata
  • We receive last 4 digits of payment cards, expiration dates, and billing information

AI Service Providers:

  • OpenAI processes your research inputs and returns generated intelligence reports
  • We do not receive additional data about you from OpenAI beyond what we submit

3. How We Use Your Information

3.1 Service Provision

  • Process research requests and generate intelligence reports
  • Authenticate users and manage accounts
  • Provide dashboard access and API functionality
  • Cache results to improve performance and reduce costs
  • Enforce rate limits and usage quotas

3.2 Billing and Account Management

  • Process subscription payments and usage charges
  • Track credit usage and calculate overages
  • Generate invoices and billing statements
  • Send payment receipts and renewal reminders
  • Manage subscription changes and cancellations

3.3 Communication

  • Send transactional emails (account creation, password resets, billing notifications)
  • Respond to support inquiries and feedback
  • Send product updates and feature announcements (with opt-out option)
  • Notify users of Terms or Privacy Policy changes

3.4 Product Improvement

  • Analyze usage patterns to improve Service features
  • Monitor performance and troubleshoot technical issues
  • Develop new features and integrations
  • Train and refine AI prompts and confidence scoring models

3.5 Security and Compliance

  • Detect and prevent fraud, abuse, and unauthorized access
  • Enforce Terms of Service and Acceptable Use Policy
  • Comply with legal obligations and government requests
  • Maintain audit logs for security and compliance purposes

3.6 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on:

  • Contractual Necessity: To provide the Service you've subscribed to
  • Consent: When you've explicitly opted in (e.g., marketing emails)
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Legal Obligations: To comply with tax, accounting, and regulatory requirements

4. How We Share Your Information

4.1 Third-Party Service Providers

We share information with trusted service providers who assist in operating our Service:

OpenAI (AI Processing):

  • Information Shared: Research inputs (domain, vertical, prospect context, requirements)
  • Purpose: Generate intelligence reports using GPT-5-mini with web search
  • Location: United States
  • Policies: Terms of Use, Privacy Policy
  • Data Retention: Per OpenAI's API data usage policy (typically 30 days for abuse monitoring, then deleted)

Stripe (Payment Processing):

  • Information Shared: Billing details, payment card information, transaction amounts
  • Purpose: Process subscription payments and manage billing
  • Location: United States
  • Policies: Privacy Policy, Terms of Service

Cloud Hosting Provider:

  • Information Shared: All Service data (stored on our servers)
  • Purpose: Host application infrastructure and databases
  • Location: United States
  • Security: Industry-standard encryption and access controls

Email Service Provider:

  • Information Shared: Email addresses, message contents, transaction details
  • Purpose: Send transactional emails and notifications

4.2 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or dashboard notice before your information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your information to:

  • Comply with legal obligations, court orders, or subpoenas
  • Enforce our Terms of Service and policies
  • Protect the rights, property, or safety of Zadro.ai, users, or the public
  • Investigate fraud, security incidents, or Terms violations

4.4 With Your Consent

We may share information for purposes not described in this policy with your explicit consent.

4.5 Public Information

Research outputs generated by the Service contain publicly available information about companies. This information is not personal data about you and may be shared or published as part of your normal business use.

4.6 De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you for research, marketing, or product improvement purposes.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

Data Type Retention Period Reason
Account Information Active account lifetime + 90 days Service provision, legal obligations
Research Results 30 days minimum (cached), no defined maximum Service provision, performance optimization
Usage Logs 90 days Billing, analytics, security monitoring
Billing Records 7 years Tax, accounting, legal compliance
Support Communications 3 years Customer service, dispute resolution
Security Logs 90 days Fraud prevention, abuse detection

After retention periods expire, we will delete or anonymize your information. In some cases, we may retain information longer if required by law or to resolve disputes.

6. Data Security

We implement technical and organizational measures to protect your information:

6.1 Technical Safeguards

  • Encryption: HTTPS/TLS 1.3 for data in transit; database encryption at rest
  • Authentication: Password hashing with bcrypt; API key storage as bcrypt hashes
  • Access Controls: Role-based permissions; multi-tenant data isolation
  • Network Security: Firewalls, intrusion detection, DDoS protection
  • Monitoring: Security logging, automated alerts, incident response procedures

6.2 Organizational Safeguards

  • Limited employee access to personal data on a need-to-know basis
  • Employee training on data protection and security practices
  • Vendor security assessments and contractual data protection obligations
  • Regular security audits and vulnerability assessments

6.3 Limitations

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and API keys.

6.4 Security Incidents

In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities as required by law, typically within 72 hours of discovery.

7. Your Privacy Rights

7.1 General Rights (All Users)

  • Access: View your account information and research history in the dashboard
  • Correction: Update inaccurate or incomplete account information
  • Deletion: Request deletion of your account and associated data (subject to retention obligations)
  • Export: Download your research results in JSON format via the API
  • Opt-Out: Unsubscribe from marketing emails (transactional emails cannot be disabled)

7.2 GDPR Rights (EEA Users)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of personal data ("right to be forgotten")
  • Right to Restriction: Request limitation of processing under certain conditions
  • Right to Data Portability: Receive personal data in machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for consent-based processing
  • Right to Lodge a Complaint: File complaints with your local data protection authority

7.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of "sale" of personal information (we do not sell personal data)
  • Right to Non-Discrimination: Equal service regardless of privacy rights exercise

7.4 Exercising Your Rights

To exercise any of these rights, contact us at:

  • Email: privacy@zadro.ai
  • Dashboard: Account Settings > Privacy & Data

We will respond to verified requests within 30 days. We may request additional information to verify your identity before processing requests.

7.5 Limitations

We may deny requests if:

  • We cannot verify your identity
  • The request is manifestly unfounded or excessive
  • We are legally required to retain the data
  • The data is necessary for ongoing contractual obligations or legal claims

8. International Data Transfers

Zadro.ai is based in the United States, and your information is processed on servers located in United States. If you are accessing the Service from outside the United States, please note that your information will be transferred to, stored, and processed in the United States.

8.1 EEA Transfers

For data transfers from the European Economic Area to the United States, we rely on:

  • Standard Contractual Clauses (SCCs): EU-approved data transfer mechanisms
  • Adequacy Decisions: When applicable, EU Commission adequacy decisions
  • Your Consent: By using the Service, you consent to international data transfers

We implement supplementary measures to ensure data protection equivalent to GDPR standards.

8.2 OpenAI Data Transfers

Research inputs are transmitted to OpenAI servers in the United States for AI processing. OpenAI's data handling practices are governed by their Privacy Policy.

9. Children's Privacy

The Service is not directed to children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us at privacy@zadro.ai and we will delete it promptly.

10. Marketing and Communications

10.1 Transactional Emails

We send essential transactional emails related to your account and Service usage. These cannot be disabled as they are necessary for Service operation:

  • Account verification and password resets
  • Payment receipts and billing notifications
  • Security alerts and suspicious activity warnings
  • Terms or Privacy Policy updates

10.2 Marketing Emails

We may send promotional emails about new features, product updates, or special offers. You can opt out by:

  • Clicking "Unsubscribe" in any marketing email
  • Adjusting email preferences in your account dashboard
  • Contacting us at privacy@zadro.ai

10.3 Third-Party Marketing

We do not sell or rent your email address to third-party marketers. We do not send marketing emails on behalf of third parties.

11. Third-Party Links and Services

Research results include links to third-party websites (company websites, news sources, industry reports). We are not responsible for the privacy practices of these sites. We recommend reviewing their privacy policies before providing personal information.

Our Service may integrate with third-party applications (CRMs, marketing tools) via webhooks or API connections. Your use of such integrations is subject to the third party's terms and privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email to your registered email address
  • Display a prominent notice in the dashboard
  • Provide at least 30 days' notice before changes take effect

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Zadro Solutions, Inc.
28 South Water Street
Suite 303
Batavia, IL 60510
Email: privacy@zadro.ai
Website: https://zadro.ai

We will respond to all inquiries within 5 business days.