Privacy Policy

Last updated: 6 June 2026

1. The short version

Zypento helps ecommerce stores recover abandoned carts using AI agents. To do that, your store sends us cart data (items, customer email, etc.); we use that data only to compose recovery messages on your behalf. We don't sell personal information. Per-business AI feedback stays per-business.

2. Data we collect

From you (the operator):

• Account details (name, email, password hash).
• Business profile (store name, URL, brand voice samples, plan).
• Payment metadata via our billing provider (we don't store full card numbers).

From your store:

• Abandoned cart contents (line items, totals, currency).
• Customer identifier and email for the abandoned cart (so we can send the nudge).
• Order outcomes (recovered / not recovered) for attribution.

Operational telemetry:

• Click events on recovery links (for attribution).
• Diagnostic logs (request IDs, error traces). Stripped of message bodies.

3. Why we collect it

• To provide the service (compose & send recovery messages, report outcomes).
• To bill the right plan (counting carts processed per month).
• To improve your agent: feedback you give in the dashboard (👍/👎/💬) shapes the next nudge for your business.
• To prevent abuse (rate-limits, fraud detection on logins).

4. AI processing

The recovery agent composes messages by sending cart context + your brand voice samples to an AI provider (OpenAI, Anthropic, or Google, depending on your configuration). Providers may briefly retain inputs for abuse-monitoring per their own policies.

The reaction/feedback loop is scoped to your business only. Comments you write in the dashboard feed into your business's next prompt; they are not shared across customers or used to train a global model.

5. Sharing & subprocessors

We share data with a small set of subprocessors required to run the service:

• AI providers (OpenAI / Anthropic / Google) — only the data needed to compose a specific nudge.
• Email delivery provider (Mailgun) — recipient address + message body.
• Cloud hosting + database providers.
• Billing provider (for invoicing and subscription state).

We don't sell personal data. We don't share it with advertisers.

6. Data retention

• Account & business profile: kept while your account is active, deleted on request.
• Abandoned cart records: 90 days, then purged unless they led to a recovery (those are kept for attribution).
• AI-generated nudge bodies: 90 days.
• Operational logs: 30 days.

7. Security

We encrypt data in transit (TLS) and at rest. Access to production systems is logged and limited to engineers on call. We follow least-privilege principles for internal access. Suspected incidents: security@zypento.com.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, and to object to processing. You can act on most of these directly from the dashboard, or email privacy@zypento.com and we'll respond within 30 days.

9. International transfers

Zypento is built on cloud infrastructure that may process data outside your country. We rely on standard contractual clauses or equivalent transfer mechanisms where required.

10. Cookies

Marketing pages set a small number of first-party cookies for session continuity and signed-in state. Dashboard pages additionally set a CSRF nonce. We do not use cross-site tracking cookies.

11. Changes to this policy

We may update this policy. Material changes will be announced at the email on your account at least 14 days before they take effect.

12. Contact

Privacy questions or data requests: privacy@zypento.com.