By creating a Zypento account, connecting a store, or otherwise using the service, you agree to these Terms of Service ("Terms"). If you're agreeing on behalf of a company, you represent that you have authority to bind that company.
We may update these Terms from time to time. Material changes will be announced at the email address on your account at least 14 days before they take effect. Continued use of the service after that date is your acceptance of the updated Terms.
Zypento provides AI-driven tools for ecommerce operators — initially abandoned-cart recovery via the Zypento Cart Recovery agent, with additional agents added over time. The service includes:
We may release features in beta. Beta features are provided "as is" and may be discontinued.
You're responsible for keeping your login credentials confidential, and for everything that happens under your account. Notify us promptly at security@zypento.com if you suspect unauthorised access.
You retain all rights to the data you connect to the service — store data, customer email lists, brand voice samples, comment feedback. You grant Zypento a worldwide, non-exclusive licence to process that data solely to operate and improve the service for your account.
Per-business AI feedback (reactions and comments on generated nudges) is used to improve subsequent nudges for that same business only. It is not used to train a global model that benefits other customers.
You may export or delete your data at any time from the dashboard, or by emailing privacy@zypento.com.
Paid plans are billed monthly or annually in advance. Cart counts above your plan's monthly cap will either pause the agent for that calendar month or be billed at the published per-cart overage rate, depending on your plan settings.
All fees are non-refundable except where required by law. You may cancel at any time — the cancellation takes effect at the end of the current billing period.
You agree not to use the service to:
We reserve the right to suspend accounts engaged in any of the above. Where reasonable we'll notify you first.
Zypento, the service, and the software that runs it remain our property. AI-generated content composed by the agent for your store is yours to use without restriction; the underlying agent, prompts, and models are not.
The service is provided "as is" without warranties of merchantability, fitness for a particular purpose, or non-infringement. We don't guarantee any specific recovery rate, deliverability outcome, or revenue lift — recovery performance depends on your store, products, customers, and email reputation.
To the maximum extent permitted by law, Zypento's total aggregate liability for any claim arising out of these Terms or the service is limited to the amount you paid us in the 12 months preceding the claim. We are not liable for indirect, incidental, special, consequential, or punitive damages, including lost revenue or lost data.
Either party may terminate this agreement for any reason. We may terminate or suspend access immediately if you breach these Terms in a way that risks the service or other customers. On termination, you may export your data for a reasonable period before it is deleted.
These Terms are governed by the laws applicable to Zypento's place of incorporation, without regard to its conflict-of-law provisions. Disputes will be resolved in the courts located there.
This section forms the data processing agreement required by Article 28 of the UK GDPR and the EU GDPR. It applies whenever Zypento processes personal data on your behalf — most notably the customer-side data flowing through the Cart Recovery agent. It is incorporated into these Terms; you don't need to sign a separate document. Where local law requires a counter-signed DPA, email privacy@zypento.com and we'll provide one mirroring the clauses below.
For personal data submitted to the service in connection with your store's customers (including abandoned-cart records, the customer email if your store passes one, and any reactions, comments, or attribution events you generate), you are the data controller and Zypento is the processor. For the data you provide about yourself as a Zypento customer (your account email, billing details, sign-in records), Zypento is the controller and our Privacy Policy governs.
Zypento processes the above personal data only on your documented instructions. Your acceptance of these Terms, your configuration choices in the dashboard and the Zypento plugin, and any further written instructions you send us (including by support ticket) constitute those instructions. We will tell you if, in our opinion, an instruction infringes GDPR or applicable data-protection law, before acting on it.
Every Zypento employee, contractor and sub-processor authorised to access personal data processed on your behalf is bound by a written confidentiality undertaking or an equivalent statutory duty.
Taking into account the state of the art, the cost of implementation, and the nature of the data processed, Zypento implements appropriate technical and organisational measures to protect personal data. These include:
You give Zypento general authorisation to engage sub-processors. The current list — and the categories of data each receives — is maintained in our Privacy Policy. Where a sub-processor receives personal data we have flowed-down contract terms imposing equivalent protection obligations. We will give you reasonable advance notice of any new sub-processor (via in-product notice or to your account email); if you reasonably object on data-protection grounds within 14 days, you may terminate the affected service for a pro-rata refund of pre-paid fees.
Taking into account the nature of the processing, Zypento will assist you (by appropriate technical and organisational measures, and so far as possible) to respond to data-subject requests under Chapter III of GDPR — access, rectification, erasure, restriction, portability, and objection. Most requests can be self-served via the dashboard's export and delete tools; for anything else, email privacy@zypento.com.
We will also assist you in meeting your obligations under Articles 32–36 (security, breach notification, data-protection impact assessments, prior consultation), taking into account the nature of the processing and the information available to us.
We will notify you without undue delay — and in any case within 72 hours of becoming aware — if we discover a personal-data breach affecting personal data we process on your behalf. The notification will describe the nature of the breach, the categories and approximate number of affected data subjects, the likely consequences, and the measures taken or proposed to address it.
The Cart Recovery agent will only receive customer email addresses from your store if you have explicitly enabled the "Collect shopper email for cart recovery" toggle in the Zypento plugin's settings. The toggle is off by default. When it is off, no shopper email is sent to Zypento and the agent runs without it.
When you enable the toggle, you confirm that you have a lawful basis under Article 6 GDPR (and, in the UK / EU, a permitted basis under PECR / the ePrivacy Directive) to send cart-recovery emails to those customers. The common bases are the "soft opt-in" for existing customers, or explicit consent collected at checkout. Establishing the lawful basis is your responsibility; Zypento does not collect consent on your behalf.
Every recovery email composed by Zypento includes a one-click unsubscribe link to a Zypento-hosted endpoint. Clicking the link records an opt-out for the customer's email + your business; the agent will refuse to compose any further nudges for that recipient.
At your choice (expressed by support request, by triggering the dashboard's "Delete account" flow, or by the close-out clause in 10), Zypento will delete or return all personal data processed on your behalf within 30 days of termination, except where storage is required by law. Backup copies are overwritten on the normal backup-rotation cycle (currently 35 days).
We will make available to you the information necessary to demonstrate compliance with this section. We will respond to reasonable written audit requests with a current SOC-2-style summary, our sub-processor list, and answers to a security questionnaire. On-site audits are by appointment, no more than once per twelve-month period, and at your cost — unless the audit is mandated by a supervisory authority.
Zypento's primary infrastructure is hosted in the European Economic Area. Where personal data is transferred outside the EEA / UK (for example to a US-based AI sub-processor), we rely on an adequacy decision where one exists, and otherwise on the EU Standard Contractual Clauses (Module Two: controller → processor) and the UK International Data Transfer Addendum. We will provide copies on request.
To the extent there is any conflict between this section 12 and any other part of these Terms in respect of personal-data processing on your behalf, this section 12 takes precedence.
Questions about these Terms: legal@zypento.com. Data-protection requests: privacy@zypento.com.