Privacy Policy

Last updated:1 Decmber 2025

This Privacy Policy explains how Zava (“Zava”, “we”, “our”, or “us”) collects, uses, discloses, and safeguards information when you visit our website, use our platform, or interact with our agentic workforce operating system (the “Services”). This policy is designed for enterprise and business users.

1. Scope and Applicability

This Privacy Policy applies to information collected through:

• The Zava website and related marketing pages
• The Zava platform and dashboard
• Agent executions, workflows, and integrations configured by customers
• Communications with Zava, including sales, support, and onboarding

Where Zava processes personal data on behalf of a customer, Zava acts as a data processor and the customer acts as the data controller. Such processing is governed by the applicable customer agreement and data processing addendum.

2. Information We Collect

Account and Organization Information

• Name, business email address, role, and organization details
• User roles, permissions, and access levels
• Authentication data such as SSO identifiers, API keys, and encrypted credentials

Usage and Operational Data

• Agent activity logs, workflow executions, and run history
• Timestamps, duration, confidence scores, and user interventions
• Token usage, API consumption, and cost-related metrics
• Configuration changes and audit logs

Connected Systems and Content

• Metadata from connected tools such as CRMs, databases, document systems, and inboxes
• Knowledgebase references, context mappings, and workflow definitions
• Integration health status and connection identifiers

Device and Technical Information

• Device identifiers for registered desktop agents
• Operating system, browser type, and application version
• IP address, approximate location, and diagnostic logs

Communications

• Support requests, feedback, survey responses, and direct communications

Zava does not intentionally collect sensitive personal information unless explicitly configured by a customer. Customers are responsible for applying appropriate rules and data protection policies within the platform.

3. How We Use Information

• Provide, operate, and maintain the Zava platform
• Execute, monitor, and optimize AI agents and workflows
• Enable governance, auditability, and compliance controls
• Improve accuracy, reliability, and performance of the Services
• Provide customer support, onboarding, and training
• Monitor usage, security, and cost optimization
• Comply with legal and regulatory obligations

Customer data is not used to train general-purpose AI models without explicit agreement.

4. Legal Bases for Processing

• Performance of a contract
• Legitimate business interests such as security and service improvement
• Compliance with legal obligations
• Consent, where required by applicable law

5. Data Sharing and Disclosure

Information may be shared with:

• Authorized users within a customer’s organization, subject to role-based access controls
• Trusted service providers supporting hosting, security, analytics, and support
• Integration partners explicitly enabled by the customer
• Legal or regulatory authorities where required by law

Zava does not sell personal data or share it for advertising purposes.

6. International Data Transfers

Zava may process and store information in multiple jurisdictions. Appropriate safeguards, such as standard contractual clauses, are applied where required.

7. Data Retention

Information is retained only as long as necessary to provide the Services, meet legal obligations, and maintain audit and compliance records. Retention periods may vary based on customer configuration.

8. Security Measures

• Encryption in transit and at rest
• Role-based access controls and least-privilege principles
• Audit logs and continuous monitoring
• Secure authentication and API key management
• Enterprise-grade compliance controls

No system can guarantee absolute security.

9. Customer Responsibilities

• Determining what data is connected, processed, or shared through agents
• Configuring rules, permissions, and data protection policies
• Ensuring lawful use of personal data within the platform
• Informing end users about agent-driven processing where required

10. Your Rights

Depending on applicable law, individuals may have rights to access, correct, delete, or restrict processing of personal data, and to request data portability.

11. Cookies and Tracking

The Zava website may use cookies and similar technologies for essential functionality and analytics. Cookie preferences can be managed through browser settings.

12. Changes to This Policy

This Privacy Policy may be updated from time to time. Material changes will be posted on the website or platform. The “Last updated” date reflects the latest revision.

13. Contact Us

Privacy Team
Zava
Email: privacy@zava.ai