Privacy Policy
Last modified: December 12, 2024
Zarat.ai (“we,” “our,” or “us”) provides automated AI solutions, including customer feedback services on behalf of businesses. We take privacy seriously and are committed to maintaining the highest standards of data protection. This Privacy Policy explains how we collect, use, store, and protect the personal information of customers provided to us by our clients.
By interacting with our services, you acknowledge and agree to the terms of this Privacy Policy.
1. Information We Collect
We collect and process end-customer data provided by our clients for the purpose of obtaining service feedback.
1.1. Data Provided by Clients
Clients provide us with the following customer data:
- Full Name
- Phone Number (mobile or landline)
- Business Name and Interaction Date (e.g., when the customer used the client’s service).
1.2. Information Collected During Interactions
When we contact customers on behalf of our clients, we may collect:
- Verbal Consent: Recorded or logged confirmation when the customer agrees to receive SMS communications.
- Feedback Responses: Customer input shared via our AI-powered phone agents.
1.3. Automatically Collected Information
- Call and SMS Logs: Timestamp, phone number, call duration, and message delivery status.
- Technical Data: IP address, device/browser type, and website usage logs when you visit Zarat.ai.
2. How We Use Your Information
We process personal data strictly for the following purposes:
- Feedback Collection: To gather feedback about a business’s service via calls and follow-up SMS messages.
- Verbal Consent Confirmation: To log and confirm customer consent before sending SMS messages.
- Review Generation: To send Google review links via SMS if the customer provides consent.
- Compliance and Audit: To retain consent logs for verification and audit purposes.
- Service Improvement: To enhance the performance of our AI systems and improve service quality.
We do not use personal data for purposes unrelated to the above without explicit customer consent.
3. Lawful Basis for Processing
In accordance with GDPR, we process personal data under the following legal bases:
- Consent: Customers provide explicit verbal consent during agent calls (AI and Human).
- Contractual Obligation: We process data to fulfill services contracted with our clients.
- Legitimate Interest: To deliver services, ensure compliance, and improve business performance.
For TCPA compliance (U.S.), we strictly adhere to:
- Verbal consent during calls before sending any follow-up SMS messages.
- Providing opt-out mechanisms in all SMS communications.
4. Opt-In and Consent Process
We require explicit consent from end-customers before sending SMS messages.
4.1 Verbal Consent
Our AI phone agents clearly explain the purpose of the communication and request consent:
“Hi, this is an automated feedback call on behalf of [Client Business Name]. We’d love to hear about your experience. If you agree, we’ll send you a text with a link to leave a review. Replying is optional, and you can opt out anytime. Do I have your consent to send this message?”
- Verbal responses (e.g., “Yes”) are logged in our secure system as proof of consent.
- Consent logs include timestamp, customer phone number, and interaction ID for auditing.
4.2 Opt-Out Mechanisms
Every SMS sent includes clear instructions to opt-out:
“Reply STOP to unsubscribe.”
Once a customer opts out:
- We immediately stop all communications to their phone number.
- Their opt-out status is logged in our system for compliance.
5. Data Retention
We retain personal data only as long as necessary for the following purposes:
- Consent Logs: Retained securely for 1 year for audit and compliance purposes.
- Customer Feedback: Retained for up to 90 days before being anonymized or deleted.
- SMS and Call Logs: Retained for 6 months to ensure service continuity and audit requirements.
After the retention period, all data is securely deleted or anonymized.
6. Data Sharing and Disclosure
We do not sell or share personal data with third parties, except as necessary for service delivery:
- Clients: We share collected feedback and logs with the client that provided the customer data.
- Third-Party Service Providers:
- Twilio: For SMS delivery and voice communication.
- Cloud Hosting Providers: Secure data storage (e.g., AWS, Azure).
- Legal Compliance: If required by law, subpoena, or to enforce our terms of service.
7. Data Security
We implement stringent measures to protect personal data from unauthorized access, misuse, or loss:
- Encryption: All data is encrypted in transit (SSL/TLS) and at rest.
- Access Control: Only authorized personnel can access personal data.
- Secure Storage: Data is stored on secure, compliant servers with redundancy protection.
- Audit Logs: All data access and processing activities are logged and monitored.
8. Your Privacy Rights
You have the following rights regarding your personal data:
For GDPR Users
- Right to access, rectify, or delete your data.
- Right to object to or restrict processing.
- Right to data portability.
For CCPA Users
- Right to know what personal data is collected and shared.
- Right to request deletion of personal data.
- Right to opt-out of data sharing.
To Exercise Your Rights
To submit a request regarding your data, contact us at:
Email: ibraheem@zarat.ai
Phone: 267-408-8634
We will respond within 30 days.
9. Cookies and Tracking
We use cookies to enhance your browsing experience on our website.
- Functional cookies to provide core website functionality.
- Analytics cookies to monitor website usage.
You can control cookie preferences through your browser settings.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted here with a revised Effective Date.
Contact information
If you have questions about this Privacy Policy or how we handle your data, please contact us:
Email: privacy@zarat.ai
Phone: 267-402-8634