Privacy Policy

1. Scope of This Policy

This Policy applies to:

• Visitors to our website;
• Customers who use our Services ("Customers"); and
• Individuals whose personal data is processed through our Services on behalf of Customers ("End Users").

The Services include our cloud-based support automation software that connects to Customers' support inboxes and subscription systems to assist with drafting and managing support responses.

2. Roles and Responsibilities

2.1 Data Controller and Data Processor

Customers are the data controllers for personal data contained in their support inboxes and related systems.

Zlick acts as a data processor, processing personal data solely on documented instructions from Customers and for the purpose of providing the Services. Zlick does not determine the purposes or means of processing End User personal data.

If you are an End User (for example, a subscriber contacting a publisher's support inbox), requests relating to your personal data should be directed to the relevant Customer.

3. Personal Data We Process

We process only the minimum data necessary to provide the Services.

3.1 Support and Email Data (Processed on Behalf of Customers)

When Customers connect their support inboxes, we may process:

• Email content (message body and subject);
• Attachments;
• Metadata (sender, recipient, timestamps, message IDs, thread references);
• Ticket status and workflow data.

Processing model:

• Raw email content is processed transiently.
• Only structured and derived data (e.g. ticket state, summaries, classifications, suggested replies) is persisted.

3.2 Account and Contact Data

For Customers and authorized users, we process:

• Name;
• Email address;
• Organization details;
• User role and access credentials.

3.3 Payment Data

Payments are processed by Stripe. Zlick does not store or process full payment card data. We receive limited billing information (e.g. customer name, billing email, invoice status).

3.4 Technical and Usage Data

We collect limited technical data necessary to operate and secure the Services, such as:

• IP address;
• Device and browser type;
• Log and audit events;
• Service usage metrics.

4. How We Use Personal Data

We process personal data only for the following purposes:

• Providing, operating, and maintaining the Services;
• Generating draft support responses and workflow assistance;
• Enabling Customers' support agents to review, edit, and send responses;
• Customer onboarding, configuration, and support;
• Billing and account administration;
• Security, abuse prevention, and system monitoring.

Human-in-the-loop: All responses generated by the system are reviewed and approved by the Customer's support agents before being sent.

5. Use of AI

Customer data is processed to provide AI-assisted support functionality only for that Customer.

We do not use Customer or End User data to train general-purpose AI models.

AI outputs are generated in real time and are subject to human review by the Customer.

6. Access by Zlick Personnel

Zlick personnel may access raw support data:

• During initial system setup and onboarding;
• For troubleshooting, customer support, and quality assurance;
• On a limited, need-to-know basis.

All access is logged and governed by internal confidentiality and security controls.

7. Legal Basis for Processing (GDPR)

When acting as a controller (for account and billing data), our legal bases include:

• Performance of a contract;
• Legitimate interests (limited to operating, securing, and improving the Services);
• Legal obligations.

When acting as a processor, we process personal data solely on Customers' documented instructions.

8. Data Retention

We retain personal data only as long as necessary:

• Account data: retained while the Customer account is active;
• Support data: deleted within 1 month after a Customer disconnects their inbox;
• Raw email content: retained until ticket closure plus 1 month, and never longer than 6 months;
• Derived and structured data: retained up to 6 months;
• Backups: retained for up to 12 months.

Data may be retained longer where required by law.

9. Sub-processors and Third Parties

We use a limited number of vetted sub-processors, including:

• Cloud infrastructure providers (AWS);
• Email platform APIs (e.g. Google, Microsoft);
• Payment processing (Stripe);
• AI service providers (e.g. OpenAI, Google Gemini).

All sub-processors are bound by contractual data protection obligations consistent with GDPR requirements.

10. International Data Transfers

Where personal data is processed outside the EU/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses to ensure an adequate level of protection.

11. Cookies

We use essential cookies only, required for authentication, security, and core functionality. We do not use marketing or advertising cookies.

12. Data Subject Rights

Depending on applicable law, individuals may have rights to:

• Access their personal data;
• Rectify inaccurate data;
• Request erasure or restriction;
• Object to processing;
• Data portability;
• Lodge a complaint with a supervisory authority.

Requests relating to data processed on behalf of a Customer should be directed to that Customer.

13. Security Measures

We implement appropriate technical and organizational measures, including:

• Encryption at rest and in transit;
• Role-based access controls;
• Logging and monitoring;
• Secure cloud infrastructure.

No system is completely secure, but we take reasonable steps to protect personal data.

14. Children's Data

The Services are not directed at children. However, Zlick may process personal data relating to children where such data is included in support communications sent to our Customers. In such cases, Zlick acts solely as a data processor on the Customer's instructions.

15. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated via the Service or by email.

16. Contact

For privacy or data protection questions: