Privacy Policy
This policy explains what personal data Zentallio handles, why, and the choices you have. We collect only what the platform needs to run, and we describe below the limited cases in which data is shared.
Who we are
This platform is provided by [Zentallio legal entity name] (“Zentallio”, “we”, “us”), an AI decision platform for multi-outlet operators in food & beverage and fashion retail. This policy covers our marketing website and the Zentallio product.
Registered address: [registered company address, Lahore, Pakistan]. For questions about your personal data, contact our privacy team at privacy@zentallio.com[ or DPO name/contact, if appointed].
EU / UK visitors: where we offer services to people in the EU or UK from outside those regions, our representative is [EU/UK representative name and address, if appointed].
For personal data our customers load into the platform about their own staff and guests, the customer is the controller and Zentallio acts as a processor on their instructions, as set out in our Data Processing terms.
What we collect
Depending on how you use Zentallio, we may collect:
- Account & contact data — name, work email, company, and role, when you sign up, book a walkthrough, or contact us.
- Usage data — pages viewed, features used, and device/browser details, to keep the service reliable and improve it.
- Support data — messages and attachments you send us.
- Customer platform data — operational records our customers process through Zentallio, handled under their instructions.
How we use it
We use personal data to provide and secure the service, respond to enquiries, send service and (where permitted) marketing messages, and improve the product. We do not use customer platform data to train models shared across other customers without the customer’s explicit permission.
Legal bases
Where the GDPR or similar laws apply, we rely on: contract (to deliver the service), legitimate interests (to run and improve Zentallio and keep it secure), consent (for optional marketing and non-essential cookies), and legal obligation where required. Where we rely on legitimate interests, you may object as described in “Your rights”.
Automated decisions & Iris
The Zentallio platform includes Iris, an AI agent that produces forecasts and decision recommendations from operational data. In the ordinary course, Iris supports human decision-making rather than making decisions that produce legal or similarly significant effects on individuals without human involvement.
Where a customer configures Zentallio to make automated decisions about individuals, that customer (as controller) is responsible for providing any additional notice, obtaining any required consent, and offering human review, as their local law requires. If you believe an automated decision has affected you, contact the relevant operator, or reach us at privacy@zentallio.com and we will route your request.
Retention
We keep personal data only as long as needed for the purposes above or as required by law, then delete or anonymise it. Customer platform data is retained per the customer’s configuration and our Data Processing terms.
Your rights
Subject to local law, you may have the right to access, correct, delete, or port your data, and to object to or restrict certain processing. You can withdraw consent at any time and opt out of marketing using the link in any email.
To exercise these rights, contact privacy@zentallio.com. If Zentallio processes your data on behalf of a customer, we’ll direct your request to that customer. We aim to respond within the timeframe required by applicable law.
Right to complain. If you’re in the EU, UK, or a region with a data protection authority, you have the right to lodge a complaint with your local supervisory authority. We’d appreciate the chance to address your concern first.
US state privacy rights
If you’re a resident of California or another US state with a privacy law, you may have rights to know, access, correct, delete, and to opt out of the “sale” or “sharing” of personal information and of targeted advertising, without discrimination for exercising them.
- Categories collected: identifiers, professional/employment information, and internet/usage activity (see “What we collect”).
- Purposes and disclosures: as described in “How we use it” and “Sharing & sub-processors”.
- To exercise these rights or opt out: email privacy@zentallio.com[ link a Do Not Sell/Share mechanism if ad/analytics cookies are used]. You may use an authorised agent where the law allows.
International transfers
Zentallio operates globally and is based outside the EU/UK. Where personal data is transferred across borders, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum where relevant) or another mechanism recognised under applicable law. A copy of the relevant safeguards is available on request.
Security
We use technical and organisational measures — encryption in transit, access controls, logging, and monitoring — to protect personal data. No method of transmission or storage is completely secure, but we work to protect your information and to notify affected parties of significant incidents where required by law.
Changes
We may update this policy from time to time. Material changes will be posted here with a new “last updated” date, and where required we’ll provide additional notice.