Zirah Logo

Privacy Notice

Last Updated: October 26, 2023

Version: 1.1

This Privacy Notice explains how ZIRAH ("we," "us," or "our") processes personal data in compliance with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

1. Data Controller

ZIRAH acts as the Data Controller for the personal data of our website visitors and direct customers. For data uploaded by our customers into the ZIRAH product (Customer Content), ZIRAH acts as a Data Processor, and our processing is governed by a separate Data Processing Agreement (DPA).

2. Legal Bases for Processing

Under GDPR, we only process your data when we have a valid legal basis:

  • Contractual Necessity: To provide the ZIRAH service, manage your account, and process billing.
  • Legitimate Interests: To secure our platform (e.g., 30-day security logs), improve product performance, and conduct business-to-business marketing.
  • Legal Obligation: To comply with tax, audit, or statutory reporting requirements.
  • Consent: For the use of non-essential cookies or when you opt-in to our newsletter.

3. Data Collection and Minimization

  • Identity & Contact Data: Name, email, and business address.
  • Technical & Usage Data: IP addresses, browser type, and interaction logs. Following our data minimization principle, technical logs are automatically purged after 30 days.
  • Encrypted Data: We utilize application-layer encryption. For encrypted Customer Content, ZIRAH does not possess the cryptographic keys and therefore cannot access the underlying personal data.

4. International Data Transfers

ZIRAH is headquartered in [Insert Country, e.g., the United States]. When we transfer data from the EEA/UK to countries not deemed to have "adequate" protection, we ensure safeguards are in place, typically through European Commission-approved Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).

5. Your Rights Under GDPR

As an EU/UK data subject, you have the following rights:

  • Right of Access: Request a copy of your data.
  • Right to Rectification: Correct inaccurate data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data.
  • Right to Restrict or Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Withdraw Consent: At any time, where processing is based on consent.

To exercise these rights, contact our Data Protection Team at privacy@zirah.io. We will respond to all verified requests within 30 days.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in Section 2.

  • Account Data: Retained for the duration of the contract plus 7 years for tax/audit purposes.
  • Security Logs: Deleted after 30 days.
  • Marketing Data: Retained until you unsubscribe or withdraw consent.

7. Complaints

You have the right to lodge a complaint with a Supervisory Authority in the Member State of your residence or where the alleged infringement occurred.

8. Contact Information

ZIRAH Data Protection Officer (DPO)
Email: privacy@zirah.ai