# Zen Aegis Privacy Policy (US)
**Last Updated: September 25, 2025**
This privacy statement applies to citizens and legal permanent residents of the United States and may include supplemental rights for residents of California, Colorado, Connecticut, Utah, Virginia, and other states with applicable privacy laws. It also includes information for users whose data may be transferred internationally under the EU-US Data Privacy Framework.
## Table of Contents
1. Introduction
2. Data Categories Collected
3. Purposes of Data Collection
4. Data Sources
5. Cookies and Tracking Technologies
6. Sharing and Disclosure of Data
7. Data Retention
8. Data Security Measures
9. Your Rights and Procedures for Exercising Rights
10. Children Privacy
11. International Data Transfers
12. Do Not Sell or Share My Personal Information (CCPA/CPRA)
13. Amendments to This Privacy Statement
14. Contact Information
15. State-Specific Supplements
—
## 1. Introduction
At Zen Aegis, your privacy matters. This policy explains what data we collect, why, how it is used, whom it is shared with, and your rights regarding your information. We comply with federal and state privacy laws, and review our practices regularly for legal compliance and transparency.
—
## 2. Data Categories Collected
**We may collect the following categories of personal information:**
– Personal identifiers (name, email address, phone number, mailing address)
– Account credentials (username, password)
– Internet activity information (IP address, device ID, browsing history, website pages visited, referral source)
– Commercial information (transaction records, products/services purchased)
– Financial information (payment data processed via Stripe or other providers)
– Contact and support information (communications, support tickets)
– Marketing communication preferences
– Approximate location data (city-level only; no precise tracking)
**Sensitive personal information:** We do NOT collect sensitive data such as Social Security numbers, biometric data, precise geolocation, racial/ethnic origin, religious beliefs, health, genetic, or childrenΓÇÖs data.
—
## 3. Purposes of Data Collection
Your information is collected for these core purposes:
– Fulfilling product/service contract obligations
– Customer support and communications
– Improving website functionality, analytics, and user experience
– Providing newsletters, marketing, and promotional communications
– Payment processing via Stripe or other secure vendors
– Security and fraud prevention
– Legal compliance
– Research, development, and service optimization
—
## 4. Data Sources
**How we collect personal data:**
– Directly from you (forms, account registration, communications, purchases)
– Automatically (cookies, Google Analytics, server logs)
– Third-party processors (e.g., Stripe, Google)
– Public sources and business partners (where applicable)
We do NOT purchase personal data from data brokers.
—
## 5. Cookies and Tracking Technologies
We use cookies and similar technologies to ensure site functionality, analyze site performance, and deliver personalized content. Categories:
– Essential cookies: Required for website operation (cannot be disabled)
– Analytics cookies: Measure site usage (Google Analytics)
– Marketing cookies: Deliver targeted advertising (Google Ads) with opt-out controls
**Cookie choices:**
– Use our Cookie Preferences Center for granular choices
– Manage via browser settings
– We honor Global Privacy Control (GPC) signals for California and other state residents
Full Cookie Policy: [link to details]
—
## 6. Sharing and Disclosure of Data
We share your personal information with:
– Service providers and processors (Google Analytics, Stripe, Mailchimp, web host, CRM vendors)
– Business partners assisting with marketing or support
– Legal advisors and government authorities (if compelled by law)
– In connection with a merger, acquisition, or asset sale
**We do NOT sell personal information for monetary consideration.**
—
## 7. Data Retention
Personal information is retained only as long as necessary for its purpose and legal obligations:
– Contact and support data: 3 years after last interaction
– Account registration data: Duration of account + 2 years
– Transaction/payment records: 7 years (for legal/tax compliance)
– Newsletter preferences: Until unsubscribe + 1 year (proof of consent)
– Website analytics: 26 months max (Google standard)
Upon expiration, data is securely deleted or anonymized except as required by law.
—
## 8. Data Security Measures
We use robust technical and organizational controls to protect your personal data:
– TLS/SSL encryption for all data in transit
– AES-256 encryption for sensitive data at rest
– Multi-factor authentication for authorized personnel
– Access controls, logging, and annual security audits
– Vendor security assessment and written agreements
– Employee data protection training
No system is perfect, but we strive to limit vulnerabilities and monitor our environment regularly.
—
## 9. Your Rights and Procedures for Exercising Rights
You may exercise key privacy rights by contacting us:
– **Right to Access**: Request copy of your personal information
– **Right to Correct**: Update or correct inaccurate information
– **Right to Delete**: Request deletion of personal information within legal limits
– **Right to Opt-Out**: Exclude data from sale/sharing
– **Right to Portability**: Receive data in machine-readable format
– **Right to Non-Discrimination**: Service will not be denied for exercising rights
**How to submit requests:**
– Email: [email protected] with subject “Privacy Rights Request”
Verification may be required. Requests acknowledged in 5 business days; fulfilled within 45 days (extendable by law).
—
## 10. ChildrenΓÇÖs Privacy
Products/services are **not intended for children under 18**. If data is accidentally obtained, we delete it promptly and notify the parent/guardian. If you believe such data was collected, contact [email protected].
—
## 11. International Data Transfers
Data may be processed and stored in countries outside your residence, including the United States and other service provider jurisdictions. For EEA users, transfers comply with the EU-US Data Privacy Framework, using approved safeguards and standard contractual clauses.
—
## 12. Do Not Sell or Share My Personal Information (CCPA/CPRA)
**Sale/Sharing:**
– We do NOT sell personal data
– We may share browsing/device data with advertising platforms for targeted ads
– In the last 12 months, categories shared: website interaction data, device identifiers
– You may opt out via our Opt-Out Preferences Center
– We honor Global Privacy Control (GPC)
—
## 13. Amendments to This Privacy Statement
Material changes will be highlighted in this document, and advance notification given via email or website. You will be asked for consent if a change materially affects rights or practices. All updates will include the “Last Updated” date and a summary of changes.
—
## 14. Contact Information
Zen Aegis
Phoenix, Arizona
Email: [email protected]
Website: https://zenaegis.com
—
## 15. State-Specific Supplements
**California (CCPA/CPRA):**
See Section 12 for rights to Know, Delete, Correct, Limit, and Opt-Out. Toll-free number and online form available. Verified requests only. Authorized agents may submit requests with proper proof.
**Colorado (CPA), Connecticut (CTDPA), Virginia (CDPA), Utah (UCPA), Other States:**
Applicable state rights provided for access, correction, deletion, opt-out, and appeals. Coverage applies based on business thresholds; see https://iapp.org/resources/article/us-state-privacy-legislation-tracker/
—
*For a complete overview of rights, data practices, and processor information, or to submit a request, visit our Privacy Center or contact [email protected].*