> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zappway.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Privacy Policy

> Learn how ZappWay collects, uses, and protects your personal data. Our commitment to transparency and data protection under GDPR and LGPD.

> **Important:**
> ZappWay takes your privacy seriously and is committed to protecting your personal data in compliance with GDPR (EU) and LGPD (Brazil) regulations.

***

## 🔢 Table of Contents

1. [Introduction](#1-introduction)
2. [What Data We Collect](#2-what-data-we-collect)
3. [How We Use Your Data](#3-how-we-use-your-data)
4. [Data We Share](#4-data-we-share)
5. [Data Retention](#5-data-retention)
6. [Your Data Protection Rights](#6-your-data-protection-rights)
7. [Marketing Communications](#7-marketing-communications)
8. [Cookies](#8-cookies)
9. [International Data Transfers](#9-international-data-transfers)
10. [Security Measures](#10-security-measures)
11. [Children's Privacy](#11-childrens-privacy)
12. [Changes to This Policy](#12-changes-to-this-policy)
13. [Contact Information](#13-contact-information)

***

## 1. Introduction

ZappWay, registered at **Avenida Brigadeiro Faria Lima, 1811, Esc 1120, Jardim Paulistano, São Paulo/SP, CEP 01452-001, Brazil**, takes your privacy seriously and considers it important for your personal data (hereafter "your data") to be treated with the necessary care and confidentiality at all times.

This Privacy Policy explains how our organization collects, uses, processes, and protects your personal data, and why we do so. It applies to all users of our services and visitors to our website.

**If you have any questions after reading this Privacy Policy, please contact us at:** [support@zappway.ai](mailto:support@zappway.ai)

### Scope of This Policy

To avoid any misunderstandings, we clarify that this Privacy Policy applies to the processing of personal data from:

* **AI Employee Creators**: Persons who create and manage AI Employees using ZappWay
* **End Users/Respondents**: Persons who interact with AI Employees (through forms, chats, etc.)
* **Website Visitors**: Persons who visit our marketing website and landing pages

### Important Distinction: Data Controller vs Data Processor

**ZappWay acts in different roles depending on the data:**

**ZappWay as Data Controller:**

* For your account registration information
* For billing and payment data
* For website visitor analytics
* For marketing communications

**ZappWay as Data Processor:**

* For data collected through AI Employees you create
* For form responses submitted to your AI Employees
* For documents uploaded to your datastores
* For conversations with your AI Employees

**You (the AI Employee Creator) are the Data Controller for:**

* All data collected through your AI Employees
* Form responses from end users
* Documents you upload to datastores
* Conversations with end users

This means you are responsible for ensuring compliance with GDPR/LGPD for data you collect through ZappWay. We provide the tools and infrastructure, but you control the purposes and means of processing.

***

## 2. What Data We Collect

### Data We Collect from AI Employee Creators

When you create an account and use ZappWay services, we collect:

#### A. Registration Information

* **Name**: First and last name
* **Email address**: Used for account access and communications
* **Username**: Your chosen account identifier
* **Password**: Encrypted and securely stored
* **Account preferences**: Settings and configurations

#### B. Billing Information

If you subscribe to a paid ZappWay plan:

* **Billing name and address**
* **Payment method details**: Credit card information (processed and stored by our payment provider Stripe, not by ZappWay directly)
* **Transaction history**: Invoices, payment dates, amounts
* **Tax information**: VAT numbers, tax IDs where applicable

#### C. AI Employee Data

* **AI Employee configurations**: Names, instructions, settings
* **Datastore content**: Documents and files you upload
* **Form responses**: Data submitted through your AI Employees
* **Conversation logs**: Interactions between your AI Employees and end users
* **Usage data**: API calls, features used, performance metrics

#### D. Technical Data

* **IP address**: For security and fraud prevention
* **Device information**: Browser type, operating system, device type
* **Location data**: Approximate location based on IP address
* **Session data**: Login times, session duration
* **Cookies**: See our [Cookie Policy](/privacy/cookie-policy) for details

#### E. Usage and Analytics Data

* **Feature usage**: Which features you use and how often
* **Performance data**: Load times, error rates, system performance
* **Navigation data**: Pages visited, click patterns, time on page
* **Referral source**: How you found ZappWay (search, ads, direct, etc.)

### Data We Collect from Website Visitors

If you visit our website without registering:

* **Technical data**: IP address, browser, device, operating system
* **Navigation data**: Pages visited, time spent, referral source
* **Cookies**: Essential and analytics cookies (with consent)
* **Form submissions**: If you contact us or sign up for newsletters

### Data We Collect from End Users/Respondents

When someone interacts with an AI Employee you created:

* **Response data**: Information submitted through forms or chat
* **Conversation data**: Messages exchanged with AI Employee
* **Metadata**: Timestamp, IP address, device information
* **Interaction data**: Features used, session duration

**Important:** For this data, YOU (the AI Employee Creator) are the data controller. ZappWay only processes this data according to your instructions. Respondents should contact you directly for any data requests.

### Data We Do NOT Collect

* **Sensitive personal data**: We do not intentionally collect racial/ethnic origin, political opinions, religious beliefs, health data, sexual orientation, or biometric data
* **Children's data**: We do not knowingly collect data from children under 18 (LGPD) or 16 (GDPR)
* **Unnecessary data**: We practice data minimization and only collect what's needed

***

## 3. How We Use Your Data

ZappWay is committed to transparency. We use your data only for legitimate purposes and with appropriate legal basis.

### Legal Basis for Processing (GDPR/LGPD)

We process your data based on:

1. **Consent**: You explicitly agree to data processing (e.g., marketing emails)
2. **Contract**: Necessary to provide our services to you
3. **Legitimate interests**: For business operations, security, and improvements
4. **Legal obligation**: To comply with laws and regulations

### Purposes of Data Processing

#### A. Service Delivery and Operation

* **Account management**: Create and maintain your account
* **Service provision**: Enable AI Employee functionality
* **Feature access**: Provide tools like datastores, forms, integrations
* **Technical support**: Troubleshoot issues and provide assistance
* **Infrastructure**: Host and operate our platform

**Legal basis:** Contract performance, legitimate interests

#### B. Service Improvement and Development

* **Product development**: Build new features and improve existing ones
* **Performance optimization**: Enhance speed, reliability, and user experience
* **Bug fixing**: Identify and resolve technical issues
* **Quality assurance**: Test and validate platform functionality
* **Analytics**: Understand usage patterns and user needs

**Legal basis:** Legitimate interests

#### C. Security and Fraud Prevention

* **Account security**: Protect against unauthorized access
* **Fraud detection**: Identify and prevent fraudulent activity
* **Abuse prevention**: Monitor for terms of service violations
* **System integrity**: Maintain platform security and stability
* **Threat detection**: Identify and respond to security threats

**Legal basis:** Legitimate interests, legal obligation

#### D. Communication with You

* **Essential notifications**: Account-related updates, security alerts
* **Product updates**: New features, improvements, changes
* **Support communications**: Respond to your inquiries
* **Billing notifications**: Payment confirmations, invoice reminders
* **Legal notices**: Terms updates, policy changes

**Legal basis:** Contract performance, legal obligation

#### E. Marketing (with Consent)

* **Promotional emails**: New features, offers, company news
* **Product recommendations**: Relevant features or upgrades
* **Educational content**: Tutorials, tips, best practices
* **Event invitations**: Webinars, workshops, conferences

**Legal basis:** Consent (you can opt out anytime)

#### F. Legal Compliance

* **Legal requests**: Respond to court orders, subpoenas
* **Regulatory compliance**: Meet GDPR, LGPD, and other legal requirements
* **Dispute resolution**: Address legal claims or disputes
* **Law enforcement**: Cooperate with authorities when required

**Legal basis:** Legal obligation

### What We Do NOT Do with Your Data

* **Sell your data**: We never sell personal data to third parties
* **Advertising**: We don't use your data for targeted advertising
* **Unrelated purposes**: We don't use data beyond stated purposes
* **Share without consent**: We don't share data except as described in Section 4
* **Profile without consent**: We don't create detailed profiles for marketing

***

## 4. Data We Share

We value your privacy and only share data when necessary to operate our service or as required by law.

### Service Providers (Subprocessors)

We share data with trusted third-party service providers who help us operate ZappWay. All subprocessors:

* Are contractually obligated to protect your data
* Must comply with GDPR and LGPD requirements
* Can only process data according to our instructions
* Are regularly audited for security and compliance

**Full list of subprocessors:** See our [GDPR/LGPD Compliance page](/privacy/gdpr#7-subprocessors) for a complete, up-to-date list including:

* Cloud hosting providers (Fly.io, Cloudflare)
* Database services (DigitalOcean, Qdrant)
* AI/LLM providers (OpenAI, Anthropic)
* Payment processor (Stripe)
* Analytics (Google Analytics)
* Email services (Mailercloud)

### When We Share Your Data

**A. Service Delivery**

* With cloud hosting providers to store your data
* With AI providers to process queries and generate responses
* With payment processors to handle billing

**B. Legal Requirements**

* To comply with legal obligations, court orders, or subpoenas
* To enforce our Terms of Service
* To protect our rights, property, or safety
* To investigate fraud or security issues

**C. Business Transfers**

* In the event of a merger, acquisition, or sale of assets
* Your data may be transferred to the new entity
* You will be notified of any such change

**D. With Your Consent**

* When you explicitly authorize data sharing
* For specific integrations you enable (Zapier, Slack, etc.)

### Data Shared Between AI Employee Creators and End Users

**Important:** When you create an AI Employee, you control what data is collected from end users. We recommend:

* Adding a privacy notice to forms explaining data collection
* Informing users about data processing in AI Employee responses
* Providing contact information for data requests
* Being transparent about data usage and retention

***

## 5. Data Retention

### How Long We Keep Your Data

We retain your data only as long as necessary for the purposes outlined in this policy or as required by law.

#### A. Account Data (AI Employee Creators)

**While your account is active:**

* All account data is retained to provide services
* You have full control to delete data at any time
* AI Employee data, forms, and responses remain accessible

**After account deletion:**

* Account data is immediately deleted from production systems
* Data is permanently removed from backups within **90 days**
* Some data may be retained longer if required by law (e.g., tax records for 7 years)

#### B. AI Employee Data (Forms, Responses, Conversations)

**You control retention:**

* As the data controller, you decide how long to keep this data
* You can delete individual responses, forms, or entire datastores
* Deleted data is immediately removed from production
* Permanent deletion from backups within **90 days**

**We recommend:**

* Defining a data retention policy for your use case
* Regularly reviewing and deleting old data
* Documenting your retention periods for compliance

#### C. Billing Data

**Retention period:**

* Transaction records: **7 years** (required by tax laws)
* Payment method details: Stored by Stripe according to their retention policy
* Invoices: Retained for accounting and tax purposes

#### D. Analytics and Logs

**Retention period:**

* System logs: **90 days**
* Analytics data: **24 months** (aggregated and anonymized)
* Security logs: **1 year** (for audit and investigation)

#### E. Marketing Data

**Retention period:**

* Active subscribers: Until you unsubscribe
* After unsubscribe: **30 days** (to honor unsubscribe requests)
* You can request immediate deletion by contacting us

### Data Recovery

**Important:** Once you delete data from ZappWay:

* It cannot be recovered from production systems
* After 90 days, it's permanently deleted from all backups
* We cannot restore deleted data
* Make sure to export any data you need before deletion

***

## 6. Your Data Protection Rights

Under GDPR (EU) and LGPD (Brazil), you have comprehensive rights regarding your personal data.

### Rights for AI Employee Creators

As a registered ZappWay user, you have the following rights:

#### 1. Right of Access

**What it means:** You can request a copy of all personal data we hold about you.

**How to exercise:**

* Contact us at [support@zappway.ai](mailto:support@zappway.ai)
* We'll provide your data within **30 days** (GDPR) or **15 days** (LGPD)
* Data will be provided in a structured, readable format

#### 2. Right to Rectification

**What it means:** You can correct inaccurate or incomplete data.

**How to exercise:**

* Update account details directly in **Account Settings**
* For other corrections, contact [support@zappway.ai](mailto:support@zappway.ai)
* We'll update your data within **30 days**

#### 3. Right to Erasure (Right to be Forgotten)

**What it means:** You can request deletion of your personal data.

**How to exercise:**

* Go to **Account Settings → Delete Account**
* Or contact [support@zappway.ai](mailto:support@zappway.ai)
* Data deleted immediately from production, removed from backups within 90 days

**Limitations:** We may retain data if required by:

* Legal obligations (e.g., tax records)
* Legitimate interests (e.g., fraud prevention)
* Defense of legal claims

#### 4. Right to Restrict Processing

**What it means:** You can request that we limit how we process your data.

**How to exercise:**

* Contact [support@zappway.ai](mailto:support@zappway.ai)
* We'll store your data but not actively process it
* Processing restrictions remain until your issue is resolved

#### 5. Right to Data Portability

**What it means:** You can receive your data in a machine-readable format and transfer it to another service.

**How to exercise:**

* Export AI Employee data in **CSV format** from your dashboard
* Request full account data export at [support@zappway.ai](mailto:support@zappway.ai)
* Data provided in JSON or CSV format

#### 6. Right to Object

**What it means:** You can object to processing of your data for certain purposes.

**How to exercise:**

* Contact [support@zappway.ai](mailto:support@zappway.ai) with your objection
* We'll assess and respond within **30 days**
* You can always opt out of marketing communications

#### 7. Right to Withdraw Consent

**What it means:** You can withdraw consent for data processing at any time.

**How to exercise:**

* Update preferences in **Account Settings**
* Unsubscribe from marketing emails via unsubscribe link
* Contact [support@zappway.ai](mailto:support@zappway.ai)

**Note:** Withdrawal doesn't affect processing done before withdrawal.

#### 8. Right to Lodge a Complaint

**What it means:** You can file a complaint with data protection authorities.

**Where to complain:**

* **EU/GDPR:** Contact your national Data Protection Authority (DPA)
  * List: [https://edpb.europa.eu/about-edpb/board/members\_en](https://edpb.europa.eu/about-edpb/board/members_en)
* **Brazil/LGPD:** Contact ANPD (Autoridade Nacional de Proteção de Dados)
  * Website: [https://www.gov.br/anpd/](https://www.gov.br/anpd/)
  * Email: [atendimento@anpd.gov.br](mailto:atendimento@anpd.gov.br)

### Rights for End Users/Respondents

If you've submitted data through a ZappWay AI Employee:

**Important:** The AI Employee Creator is responsible for your data, not ZappWay. We only process this data on their behalf.

**To exercise your rights:**

1. **First contact:** The person or organization that created the AI Employee
2. **If unavailable:** Contact us at [support@zappway.ai](mailto:support@zappway.ai) and we'll help connect you with the creator
3. **We'll assist:** If the creator is unresponsive, we'll help facilitate your request

**Your rights include:**

* Access to your submitted data
* Correction of inaccurate data
* Deletion of your data
* Objection to processing
* Data portability

***

## 7. Marketing Communications

### What We Send

If you register for ZappWay, we may send you:

* **Product updates**: New features, improvements, releases
* **Company news**: Blog posts, announcements, company updates
* **Educational content**: Tutorials, best practices, tips
* **Promotional offers**: Discounts, special offers, upgrades
* **Event invitations**: Webinars, workshops, conferences

### Your Control

**You always have the right to opt out:**

* **Unsubscribe link**: Every marketing email includes an unsubscribe option
* **Account settings**: Manage email preferences in your account
* **Contact us**: Email [support@zappway.ai](mailto:support@zappway.ai) to opt out

**Transactional emails:** Even if you opt out of marketing, you'll still receive:

* Account security notifications
* Billing and payment confirmations
* Service updates affecting your account
* Responses to your support requests

These are necessary for service operation and cannot be disabled.

### Legal Basis

We send marketing communications based on:

* **Consent**: You opted in during registration or via email preferences
* **Legitimate interest**: Soft opt-in (existing customer relationship)

You can withdraw consent at any time without affecting your service access.

***

## 8. Cookies

### What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They help websites remember your preferences and improve your experience.

### How ZappWay Uses Cookies

We use cookies to:

* **Remember your login**: Stay signed in across sessions
* **Maintain preferences**: Language, theme, settings
* **Analytics**: Understand how users interact with our platform
* **Security**: Detect and prevent fraud
* **Performance**: Optimize loading times and functionality

### Types of Cookies We Use

#### A. Essential Cookies (Required)

* **Session cookies**: Maintain your login session
* **Security cookies**: Protect against CSRF attacks
* **Authentication**: Verify your identity
* **Cannot be disabled**: Required for platform functionality

#### B. Analytics Cookies (Optional)

* **Google Analytics**: Track page views, user flows
* **Performance metrics**: Load times, error rates
* **Aggregated data**: Anonymized usage statistics
* **Can be disabled**: Via cookie banner or browser settings

#### C. Preference Cookies (Optional)

* **UI preferences**: Dark mode, language selection
* **Feature settings**: Dashboard layout, notification preferences
* **Can be disabled**: Via cookie settings

### Cookie Consent

**On your first visit:**

* We show a cookie banner explaining our use of cookies
* You can accept all, reject optional, or customize settings
* Essential cookies are always active (required for functionality)

**Manage cookies:**

* Update preferences via the cookie banner
* Change settings in your browser
* Full details in our [Cookie Policy](/privacy/cookie-policy)

### Third-Party Cookies

Some cookies are set by third-party services we use:

* **Google Analytics**: Analytics and reporting
* **Stripe**: Payment processing
* **OpenAI/Anthropic**: AI functionality

These third parties have their own privacy policies governing cookie use.

***

## 9. International Data Transfers

### Data Storage Locations

ZappWay operates globally with infrastructure in:

* **European Union (EU)**: Primary data hosting
* **Brazil**: Local data processing for Brazilian users
* **United States**: Some service providers (OpenAI, Stripe, etc.)

### EU Data Transfers (GDPR)

When we transfer data from the EU to countries outside the EU/EEA:

**Safeguards we use:**

* **Standard Contractual Clauses (SCCs)**: EU-approved contracts with data processors
* **Adequacy decisions**: Transfers to countries deemed adequate by EU Commission
* **Supplementary measures**: Additional encryption and access controls
* **Data Processing Agreements**: Legal contracts with all processors

**US Service Providers:**
For transfers to the United States (OpenAI, Anthropic, Stripe):

* We use Standard Contractual Clauses
* Data is encrypted in transit and at rest
* Access limited to necessary operations only
* Regular security audits and compliance reviews

### Brazilian Data Transfers (LGPD)

When we transfer data from Brazil to other countries:

**Safeguards we use:**

* **International transfer agreements**: Compliant with ANPD requirements
* **Standard contractual clauses**: Based on LGPD Article 33
* **Adequate level of protection**: Assessment of destination country laws
* **User consent**: When required by LGPD

### Your Rights

You have the right to:

* Be informed about international transfers
* Object to transfers to specific countries
* Request information about safeguards in place

Contact [support@zappway.ai](mailto:support@zappway.ai) for details about specific transfers.

***

## 10. Security Measures

### How We Protect Your Data

ZappWay implements comprehensive security measures to protect your data from unauthorized access, loss, or misuse.

#### A. Technical Security

**Encryption:**

* **In transit**: TLS 1.3 encryption for all data transmission
* **At rest**: AES-256 encryption for stored data
* **Backups**: Encrypted backup storage

**Access controls:**

* **Authentication**: Secure password hashing (bcrypt)
* **Authorization**: Role-based access control (RBAC)
* **Multi-factor authentication**: Available for all accounts
* **API keys**: Secure token-based API access

**Infrastructure security:**

* **Firewall protection**: Network-level security
* **DDoS protection**: Via Cloudflare
* **Intrusion detection**: Real-time monitoring
* **Regular patching**: Automated security updates

#### B. Organizational Security

**Employee access:**

* **Principle of least privilege**: Staff access limited to job requirements
* **Background checks**: Screening for sensitive positions
* **Confidentiality agreements**: All staff sign NDAs
* **Security training**: Regular awareness programs

**Policies and procedures:**

* **Incident response plan**: Documented breach procedures
* **Data classification**: Clear data handling guidelines
* **Change management**: Controlled deployment processes
* **Vendor management**: Third-party security assessments

#### C. Monitoring and Auditing

**Continuous monitoring:**

* **24/7 monitoring**: Automated threat detection
* **Log analysis**: Security event correlation
* **Vulnerability scanning**: Regular security assessments
* **Penetration testing**: Annual third-party audits

**Audit trails:**

* **Access logs**: Who accessed what and when
* **Change logs**: Data modification tracking
* **Compliance audits**: Regular GDPR/LGPD reviews

#### D. Data Breach Response

In the unlikely event of a data breach:

**Our process:**

1. **Detection and containment** (within hours)
2. **Impact assessment** (within 24 hours)
3. **Notification to authorities** (within 72 hours for GDPR, reasonable timeframe for LGPD)
4. **User notification** (if high risk to rights)
5. **Remediation** and lessons learned

**Your responsibilities:**

* Report suspected breaches immediately to [security@zappway.ai](mailto:security@zappway.ai)
* Cooperate with investigation
* Notify your users if you're the data controller

### Security Best Practices for Users

**We recommend:**

* Use strong, unique passwords
* Enable multi-factor authentication
* Keep software and browsers updated
* Don't share account credentials
* Review account activity regularly
* Log out from shared devices
* Report suspicious activity immediately

***

## 11. Children's Privacy

### Age Restrictions

ZappWay services are not intended for children:

* **LGPD (Brazil)**: Under 18 years old
* **GDPR (EU)**: Under 16 years old (or lower age set by member state)
* **General**: Under 13 years old (COPPA compliance)

### We Do Not Knowingly Collect Children's Data

**If you're a parent or guardian:**

* We do not knowingly collect data from children
* If you believe a child has provided us data, contact us immediately
* We will delete the data as soon as we verify the issue

**To report:**

* Email: [support@zappway.ai](mailto:support@zappway.ai)
* Subject: "Child Privacy Concern"
* Include: Child's information and verification of guardianship

**We will:**

* Investigate within 48 hours
* Delete all associated data
* Block future account creation
* Notify you of actions taken

### AI Employee Creators' Responsibilities

If you collect data through AI Employees:

* You must ensure respondents meet minimum age requirements
* Add age verification to forms if collecting from minors
* Obtain parental consent where required
* Comply with local laws regarding children's data

***

## 12. Changes to This Policy

### How We Update This Policy

We may update this Privacy Policy from time to time to reflect:

* Changes in our data practices
* New features or services
* Legal or regulatory requirements
* User feedback and best practices

### Notification of Changes

**For material changes:**

* We'll notify all account holders via email
* Notification sent at least **30 days** before changes take effect
* Material changes include: new data processing purposes, changes to data retention, new data sharing arrangements

**For minor changes:**

* We'll update this page with the new policy
* "Last updated" date will be modified
* We may announce changes via blog or dashboard notification

### Your Acceptance

**By continuing to use ZappWay after policy changes:**

* You accept the updated Privacy Policy
* If you disagree, you can delete your account
* Deletion must be done before the new policy takes effect

### Policy Version History

**Current version:** 2.0\
**Last updated:** March 2026\
**Previous versions:** Available upon request at [support@zappway.ai](mailto:support@zappway.ai)

***

## 13. Contact Information

### Privacy Inquiries

For questions, concerns, or requests regarding your privacy:

**Email:** [support@zappway.ai](mailto:support@zappway.ai)\
**Subject:** "Privacy Inquiry"\
**Response time:** Within 2-3 business days

### Data Protection Officer (DPO)

For GDPR/LGPD-related inquiries:

**Email:** [privacy@zappway.ai](mailto:privacy@zappway.ai)\
**Subject:** "Data Protection Request"\
**Response time:** Within 2-3 business days

### Security Concerns

For security issues or data breaches:

**Email:** [security@zappway.ai](mailto:security@zappway.ai)\
**Subject:** "SECURITY ISSUE" or "DATA BREACH"\
**Response time:** Within 24 hours

### Mailing Address

**ZappWay**\
Avenida Brigadeiro Faria Lima, 1811, Esc 1120\
Jardim Paulistano\
São Paulo/SP\
Brasil 🇧🇷\
CEP 01452-001

### Office Hours

**Support availability:**

* **Email support:** 24/7 (response within 24-48 hours)
* **Live chat:** Monday-Friday, 9 AM - 6 PM BRT (Brazilian Time)
* **Emergency security issues:** 24/7

### Additional Resources

* [GDPR/LGPD Compliance](/privacy/gdpr)
* [Cookie Policy](/privacy/cookie-policy)
* [Terms of Service](/privacy/terms-of-service)

***

## Quick Reference

### For AI Employee Creators

**Your responsibilities:**

* You are the data controller for data collected through your AI Employees
* Provide privacy notices to respondents
* Handle data subject requests from respondents
* Define data retention periods
* Ensure GDPR/LGPD compliance for your use case

**Your rights:**

* Access, rectify, delete, or export your account data
* Object to processing or restrict processing
* Withdraw consent for marketing
* Lodge complaints with authorities

### For End Users/Respondents

**Your rights:**

* Contact the AI Employee creator for data requests
* Contact ZappWay if creator is unavailable
* Lodge complaints with data protection authorities

**Privacy protection:**

* AI Employee creators control your data
* ZappWay processes data on their behalf
* Your data is protected by GDPR/LGPD

### For Website Visitors

**What we collect:**

* Technical data (IP, browser, device)
* Navigation data (pages visited)
* Cookies (with consent)

**Your control:**

* Manage cookie preferences
* Opt out of analytics
* Contact us to delete visitor data

***

**Last Updated:** March 2026\
**Version:** 2.0\
**Effective Date:** December 15, 2024\
**Regulatory Compliance:** GDPR (EU Regulation 2016/679) & LGPD (Lei 13.709/2018)

***
