Privacy Policy

zalink.ai ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered e-commerce integration platform. By using zalink.ai, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our services.

We collect several types of information from and about users of our service: Account Information - Name and email address - Company/store name - Payment information (processed securely by our payment providers) Store Data - Product catalog information (names, descriptions, prices, images) - Order data (order details, status, customer information) - Customer information from your e-commerce platform - Inventory levels and stock data Technical Data - OAuth tokens (encrypted at rest using AES-256) - API request logs - Session data for AI interactions - Analytics and usage data Communication Data - Support tickets and correspondence - Feedback and survey responses

We use the information we collect to: - Provide our services: Connect your store to AI assistants, process orders, and sync product data - Improve our platform: Analyze usage patterns to enhance features and performance - Customer support: Respond to your inquiries and resolve issues - Security: Protect against unauthorized access and abuse - Analytics: Generate insights about AI-driven commerce (aggregated, anonymized) - Communication: Send service updates and important notifications

We do not sell your personal data. We may share information in these circumstances: With E-commerce Platforms Data is shared with your connected platforms (Zid, Salla, Shopify, WooCommerce) as necessary for integration. With AI Platforms When you enable AI assistant integrations, relevant product and order data is shared with those platforms (ChatGPT, Claude) to enable shopping experiences. Service Providers We use trusted third-party services for: - Cloud infrastructure (Google Cloud Platform / Firebase) - Email delivery (SendGrid) - Payment processing (Stripe) Legal Requirements We may disclose data when required by law or to protect our rights.

We implement robust security measures to protect your data: - Encryption: All sensitive data, including OAuth tokens, is encrypted using AES-256 encryption - HTTPS: All data transmission is encrypted using TLS/SSL - Access Controls: Firestore security rules restrict data access - Rate Limiting: Protection against abuse and denial-of-service attacks - Audit Logging: Comprehensive logging of sensitive operations - Token Security: Secure storage and automatic refresh of OAuth tokens Despite our measures, no method of transmission over the internet is 100% secure.

We retain your data for as long as your account is active or as needed to provide services: - Account data: Retained while your account is active - Analytics events: Retained for 90 days, then deleted - Analytics reports: Retained for 30 days - Audit logs: Retained for 1 year for security purposes - OAuth tokens: Deleted when you disconnect your store You can request deletion of your data at any time by contacting us.

Depending on your location, you may have these rights: - Access: Request a copy of your personal data - Correction: Request correction of inaccurate data - Deletion: Request deletion of your data - Portability: Receive your data in a portable format - Objection: Object to certain processing activities - Restriction: Request restriction of processing To exercise these rights, contact us at privacy@zalink.ai.

For users in the European Economic Area (EEA), we process data under these legal bases: - Contract: Processing necessary to provide our services - Legitimate Interest: Analytics, security, and service improvements - Consent: Marketing communications (opt-in) You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including: - Standard Contractual Clauses (SCCs) for EEA transfers - Data processing agreements with all service providers - Compliance with applicable data protection laws

zalink.ai is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

We may update this Privacy Policy periodically. We will notify you of significant changes by: - Posting the new policy on our website - Sending an email notification - Displaying a notice in our application Your continued use of zalink.ai after changes constitutes acceptance of the updated policy.

For questions about this Privacy Policy or our data practices: Email: privacy@zalink.ai Address: zalink.ai, Riyadh, Saudi Arabia For data protection inquiries in the EEA, you may also contact your local data protection authority.