Privacy Policy

While using our service, we may ask you to provide certain personally identifiable information that can be used to contact or identify you. This includes: • Email address • First name and last name • Phone number • Company name • Billing information (processed securely by our payment partners)

When visitors interact with websites using our widget, we automatically collect: • IP address • Browser type and version • Device type (mobile, desktop, tablet) • Operating system • Pages visited and time spent • Referring website • Location information (city/country level) • Online/offline status

We collect and store the content of chat conversations between website visitors and your team. This includes: • Chat transcripts • Timestamps • Agent responses • Visitor messages • File attachments (if enabled)

We use cookies and similar tracking technologies to track activity on our service and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

• Operate and maintain the Zipy platform • Display visitor information in real-time • Enable live chat functionality • Generate analytics and reports • Process transactions

• Understand how users interact with our platform • Develop new features and functionality • Analyze usage patterns • Optimize performance

• Send service updates and announcements • Respond to inquiries and support requests • Provide billing information • Share marketing communications (with opt-out option)

• Comply with applicable laws and regulations • Enforce our terms of service • Protect our rights and property • Prevent fraud and abuse

We may employ third-party companies and individuals to facilitate our service, provide service-related services, or assist us in analyzing how our service is used. These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Examples include: • Cloud hosting providers (AWS, Google Cloud) • Payment processors (Stripe) • Analytics services • Customer support tools

If Zipy is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

We do not sell your personal information or visitor data to third parties. Your data is yours, and we act as a custodian to provide our service.

• Encryption in transit (TLS/SSL) • Encryption at rest • Access controls and authentication • Regular security audits • SOC2 compliance • GDPR compliance • 24/7 monitoring

In the event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours as required by applicable law.

• Visitor data: 30 days (free plans), 1 year (paid plans) • Chat transcripts: Duration of account + 90 days • Account information: Until account deletion • Billing information: As required by tax laws

When you delete your account, we will delete your personal information within 30 days, unless we need to retain it for legal compliance.

• Right to access – You can request copies of your personal data. • Right to rectification – You can request correction of inaccurate data. • Right to erasure – You can request deletion of your data. • Right to restrict processing – You can request limitation of processing. • Right to data portability – You can request transfer of your data. • Right to object – You can object to processing of your data.

• Right to know – You can request disclosure of collected data. • Right to delete – You can request deletion of personal information. • Right to opt-out – You can opt-out of data sales (we don't sell data). • Right to non-discrimination – We won't discriminate for exercising rights.

To exercise any of these rights, please contact us at privacy@xolox.io. We will respond to your request within 30 days.