1. Who we are
Zamino, Inc. (“Zamino,” “we,” “us”) is a company incorporated in Quebec, Canada. We provide AI-ready data infrastructure for small and medium businesses: we connect the data sources you authorize and organize them into one database you control. This policy covers our website, app, and services, and applies alongside our Terms of Service.
2. What we collect
Account information
- Name, email address, and password (hashed — never stored in plain text)
- Company / workspace details you provide
- Billing details — payment cards are processed by our payment provider; we never store card numbers
Business data from connected sources
When you connect a source (bank accounts, accounting, point-of-sale, payment processors, parsed invoice emails, documents), we collect the transactional and business data needed to provide the service — transactions, invoices, account balances, product and customer records. Access is authorized by you through each provider’s secure connection flow and is read-only wherever the provider supports it. We never receive or store your banking login credentials — connections are tokenized by the provider, and the access tokens that let us sync are encrypted (see Security).
Usage and log data
Standard technical logs: IP address, browser type, pages and features used, and an audit trail of queries run against your data (including by AI clients you approve). We use a privacy-respecting product-analytics tool — not advertising trackers — and only essential and session cookies needed to run the app.
3. How we use your information
- To provide the service: sync, store, organize, and serve your business data back to you
- To answer the questions you (or AI assistants you approve) ask of your data
- To secure the platform: authentication, fraud and abuse prevention, audit logging
- To operate the business: billing, support, and service announcements (we don’t send marketing email)
- To improve the product, using aggregated or de-identified usage patterns
- To meet legal obligations
We do not sell your data, and Zamino does not use your business data to train AI models.
4. AI features and external AI clients
- AI features inside Zamino process your data to answer you, and the results belong to your workspace. Some of these features rely on third-party AI providers acting as our processors (see Who we share data with): they process your data only to return your result, and Zamino does not train models on your data.
- If you connect an external AI assistant (ChatGPT, Claude, …), data is only shared when you ask that assistant a question, over a read-only connection you explicitly approved in Zamino. The results then live in your account with that AI provider and are governed by your agreement with them — including their retention and training settings, which we do not control. You can revoke any connection at once in Settings → External AI Access.
5. Who we share data with
Only service providers that help us run Zamino, under contracts that limit them to processing on our instructions. By category:
- Cloud hosting, storage, and encryption key management
- Payment and billing processing
- Product analytics
- Email delivery
- Authentication for external-AI connections
- AI model providers that power certain in-app AI features
- A code-execution sandbox used by AI features that compute over your data
- The data-source providers you choose to connect
Zamino is hosted on Google Cloud Platform, and your data may be processed and stored in the United States. Beyond the providers above, we disclose data only if required by law, to protect our users or the public, or as part of a merger or acquisition (in which case this policy continues to apply and we will notify you).
6. Security
- Connection tokens and credentials are encrypted with AES-256 via Google Cloud KMS
- Encryption in transit (TLS)
- Multi-tenant isolation enforced at the application and database layers
- Permission-based, per-source access controls; access to sensitive data is logged
- Audit logging across data access, including every external-AI query
More detail on our Security page. No system is perfectly secure; if a breach affects your data we will notify you as required by law.
7. Retention and deletion
- We keep your data while your account is active — the stored history is the product.
- You can disconnect a source at any time, which purges that source’s imported data.
- When you close your account, we delete your data within 30 days, except minimal records we must keep for legal, billing, or security purposes.
- Security and audit logs are retained as needed and as required by law.
8. Your rights
Depending on where you live, you may have the right to access, correct, delete, or object to the processing of your personal data, and to withdraw consent. Email privacy@zamino.com and we will respond within a reasonable time and as any applicable data-protection law requires. We never discriminate for exercising these rights.
9. Children
Zamino is a business tool and not directed at anyone under 18. We do not knowingly collect data from children.
10. Changes to this policy
When we make material changes we will notify you by email or in-app before they take effect, and update the date at the top of this page.
11. Contact
privacy@zamino.com · Zamino, Inc., Quebec, Canada