We at PriBAI Technology Spain S.L.(together with our affiliates, “Zylon”, “we”, “our” or “us”) respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Data that we collect from or about you when you use our website, applications, and services (collectively, “Services”). This Privacy Policy applies to our website and pilot environments (”demo”).
This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings. Our use of that data is governed by our customer agreements covering access to and use of those offerings.
1. Data controller
If you live in the European Economic Area (EEA), in the UK or Switzerland, PriBAI Techology Spain S.L., with its registered office at Calle Antoñete 7, Valdemorillo, 28210, Madrid, Spain is the controller and is responsible for the processing of your Personal Data as described in this Privacy Policy.
We have appointed a Data Protection Officer, who can be contacted at privacy@zylon.ai.
2. Personal Data we collect
Zylon does not host or process customer production data in its cloud environments. Customer production data remains on customer premises. The only customer-related data processed by Zylon is demo/test data in pilot environments. Demo/test environments are logically segregated and not intended for production use. Any personal data entered in demo environments is processed under this Privacy Policy.
We collect personal data relating to you (“Personal Data”) as follows:
Personal Data You Provide: We collect Personal Data if you create an account to use our Services or communicate with us as follows:
Account Information: When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, and transaction history, (collectively, “Account Information”).
User Content: We collect Personal Data that you provide in the input to our Services (“Content”), including your prompts and other content you upload, such as files, images, and audio, depending on the features you use. If you upload files containing third-party personal data, you are responsible for ensuring you have the necessary rights or legal basis to share it with us.
Communication Information: If you communicate with us, such as via email or our pages on social media sites, we may collect Personal Data like your name, contact information, and the contents of the messages you send (“Communication Information”).
Other Information You Provide: We collect other information that you may provide to us, such as when you participate in our events or surveys or provide us with information to establish your identity (collectively, “Other Information You Provide”).
Personal Data We Receive from Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions (“Technical Information”):
Log Data: We collect information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
Usage Data: We collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
Device Information: We collect information about the device you use to access the Services, such as the name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
Location Information: We may determine the general area from which your device accesses our Services based on information like its IP address for security reasons and to make your product experience better, for example to protect your account by detecting unusual login activity.
Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our Services and improve your experience. At present, we only use essential cookies, which are necessary for the proper functioning of our Services (such as maintaining your session, security, and access to certain features). These cookies do not track your browsing activity for advertising purposes. If you prefer, you can disable cookies in your browser settings, but please note that some features of the Services may not function properly without them. If we expand cookie usage (e.g. analytics), we will update this policy and provide opt-in consent where required.
3. How we use Personal Data
We may use Personal Data for the following purposes:
To provide, analyze, and maintain our Services, for example to respond to your questions for Zylon;
To improve and develop our Services and conduct research, for example to develop new product features;
To communicate with you, including to send you information about our Services and events, for example about changes or improvements to the Services;
To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services;
To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, PriBAI, or third parties.
We maintain system logs (which may include personal data such as IP addresses and device identifiers) for audit, fraud detection, compliance with our security obligations, and for our legitimate interests such as product improvement and service monitoring. Where possible, we pseudonymize or aggregate this information.
We may also aggregate or de-identify Personal Data so that it no longer identifies you and use this information for the purposes described above, such as to analyze the way our Services are being used, to improve and add features to them, and to conduct research. We will maintain and use de-identified information in de-identified form and not attempt to reidentify the information, unless required by law.
4. Disclosure of Personal Data
A list of our current subprocessors is available upon request by contacting privacy@zylon.ai.
We may disclose your Personal Data in the following circumstances:
Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may disclose Personal Data to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, content delivery services, support and safety monitoring services, email communication software, web analytics services, payment and transaction processors, and otherinformation technology providers. Pursuant to our instructions, these parties will access, process, or store Personal Data only in the course of performing their duties to us and they will follow the same standards set in this policy.
Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Data may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
Government Authorities or Other Third Parties: We may share your Personal Data, including information about your interaction with our Services, with government authorities, industry peers, or other third parties in compliance with the law (i) if required to do so to comply with a legal obligation, or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, users, or the public, or (vi) to protect against legal liability.
Affiliates: We may disclose Personal Data to our affiliates, meaning an entity that controls, is controlled by, or is under common control with Zylon. Our affiliates may use this Personal Data in a manner consistent with thisPrivacy Policy.
Business Account Administrators: When you join a Zylon pilot and an enterprise organization is created in our environments, the organization administrators of that account may access and control your account, including being able to access your Content. In addition, if you create an account using an email address belonging to your employer or another organization, we may share the fact that you have an account and certain account information, such as your email address, with your employer or organization to, for example, enable you to be added to their business account.
Other Users and Third Parties You Interact or Share Information With: Certain features allow you to interact or share information with other users or third parties. For example, you can share conversations with other users by making them collaborative. You can also send information to third-party applications, or for searching the web to help answer questions that benefit from more recent information. Information you share with third parties is governed by their own terms and privacy policies, and you should make sure you understand those terms andpolicies before sharing information with them.
5. Retention
We’ll retain your Personal Data for only as long as we need in order to provide our Services to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Data will depend on a number of factors, such as:
Our purpose for processing the data (such as whether we need to retain the data to provide our Services);
The amount, nature, and sensitivity of the information;
The potential risk of harm from unauthorized use or disclosure;
Any legal requirements that we are subject to.
Account data is retained for the life of the account plus 90 days. Support tickets are retained for up to 2 years. Security logs are retained for 1 year. We may retain anonymized data indefinitely.
6. Your rights
You have the following statutory rights in relation to your Personal Data:
Access your Personal Data and information relating to how it is processed.
Delete your Personal Data from our records.
Rectify or update your Personal Data.
Transfer your Personal Data to a third party (right to data portability).
Restrict how we process your Personal Data.
Withdraw your consent—where we rely on consent as the legal basis for processing at any time.
Lodge a complaint with your local data protection authority (see below).
You have the following rights to object:
Object to our processing of your Personal Data for direct marketing at any time.
Object to how we process your Personal Data when our processing is based on legitimate interests.
You can exercise some of these rights by sending an email to privacy@zylon.ai. We respond to all valid requests within one month, extendable by two months in complex cases, as permitted by law.
We hope that we are able to address any questions or concerns you may have. If you have any unresolved complaints with us or our Data Protection Officer, you can reach out to the Spanish Data Protection Commission(opens in a new window) as our lead supervisory authority, or your local supervisory authority(opens in a new window). For any unresolved complaints relating to the UK you can reach out to the Information Commissioner's Office(opens in a new window) and for Switzerland, to the Federal Data Protection and Information Commissioner(opens in a new window).
7. Children
Our Services are not directed to individuals under 16 years old (or the minimum age of digital consent in your country, which may be between 13–16). We do not knowingly collect Personal Data from children under the minimum age of digital consent. If we become aware that we have collected Personal Data from a child under the applicable age of digital consent, we will delete that data without undue delay. We will investigate any notification and, if appropriate, delete the Personal Data from our systems.
8. Security
We implement appropriate technical and organizational measures, aligned with industry standards, designed to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you provide to the Services. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites.
Measures include encryption in transit and at rest, strict access controls, multi-factor authentication, security monitoring, incident response procedures, and independent third-party audits.
9. Legal bases for processing
Where we rely on legitimate interests, we have conducted a balancing test to ensure your rights and freedoms are not overridden.
Purpose of processing | Type of Personal Data processed, depending on the processing activity | Legal basis, depending on the process activity |
To provide, analyze, and maintain our Services | • Account Information | Where necessary to perform a contract with you, such as processing a user’s prompts to provide a response. |
To improve and develop our Services and conduct research | • Account Information | Where necessary for our legitimate interests and those of third parties and broader society, including in developing, improving, or promoting our Services, such as improving our features. |
To communicate with you, including to send you information about our Services and events | • Account Information | Where necessary to perform a contract with you, such as processing your contact information to send you a technical announcement about the Services. Your consent when we ask for it to process your Personal Data for a specific purpose that we communicate to you, such as processing your contact information to send you certain forms of marketing communications. |
To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services | • Account Information | Where necessary to comply with a legal obligation. Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties, including in protecting our Services from abuse, fraud, or security risks, such as processing data from security partners to protect against fraud, abuse and security threats in our Services. |
To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, Zylon, or third parties | • Account Information | Where necessary to comply with a legal obligation, such as retaining transaction information to comply with record-keeping obligations. |
10. Data transfers
Zylon processes your Personal Data on servers located outside of the EEA, Switzerland and the UK for the purposes described in this Privacy Policy. This includes processing and storing your Personal Data in our facilities and servers in the United States. While data protection law varies by country and these countries may not offer the same level of data protection as your home country, we apply the protections described in this policy to your Personal Data regardless of where it is processed. When transferring Personal Data outside of the EEA, Switzerland or the UK, we rely on the following transfer mechanisms to comply with applicable data protection law:
We rely on the European Commission’s adequacy decisions(opens in a new window) pursuant to Article 45(1) GDPR when transferring your Personal Data to any country that has been considered to provide an adequate level of protection.
Where adequacy decisions are not available, we rely on Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and the Swiss FADP-compliant clauses as appropriate.
For more information or to obtain a copy of the appropriate safeguards we have in place when transferring Personal Data, please contact us at privacy@zylon.ai.
11. Changes to the privacy policy
We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date on this page, unless another type of notice is required by applicable law.
12. How to contact us
Please send an email to privacy@zylon.ai. if you have any questions or concerns not already addressed in this Privacy Policy.