Skip to main content

Legal

Privacy Policy

Last updated: March 2026

Zamora AI SRL ("Zamora," "we," "our," or "us") operates the ANDI business operating system and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website at zamora.ai or use our platform. Please read this policy carefully. If you disagree with its terms, please discontinue use of our services.

1. Information We Collect

Account and Registration Information

When you create an account or request access to the ANDI platform, we collect information you provide directly, including your name, business email address, company name, job title, and billing information where applicable. We use this information to provision your account, communicate with you about your subscription, and comply with our legal and contractual obligations.

Usage and Platform Data

We automatically collect data about how you interact with our platform. This includes feature usage patterns, session durations, queries submitted to ANDI, workflow configurations, and error logs. This data is used to maintain service quality, improve product functionality, and provide customer support. We do not use the content of your business data to train our AI models without your explicit consent.

Technical and Device Information

We collect technical information including IP addresses, browser type and version, operating system, referring URLs, and device identifiers. This information is used for security monitoring, fraud prevention, and aggregate analytics to understand how our services are accessed.

Communications

If you contact us by email, submit a support request, or participate in surveys, we retain those communications and any information you provide within them. This allows us to track ongoing issues and improve the quality of our support.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing, operating, and maintaining the ANDI platform and associated services
  • Processing transactions and sending related notices, including purchase confirmations and invoices
  • Responding to your comments, questions, and requests and providing customer support
  • Sending product updates, security alerts, and administrative messages
  • Monitoring and analyzing usage patterns to improve product features and performance
  • Detecting, investigating, and preventing fraudulent transactions and other illegal activities
  • Complying with applicable laws, regulations, and legal processes
  • Enforcing our Terms of Service and other agreements

We will not sell your personal information or use it to target you with advertising unrelated to our services. Where we rely on legitimate interests as a legal basis for processing, we ensure those interests are not overridden by your rights and freedoms.

3. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We may share information in the following limited circumstances:

Service Providers

We engage trusted third-party vendors to perform services on our behalf, including cloud infrastructure hosting, payment processing, customer support tooling, and analytics. These providers are contractually bound to handle data only as directed by us, maintain appropriate security measures, and are prohibited from using your data for their own purposes.

Business Transfers

If Zamora is involved in a merger, acquisition, asset sale, or similar transaction, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

Legal Requirements

We may disclose your information where required to do so by applicable law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

4. Data Security

We implement administrative, technical, and physical security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest using AES-256
  • Role-based access controls and least-privilege principles
  • Regular penetration testing and third-party security audits
  • Incident response procedures and breach notification protocols
  • SOC 2 Type II compliance program

While we take commercially reasonable precautions to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security and encourage you to use strong passwords and maintain the security of your account credentials.

5. Your Rights

Depending on your location, you may have certain rights regarding your personal information. We honor these rights without discrimination.

Rights Under GDPR (EEA, UK, and Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation or equivalent national laws:

  • Right of access to the personal data we hold about you
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") in certain circumstances
  • Right to restriction of processing
  • Right to data portability in a machine-readable format
  • Right to object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent at any time where processing is based on consent
  • Right to lodge a complaint with your national data protection authority

Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act grants you specific rights, including the right to know what personal information we collect and how it is used, the right to delete your personal information, the right to opt out of the sale of your personal information (we do not sell personal information), and the right to non-discrimination for exercising your rights.

To exercise any of these rights, please contact us at hello@zamora.ai. We will respond to verified requests within the timeframe required by applicable law (typically 30 days for GDPR and 45 days for CCPA requests).

6. Cookie Policy

We use cookies and similar tracking technologies to operate our website and platform. Cookies are small text files placed on your device that help us recognize you and remember your preferences.

Types of Cookies We Use

  • Essential cookies - Required for the platform to function, including session management and security tokens
  • Analytics cookies - Help us understand how visitors use our site through aggregate, anonymized data
  • Preference cookies - Remember your settings and choices to personalize your experience

You can control cookies through your browser settings and our cookie preference center. Blocking essential cookies may impair platform functionality. We do not use cookies to serve third-party advertising.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. We also retain information as necessary to comply with legal obligations, resolve disputes, enforce agreements, and maintain appropriate business records. When information is no longer required, we delete or anonymize it using commercially reasonable methods. Following account termination, we typically retain account data for up to 90 days before permanent deletion, unless a longer retention period is required by law.

8. International Data Transfers

Zamora is headquartered in Romania. If you are accessing our services from outside Romania, your information may be transferred to, stored, and processed in Romania or other countries where our service providers operate. For transfers of personal data from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission and equivalent mechanisms to ensure an adequate level of data protection.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending an email to the address associated with your account. Your continued use of our services after the effective date of any changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:

  • Email: hello@zamora.ai
  • Zamora AI SRL, Bucharest, Romania

For EEA residents, you may also contact our appointed Data Protection Representative at the same email address. We aim to acknowledge all privacy inquiries within five business days.