Skip to main contentSkip to navigation
Early Access - Help us improve

Privacy Policy

Last Updated: 5 January 2026

1. Introduction

Zuro ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our knowledge base platform ("Service"). This policy complies with the General Data Protection Regulation (GDPR) and UK data protection laws.

2. Data Controller

Zuro is the data controller for your personal data. As the data controller, we determine the purposes and means of processing your personal data.

If you have questions about this policy or our data practices, or wish to exercise your data protection rights, please contact us at:

Email: privacy@zuro.me
Support: support@zuro.me

Supervisory Authority: If you are located in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). For more information, visithttps://ico.org.uk.

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, password (hashed), subscription tier
  • Profile Information: Timezone, country preferences
  • Content: Knowledge bases, articles, documents, and other content you create or upload
  • Payment Information: Processed securely through third-party payment processors (we do not store full card details)
  • Support Communications: Messages, emails, and other communications with our support team

3.2 Information Collected Automatically

  • Usage Data: Page views, article views, search queries, navigation patterns, session duration
  • Device Information: IP address, browser type, operating system, device type
  • Analytics Data: Popular articles, search analytics, user journeys, peak usage times
  • Technical Data: Log files, error reports, performance metrics

3.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Essential Cookies: Required for authentication, session management, and core Service functionality
  • Analytics Cookies: Help us understand how users interact with the Service (page views, navigation patterns, popular content)
  • Preference Cookies: Remember your settings and preferences
  • Performance Cookies: Monitor Service performance and identify issues

Google Analytics: We use Google Analytics to understand how users interact with the site. You can control cookies through your browser settings.

Google Analytics uses cookies to collect information such as page views, time spent on pages, and navigation paths. This data is processed by Google according to their Privacy Policy and Terms of Service. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-onor by contacting us at privacy@zuro.me.

Cookie Control: You can control cookies through your browser settings. However, disabling essential cookies may affect Service functionality. Disabling analytics cookies will prevent Google Analytics from tracking your visits.

Third-Party Tracking: We use Google Analytics for website analytics. We do not use cookies for advertising purposes. Knowledge base owners (on Starter, Professional, and Enterprise plans) may configure their own Google Analytics tracking for their knowledge bases, which is subject to their own privacy policies.

4. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage subscriptions
  • Authenticate users and prevent fraud
  • Send service-related communications (notifications, updates, support)
  • Generate analytics and insights about your knowledge bases
  • Provide AI-powered features (content generation, enhancement, SEO)
  • Comply with legal obligations
  • Respond to your inquiries and provide customer support

Legal Basis (GDPR): We process your data based on:

  • Contract: To fulfill our service agreement with you
  • Legitimate Interest: To improve the Service, prevent fraud, and ensure security
  • Consent: For marketing communications (where applicable)
  • Legal Obligation: To comply with applicable laws

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service Providers: Third-party services that help us operate (hosting, payment processing, email delivery, analytics)
  • AI Service Providers: OpenAI for AI-powered features (content is processed according to their privacy policy)
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice)

All third-party service providers are contractually obligated to protect your data and use it only for specified purposes.

5.1 Third-Party Services

We use third-party services to operate and improve our platform. These services process data according to their own privacy policies and our contractual agreements. The main categories of third-party services we use include:

  • AI Service Providers: We use third-party AI services (such as OpenAI) for content generation, enhancement, SEO optimisation, and analytics analysis.
    • What data is shared: When you use AI-powered features, your content, prompts, and documents are sent to these AI service providers for processing.
    • Why we share it: To provide AI-powered content generation, enhancement, and optimisation features.
    • AI Training: These providers may use your content to train and improve their AI models. You can choose not to share content for third-party AI training; in that case, AI generation features may not work or may be limited. You can typically opt out of such training through the provider's mechanisms or by contacting them directly.
    • Provider Policies: We will notify you of the specific AI provider when you use these features, and you can review their privacy policy at that time. These providers may have their own data sharing practices beyond our control.
  • Payment Processors: We use third-party payment processors to handle subscription payments and billing. Payment information is processed securely by these providers, and we do not store full payment card details. Payment processors are required to comply with PCI DSS standards for payment data security.
  • Cloud Hosting and Infrastructure: Our Service is hosted on cloud infrastructure providers that process server logs, infrastructure data, and host our application servers. These providers maintain industry-standard security measures and data protection practices.
  • Database Services: We use cloud database services to store your data. These services maintain appropriate security measures and data protection standards.
  • Analytics Services: We use Google Analytics to analyse website usage and improve our Service.
    • What data is shared: Google Analytics collects information about your visit to our website, including page views, time spent on pages, device information, IP address (anonymized), and navigation patterns.
    • Why we share it: To understand how visitors use our website, identify popular content, and improve user experience.
    • Provider Policies: Google processes this data according to their Privacy Policy. Google may use this data for their own purposes as described in their privacy policy.
    • Opt-Out: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-onor by contacting us.
    • Knowledge Base Analytics: Knowledge base owners (on Starter, Professional, and Enterprise plans) may configure their own Google Analytics tracking for their knowledge bases. This tracking is controlled by the knowledge base owner and subject to their own privacy policies.
  • Integration Services: We use Zapier to enable workflow automation and integrations with third-party applications.
    • What data is shared: When you connect your Zuro account to Zapier, certain data (such as article content, knowledge base information, and metadata) may be shared with Zapier.
    • Why we share it: To facilitate workflow automation and integrations with third-party applications you choose to connect.
    • Provider Policies: Zapier processes this data according to their Privacy Policy. Zapier may share data with the third-party applications you connect through their platform.
    • Control: You can disconnect your Zapier integration at any time through your account settings.

By using our Service, you acknowledge that your data may be processed by these third-party services as necessary to provide the Service. All third-party service providers are contractually obligated to protect your data and use it only for specified purposes. If you would like to know the specific providers we use, please contact us at privacy@zuro.me.

5.2 AI Processing and Opt-Out

When you use AI features, text and documents you submit are processed by our AI provider to generate results. By default, content submitted to AI features may be used by third-party AI providers to train or improve models. You can opt out of AI model training via your account's Privacy Preferences in Zuro. When you opt out, Zuro will configure AI processing so your content is excluded from third-party AI training. AI generation features will still work for your account, though some training-based improvements may not apply.

We do not use your personal content to train our own models without your explicit consent.

Our Use of Analytics: We use aggregated, anonymized analytics data to improve our Service, including:

  • Understanding how users interact with knowledge bases
  • Identifying common search patterns and content gaps
  • Improving our AI-powered features and recommendations
  • Enhancing user experience and service quality

This analytics data is aggregated and anonymized, and does not identify individual users or contain personal information. We do not use your personal content to train our own AI models without your explicit consent.

6. Data Retention and Deletion

We retain personal data only for as long as necessary to provide the service, meet legal obligations, or resolve disputes. Content data may be deleted following account closure.

Specifically, we retain data for:

  • Service Provision: To provide the Service to you while your account is active
  • Legal Compliance: To comply with legal obligations, tax requirements, and regulatory requirements
  • Record-Keeping: To resolve disputes, enforce agreements, and maintain business records

Account Deletion: When you delete your account or request data deletion, we will permanently remove personal data within 30 days, except where we are required to retain it for legal purposes (such as tax records, which we may retain for up to 7 years as required by UK law).

Content Retention: Your content (knowledge bases, articles) may be retained for a longer period if required for service continuity, backup purposes, or legal compliance. However, personal identifying information will be removed or anonymized.

Third-Party Data: When you delete your account, we will request that third-party service providers delete your data in accordance with their policies. However, some providers may retain data according to their own retention policies, which you should review separately.

7. Your Rights (GDPR)

Under GDPR and UK data protection laws, you have the following rights:

  • Right of Access: Request a copy of your personal data and information about how it is processed
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten") in certain circumstances
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format
  • Right to Object: Object to processing based on legitimate interests, including direct marketing
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal
  • Right to Object to Automated Decision-Making: Not be subject to decisions based solely on automated processing that significantly affects you

How to Exercise Your Rights: To exercise any of these rights, contact us at privacy@zuro.me or support@zuro.me. Please specify which right(s) you wish to exercise and provide sufficient information to identify your account.

Response Time: We will respond to your request within one month (30 days) of receipt, though this may be extended by two months for complex requests. We will inform you if an extension is needed and explain why.

Verification: We may require proof of identity before processing your request to ensure we are responding to the correct person and protecting your data from unauthorized access.

No Charge: Exercising your GDPR rights is free of charge, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

Right to Lodge a Complaint: If you believe we have violated your data protection rights, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) athttps://ico.org.uk/make-a-complaintor by contacting them at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom. Telephone: 0303 123 1113.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure authentication and access controls
  • Regular security assessments and updates
  • Limited access to personal data on a need-to-know basis
  • Secure data centers and infrastructure
  • Regular backups and disaster recovery procedures
  • Staff training on data protection and security

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Breach Notification: In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority (ICO) without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible. We will provide clear information about the nature of the breach, the likely consequences, and the measures we are taking to address it.

9. International Data Transfers

Your data may be processed and stored outside the European Economic Area (EEA), including in the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data in accordance with GDPR requirements.

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last Updated" date at the top indicates when changes were last made. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or wish to exercise your rights regarding this Privacy Policy, please contact us:

Email: privacy@zuro.me
Support: support@zuro.me