Privacy Policy
Effective date: February 12, 2026
Zenfox has been reviewed by third-party security auditors to ensure we comply with strict security requirements. We undergo an annual security audit to maintain this certification.
Learn more about CASA (Cloud Application Security Assessment)1. Introduction
Welcome to Zenfox.ai ("Zenfox", "we", "us", or "our"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered automation assistant platform. By using Zenfox.ai, you agree to the collection and use of information in accordance with this policy.
2. Data We Collect
We collect the following types of information: • Account information: name, email address, company name, and billing details when you create an account. • Usage data: information about how you interact with our platform, including automation configurations, task logs, and feature usage. • Connected service data: data from third-party services you connect to Zenfox (e.g., Gmail, Slack, HubSpot) as necessary to perform automations on your behalf. • Technical data: IP address, browser type, device information, and operating system. • Communication data: support tickets, feedback, and correspondence with our team.
3. How We Use Your Data
We use your data for the following purposes: • To provide, operate, and maintain our automation services. • To execute automations and workflows you configure. • To personalize and improve your experience. • To process payments and manage your subscription. • To communicate with you about your account, updates, and support. • To detect, prevent, and address technical issues and security threats. • To comply with legal obligations.
4. Data Processors
We use the following third-party data processors to operate our services: • Qoddi App Platform (qoddi.com): Hosts our application infrastructure. Qoddi processes your data as needed to run the Zenfox platform and execute your automations. • Wasabi (wasabi.com): Provides cloud object storage for files, backups, and automation artifacts. Wasabi stores your data in encrypted form across our designated storage regions. • Infisical (infisical.com): Manages client secrets, passwords, and sensitive credentials used by your automations. Infisical is an end-to-end encrypted secrets management platform — all secrets are encrypted locally using AES-256-GCM before transmission and at rest. Infisical is SOC 2, HIPAA, and FIPS 140-3 compliant, undergoes continuous penetration testing, and enforces granular role-based access controls with full audit logging of every access and change. No plaintext secret ever leaves your environment unencrypted. • Google Cloud Platform (cloud.google.com): Hosts our vector database used for semantic search functionality. Only anonymized data points are stored — no personally identifiable information is sent to or retained by Google Cloud. All data is encrypted in transit and at rest using Google-managed encryption keys. • Anthropic Claude (anthropic.com): Provides the AI reasoning model used to power automation logic and intelligent task processing. Only anonymized and contextually necessary data is sent to Anthropic when reasoning tasks are required. Anthropic does not use your data to train its models. All API communications are encrypted in transit. • BrowserBase (browserbase.com): Provides cloud browser infrastructure for computer use automations that interact with websites and web applications on your behalf. BrowserBase executes browser sessions in isolated, sandboxed environments. Session data is ephemeral and not retained after task completion. • Redis (redis.io): Stores and executes in-memory jobs used for task queuing, scheduling, and background processing within the Zenfox platform. All data is encrypted in transit and at rest. Redis is SOC 2 and HIPAA compliant. • Pipedream (pipedream.com): Provides encrypted OAuth token management for accessing third-party applications that are not directly integrated with Zenfox. Pipedream acts as a secure middleware layer — all OAuth tokens are encrypted and managed by Pipedream's infrastructure. No credentials are stored on the Zenfox platform for Pipedream-managed connections. All data processors are bound by data processing agreements and are required to handle your data in accordance with applicable data protection laws.
5. Data Storage Regions
By default, all user data is stored and processed in the European Union (EU). The EU is the primary and default storage region for all accounts. Users may explicitly choose a different storage region during account setup or in their account settings. The available regions are: • Europe (EU) — default • United Kingdom • Canada • Singapore • United States — available only upon explicit user request Data is stored in the United States only when the user explicitly selects it as their preferred storage region. This is never the default and never occurs without explicit user action.
6. Data Security
We implement industry-standard security measures to protect your data: • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. • Encryption at rest: All stored data is encrypted using AES-256 encryption. • Access controls: Strict role-based access controls limit who can access your data within our organization. • Regular audits: We conduct regular security assessments and penetration testing. • SOC 2 Type I compliance: Our infrastructure and processes are audited to meet SOC 2 Type I standards.
7. Cookies
We use cookies and similar technologies for the following purposes: • Essential cookies: Required for the platform to function (e.g., authentication, session management). • Analytics cookies: Help us understand how users interact with our platform so we can improve it. • Preference cookies: Remember your settings and preferences. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data: • Access: Request a copy of the personal data we hold about you. • Rectification: Request correction of inaccurate or incomplete data. • Erasure: Request deletion of your personal data ("right to be forgotten"). • Portability: Request a portable copy of your data in a structured format. • Restriction: Request that we limit processing of your data. • Objection: Object to our processing of your data for certain purposes. • Withdraw consent: Where processing is based on consent, you may withdraw it at any time. To exercise any of these rights, please contact us at privacy@zenfox.ai.
9. Data Controller
The data controller responsible for your personal data is: Zenfox AI LTD 66 Paul Street London, EC2A 4NA United Kingdom You can contact our data protection team at privacy@zenfox.ai.
10. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases: • Contract performance: Processing necessary to provide the Service you have subscribed to (Article 6(1)(b)). • Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights (Article 6(1)(f)). • Consent: Where you have given explicit consent for specific processing activities, such as marketing communications (Article 6(1)(a)). You may withdraw consent at any time. • Legal obligation: Processing necessary to comply with applicable laws and regulations (Article 6(1)(c)).
11. International Data Transfers (GDPR)
Zenfox does not transfer personal data from the European Union to the United States or any other third country. All data belonging to EU-based users is stored and processed exclusively within the European Union by default. Data is stored in the United States only when a user explicitly selects the United States as their preferred storage region. In that case, the data remains in the United States and is not transferred back to the EU or any other region. Zenfox does not rely on the EU-US Data Privacy Framework (formerly Privacy Shield), Standard Contractual Clauses (SCCs), or the invalidated Safe Harbor framework to justify international data transfers — because no such transfers occur. Each storage region operates as a fully isolated data enclave. This architecture eliminates the legal uncertainty associated with cross-border data flows and ensures that your data remains under the jurisdiction you selected, in full compliance with GDPR Articles 44–49.
12. Supervisory Authority
If you are located in the EEA or the United Kingdom and believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. For UK residents, the relevant supervisory authority is: Information Commissioner's Office (ICO) Wycliffe House, Water Lane Wilmslow, Cheshire, SK9 5AF United Kingdom https://ico.org.uk For EEA residents, you may contact the supervisory authority in your country of residence.
13. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy: • Account data: Retained for the duration of your account and up to 30 days after account deletion. • Usage and log data: Retained for up to 12 months for analytics and troubleshooting. • Billing data: Retained for up to 7 years as required by tax and financial regulations. • Connected service data: Deleted within 30 days of disconnecting a third-party service. You may request earlier deletion by contacting us at privacy@zenfox.ai.
14. Children's Privacy
Zenfox.ai is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at privacy@zenfox.ai and we will take steps to delete such information.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on our platform at least 30 days before the changes take effect. We encourage you to review this policy periodically for any updates.
16. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: Zenfox AI LTD 66 Paul Street London, EC2A 4NA United Kingdom • Email: privacy@zenfox.ai • General inquiries: hello@zenfox.ai