ZIQARA INC. PRIVACY POLICY

Last Updated: November 17, 2025

1. Introduction

Welcome to Ziqara Inc. ("Ziqara," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise knowledge management platform.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, job title, and password
  • Company Content: Documents, files, meeting transcriptions, messages, and other content you upload or create
  • Communication Data: Messages sent through our platform, support inquiries, and feedback

2.2 Automatically Collected Information

  • Usage Data: Features used, pages visited, time spent, search queries, and interaction patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Server logs, error reports, and system performance metrics

2.3 Third-Party Integration Data

When you connect third-party services (Google Drive, Slack, Microsoft Teams, OneDrive, Jira, Confluence), we collect:

  • Files and documents from connected services
  • Metadata (file names, creation dates, authors, modification history)
  • Messages and communication data from integrated platforms
  • Access tokens (stored encrypted)

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our platform
  • Process and analyze your company's knowledge base using AI
  • Enable intelligent search and retrieval across your data
  • Facilitate team collaboration and knowledge sharing
  • Provide customer support and respond to inquiries
  • Send service updates, security alerts, and administrative messages
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Analyze usage patterns to improve our services

4. AI Processing and Data Usage

4.1 AI Model Processing

  • We use third-party AI models (OpenAI GPT-4) to process your content for intelligent retrieval and generation
  • Your data is sent to these AI providers only to fulfill service functions
  • We do not use your company data to train AI models
  • AI processing respects your permission settings and team-level access controls

4.2 Embeddings and Vectors

  • We create vector embeddings of your content for semantic search
  • These embeddings are stored in our database and used exclusively for your organization's search functionality

5. Data Sharing and Disclosure

5.1 We DO NOT Sell Your Data

We will never sell, rent, or trade your personal information or company data to third parties.

5.2 Service Providers

We share data with trusted third-party service providers who assist us in operating our platform:

  • Cloud Infrastructure: AWS (hosting, storage)
  • Database Services: Google Cloud SQL
  • AI Processing: OpenAI (for GPT-4 API)

All service providers are contractually bound to protect your data and use it only for specified purposes.

5.3 Legal Requirements

We may disclose information when required by law, court order, or government regulation, or when we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Enforce our Terms and Conditions

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures including:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Role-based permissions with team-level isolation
  • Authentication: JWT-based authentication with bcrypt password hashing
  • Database Security: Multi-tenant architecture with company-level data isolation
  • OAuth2: Secure authorization for third-party integrations
  • Regular Audits: Security assessments and penetration testing

6.2 Team-Level Data Isolation

  • HR team files are inaccessible to Engineering team members
  • Team-specific content is enforced at the database level
  • Only authorized users with proper permissions can access team data

6.3 Data Deletion

When you delete files or content:

  • Data is permanently removed from our systems
  • Backups are purged according to our retention schedule (maximum 30 days)
  • Deleted data cannot be recovered

7. Data Retention

  • Active Accounts: We retain your data as long as your account is active
  • Inactive Accounts: Data may be deleted after 12 months of inactivity (with prior notice)
  • Deleted Accounts: Data is permanently deleted within 30 days of account closure
  • Legal Obligations: We may retain certain data longer if required by law
  • Backup Data: Deleted data is purged from backups within 30 days

8. Your Rights and Choices

8.1 Access and Portability

  • You can access your data through the platform at any time
  • Request a complete copy of your data by contacting support@ziqara.com

8.3 Deletion

  • Delete individual files, messages, or content through the platform
  • Request complete account deletion by contacting enterprise@ziqara.com
  • We will confirm deletion within 30 days

8.4 Do Not Track

Our platform does not respond to Do Not Track signals. You can control tracking through your browser settings.

9. International Data Transfers

Ziqara is based in the United States. If you access our services from outside the US, your data may be transferred to and processed in the US. We implement appropriate safeguards to protect your data in accordance with this Privacy Policy.

10. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it immediately.

11. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

12. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to Know: Request details about data we collect
  • Right to Delete: Request deletion of your data
  • Right to Opt-Out: Opt-out of data sales (we don't sell data)
  • Non-Discrimination: We won't discriminate for exercising your rights

To exercise these rights, contact enterprise@ziqara.com.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under GDPR:

  • Legal Basis: We process data based on consent, contract performance, and legitimate interests
  • Data Protection Officer: Contact enterprise@ziqara.com
  • Right to Lodge a Complaint: Contact your local data protection authority

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via:

  • Email notification to your registered address
  • Prominent notice on our platform
  • Updated "Last Updated" date at the top

Continued use after changes constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions, concerns, or requests:

Ziqara Inc.

Email: enterprise@ziqara.com

Website: https://ziqara.com/

© 2025 Ziqara - All rights reserved.