ZentraCoreIntell

1) Introduction

ZentraCoreIntell Pty Ltd (“ZCI,” “we,” “us,” or “our”) provides AI-ready infrastructure, analytics tooling, and automation services. This privacy policy describes how we handle personal information when you visit our websites, use our products, engage with our support team, or otherwise interact with us. If you are acting on behalf of an organization, you must ensure you have authority to share any personal information with us.

2) Information We Collect

We only collect information that is necessary to deliver, improve, secure, and support our services. Categories include:

• Account data: name, business email, role, billing contact, MFA details.
• Usage and telemetry: feature interactions, device metadata, crash reports, diagnostic logs minimized and rotated automatically.
• Support communications: chat transcripts, recorded authorizations, attachments you choose to send.
• Payment information: tokenized payment instrument data processed via PCI DSS Level 1 providers.
• Partner and prospect data: business lead information from opt-in events, referrals, and compliant list providers.

3) How We Use Information

We use personal information to operate our services and honor our commitments to you and to regulators.

• Provisioning and maintaining user accounts, workspaces, and integrations.
• Authenticating requests, preventing fraud, investigating suspicious activity, and ensuring platform resiliency.
• Delivering transactional notifications, onboarding resources, surveys, and service updates.
• Improving and training product features (including AI-assisted automations) using aggregated or pseudonymized data.
• Processing payments, managing subscriptions, performing accounting and tax compliance.
• Meeting legal obligations, responding to lawful requests, enforcing terms, and defending our legal rights.

4) Legal Bases for Processing

Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:

• Performance of a contract: most core product features and support services.
• Legitimate interests: securing our platform, preventing abuse, improving features, and communicating important updates.
• Consent: marketing communications, non-essential cookies, beta research, and certain AI training data.
• Legal obligations: recordkeeping, sanctions screening, anti-bribery/AML checks, and responding to lawful government requests.

5) Cookies & Tracking Technologies

We use first-party cookies and limited third-party tags to provide essential functionality, understand how our products are used, and remember preferences.

• Essential: session management, CSRF protection, load balancing.
• Analytics: aggregated usage analytics (Matomo or equivalent) with IP truncation and 14-month retention.
• Preference: theme, locale, and accessibility settings.
• Advertising: not used within product surfaces; only limited retargeting on marketing pages with opt-in banners.

6) Sharing & Disclosures

We do not sell personal information. We may share data with:

• Service providers: hosting, email/SMS delivery, payment processors, customer support tools, and security vendors bound by DPAs.
• Enterprise customers: administrators may access information about users acting under that account.
• Authorities and legal processes: when legally required, when necessary to protect rights, or to prevent fraud and abuse.
• M&A events: in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality safeguards.

7) Data Security

Security controls include encryption in transit (TLS 1.3) and at rest (AES-256), hardware-backed key management, strict access control, continuous monitoring, and automated anomaly detection. We conduct annual penetration tests, maintain SOC 2 Type II and ISO 27001 certifications, and run a public bug bounty program.

8) Data Retention

We retain personal information only for as long as necessary for the purposes outlined in this policy. Typical retention periods:

• Account and billing records: duration of the contract + 7 years to satisfy accounting laws.
• Telemetry and system logs: 30 days in identifiable form, then aggregated/anonymized.
• Support tickets: 24 months, unless legal holds apply.
• Marketing consents: until you withdraw consent or 24 months of inactivity.

When data is no longer needed we securely delete, anonymize, or aggregate it.

9) International Transfers

Your information may be processed in Australia, the United States, the European Union, or other locations where we and our subprocessors operate. When transferring data internationally we rely on Standard Contractual Clauses (2021/914), UK International Data Transfer Addendums, and intra-company agreements. We follow the recommendations of the EDPB on supplementary measures, including encryption and strict access controls.

10) Your Rights

Depending on your jurisdiction you may have the right to access, rectify, port, restrict, or delete your information, object to processing, or withdraw consent. You may submit requests via the in-product Privacy Center or by emailing dsr@zentracoreintell.com. We verify identity using secure workflows and respond within one month (or sooner where required). You may also lodge a complaint with your supervisory authority.

11) Choices & Controls

You can manage many privacy settings directly:

• Admin console: configure retention windows, event logging, and workspace-level data residency.
• Profile settings: update personal details, MFA, notification preferences, and connected apps.
• Cookies: use our cookie banner or browser tools to opt out of non-essential tags.
• Marketing: unsubscribe links in every email or email unsubscribe@zentracoreintell.com.

12) Automation & AI

Certain features leverage machine learning or AI systems. We restrict training inputs to data you authorize, sandbox training jobs, and apply bias and drift monitoring. Automated recommendations do not replace human decision-making without your explicit enablement. You may disable AI features at the workspace level, and we will exclude your data from future training within 30 days of the request.

13) Third-Party Integrations & APIs

When you enable an integration (for example, OAuth sign-in, cloud storage import, or billing connector), we share only the data necessary to complete that workflow. Each integration clearly states the permissions requested, and tokens are encrypted and scoped. Revoking access through either platform immediately invalidates tokens stored with us. We publish a live list of subprocessors and update customers at least 30 days before onboarding a new one.

14) Regional Addenda

Additional disclosures may apply based on your location:

• United States (including California): We honor CPRA rights, do not “sell” personal information, and provide opt-out controls for cross-context behavioural advertising.
• European Economic Area & UK: ZentraCoreIntell Pty Ltd is the controller; ZentraCoreIntell Ireland Ltd acts as EU representative (Dublin). Data Protection Officer: Maya Liu (dpo@zentracoreintell.com).
• Australia & New Zealand: We comply with the APPs and report eligible data breaches to the OAIC or OPC.
• Other regions: Local requirements (LGPD, PDPA, PIPEDA) are handled via regional partners and SCCs.

15) Changes to This Policy

We may update this policy to reflect new products, regulations, or operational practices. We will post updates here, adjust the “Last updated” date, and provide additional notice (email or in-product banners) if material changes affect you. Continued use of the services after changes become effective constitutes acceptance.

16) Contact & Data Protection Officer

If you have questions, concerns, or complaints about privacy at ZentraCoreIntell, contact us using any of the channels below. We aim to respond within two business days.

• Email: legal@zentracoreintell.com
• Dedicated privacy desk: +61 (0)2 5550 8133
• Data Protection Officer: Maya Liu, dpo@zentracoreintell.com
• Mailing address: ZentraCoreIntell Pty Ltd, Level 14, 5 Martin Place, Sydney NSW 2000 Australia