Privacy Policy

Zaby AI, Inc. ("Zaby," "we," "our," or "us") is committed to protecting your privacy and the privacy of data processed through our platform. This Privacy Policy explains how we collect, use, store, share, and protect information when you access or use the Zaby platform, including our websites, APIs, services, and applications.

Zaby is an AI-native operational infrastructure platform. Our services include Agent Squad, Open Agents, Agentic Workflows, Agent Memory, and AI SaaS Workspace. Each of these services may process different types of data depending on how you use the platform.

By using the Zaby platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this policy, please do not use our services.

We collect information in several ways depending on how you interact with the Zaby platform. The categories of information we collect include:

2.1 Account & Identity Information

• Name, email address, and password when you create an account
• Organization name and billing information for enterprise accounts
• Profile information and preferences you provide during onboarding
• Authentication credentials and access tokens for API usage

2.2 Usage & Operational Data

• Agent configurations, workflow definitions, and task instructions you create
• Execution logs, interaction histories, and operational metrics
• API request and response data generated during platform use
• Browser interaction data and computer-use session logs from Agent Squad deployments

2.3 Content You Upload

You may upload documents, knowledge bases, business data, and other content to the platform ("Your Content"). This content may be stored in Agent Memory systems and used to train or configure agents within your workspace. You retain ownership of all content you upload.

2.4 Technical & Device Data

• IP addresses, browser type, and operating system
• Device identifiers and network information
• Log files, error reports, and performance data
• Cookies and similar tracking technologies

We use the information we collect to operate, maintain, and improve the Zaby platform. Specifically, we use your information to:

• Provision and deliver the services you have requested, including agent execution, workflow orchestration, and memory persistence
• Authenticate your identity and manage your account and access permissions
• Process and execute agent tasks, workflows, and operational instructions you configure
• Store and retrieve data through Agent Memory systems to enable contextual continuity across sessions
• Monitor platform performance, detect errors, and maintain service reliability
• Provide customer support and respond to your inquiries
• Send you service-related communications, including security alerts and policy updates
• Comply with legal obligations and enforce our Terms of Service

3.1 AI Model Usage

Agent operations on the Zaby platform involve processing your instructions and data through AI models. We do not use your content or operational data to train foundation AI models without your explicit consent. Enterprise customers may request additional contractual protections regarding AI model training.

Agent Memory is a core capability of the Zaby platform that enables AI agents to retain information across sessions and environments. Understanding how memory systems work is important for understanding how your data is stored and processed.

4.1 Memory Types

• Conversational Memory: stores user interactions, preferences, and historical conversation data to enable personalized agent responses
• Operational Memory: stores workflow state, execution history, and operational context to support long-running task continuity
• Knowledge Memory: stores organizational documents, business knowledge, and reference materials you upload for agent access
• Shared Memory: enables multi-agent coordination and shared operational context within your workspace

4.2 Memory Storage & Retrieval

Memory data is stored using vector storage, semantic indexing, and structured memory systems. Retrieval is permission-aware — agents only access memory scoped to their assigned permissions and your organizational boundaries. Memory data is encrypted at rest and in transit.

4.3 Memory Deletion

You can request deletion of memory data stored in your workspace at any time through the platform settings or by contacting our support team. Enterprise customers may configure automated memory retention and deletion policies through dedicated workspace controls.

We do not sell your personal information or operational data to third parties. We may share information in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party service providers to help operate the platform, including cloud infrastructure providers, AI model providers, and payment processors. These providers are contractually bound to process data only as directed by Zaby and in accordance with applicable privacy laws.

5.2 Third-Party Integrations

The Zaby platform supports integrations with external services including CRMs, scheduling systems, payment platforms, communication channels (WhatsApp, Slack, Discord), and enterprise systems. When you configure agents to interact with these integrations, data may be transmitted to and from those third-party services. Your use of third-party integrations is subject to the respective privacy policies of those services.

5.3 Legal Requirements

We may disclose information when required by law, legal process, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Zaby, our customers, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and the applicable privacy commitments.

Zaby implements comprehensive security infrastructure across all platform services to protect your data and operational systems.

6.1 Technical Safeguards

• Role-based access control (RBAC) for permission management across agents, workflows, and workspaces
• Environment isolation to prevent cross-tenant data access
• Audit logs for all agent executions, workflow runs, and administrative actions
• Encryption of data at rest and in transit using industry-standard protocols
• Secure API integrations with authentication and rate limiting

6.2 Observability & Monitoring

Our observability layer tracks execution logs, metrics, and tracing data across all platform services. This monitoring helps us detect anomalies, investigate incidents, and maintain platform integrity. Operational logs are retained according to our data retention schedule and are accessible to you through the platform audit interface.

6.3 Security Incidents

In the event of a data breach or security incident that affects your personal information, we will notify you as required by applicable law. Enterprise customers will receive incident notifications through their designated security contacts in accordance with agreed response procedures.

Enterprise customers have access to enhanced data handling capabilities and contractual protections. Zaby offers multiple deployment models that affect how your data is stored and processed:

7.1 Deployment Models

• Cloud Deployment: data is stored and processed on Zaby-managed infrastructure with standard platform security controls
• Dedicated Enterprise Deployment: isolated infrastructure environment where your data is logically and physically separated from other customers
• Self-Hosted Deployment: customer-managed infrastructure where you retain full control over data storage, processing, and security configuration

7.2 Data Processing Agreements

Enterprise customers requiring GDPR-compliant Data Processing Agreements (DPAs) or CCPA-specific contractual terms can request these through their account manager. Zaby acts as a data processor for customer data and as a data controller for account and usage data.

7.3 Permission & Access Controls

Enterprise workspaces include granular permission controls for agents, workflows, and memory systems. Administrators can configure role boundaries, operational restrictions, and environment permissions to align with your organization's data governance requirements.

We retain different categories of data for different periods depending on the type of data, the purpose for which it was collected, and applicable legal requirements.

8.1 Retention Periods

• Account information: retained for the duration of your account and for a reasonable period after account deletion
• Agent Memory data: retained according to your workspace configuration; deletable on request
• Execution logs and workflow history: retained for 90 days by default; configurable for enterprise plans
• Billing and transaction records: retained as required by applicable financial regulations
• Security and audit logs: retained for 12 months to support incident investigation and compliance

8.2 Account Deletion

When you delete your account, we will delete or anonymize your personal information within a commercially reasonable period, except where retention is required by law or for legitimate business purposes such as fraud prevention or financial record-keeping.

Depending on your location, you may have certain rights regarding your personal information. Zaby is committed to honoring these rights regardless of jurisdiction.

9.1 Rights You May Have

• Access: request a copy of the personal information we hold about you
• Correction: request correction of inaccurate or incomplete information
• Deletion: request deletion of your personal information, subject to legal retention requirements
• Portability: request your data in a structured, machine-readable format
• Restriction: request that we limit how we process your information in certain circumstances
• Objection: object to certain types of processing, including direct marketing
• Withdrawal of consent: withdraw consent where processing is based on consent

9.2 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@zaby.ai. We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing certain requests.

9.3 Cookie & Tracking Controls

You can control cookies and tracking technologies through your browser settings. Disabling certain cookies may affect the functionality of the platform. We do not respond to Do Not Track signals at this time but will honor applicable regional opt-out mechanisms.

The Zaby platform is designed for use by businesses and professionals. We do not knowingly collect personal information from individuals under the age of 16. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@zaby.ai and we will take steps to delete that information.

Zaby operates globally and your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

When we transfer personal information across borders, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission, adequacy decisions where applicable, and other transfer mechanisms recognized under applicable data protection law.

Enterprise customers requiring data residency commitments — including EU, UK, or specific regional data storage requirements — may configure dedicated deployment environments. Contact your account manager for information about available data residency options.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and, where required, by sending you a direct notification.

The date at the top of this policy indicates when it was last updated. We encourage you to review this policy periodically. Your continued use of the platform following the posting of changes constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests related to this Privacy Policy or how Zaby handles your data, please contact us at:

• Email: privacy@zaby.ai
• Legal inquiries: legal@zaby.ai
• Mailing address: Zaby AI, Inc. — available upon written request

For EU/EEA residents, Zaby's designated Data Protection Officer can be reached at privacy@zaby.ai. We will respond to all privacy-related inquiries within 30 days.