Legal

Privacy Policy

Last updated: June 2026

1.Introduction & Who We Are

Zoby Tech ("we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal data in connection with our services, website, and business operations.

This Policy applies to:

  • Visitors to our website ("Website Visitors").
  • Clients and prospective clients who enquire about, engage, or contract with Zoby Tech for services ("Clients").
  • Third parties whose personal data we process in the course of delivering services (such as end-users of websites or automations we build for our clients).

By using our website, submitting an enquiry, signing a proposal, or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

We reserve the right to update this Privacy Policy at any time. The most current version will always be posted on our website with an updated effective date. Your continued use of our services after any update constitutes acceptance of the revised Policy.

2.Personal Data We Collect

2.1Data You Provide Directly

We collect personal data that you voluntarily provide to us, including when you:

  • Submit an enquiry, contact form, or discovery call request — Name, email address, phone number, business name, and details of your enquiry.
  • Enter into a client agreement — Business details, billing address, payment details (processed via secure third-party payment processors), and contact information.
  • Communicate with us via email, social media, WhatsApp, or other messaging platforms — Content of communications, contact details, and any other information you share.
  • Provide content or materials for a project — Brand assets, login credentials, business information, and any personal data contained within those materials.
  • Subscribe to our mailing list or marketing communications — Name and email address.

2.2Data We Collect Automatically

When you visit our website, we may automatically collect:

  • Technical data: IP address, browser type and version, operating system, device type, referring URLs, and pages visited.
  • Usage data: Time and duration of visits, pages viewed, links clicked, and navigation paths.
  • Cookie data: As described in Section 9 of this Policy.

2.3Data We Collect from Third Parties

We may receive personal data about you from third parties, including:

  • Social media platforms (where you interact with our social media profiles or paid advertising).
  • Referral partners or professional networks.
  • Publicly available sources such as LinkedIn, business directories, or company websites.
  • Payment processors confirming transaction status and billing details.

2.4Special Categories of Data

We do not intentionally collect sensitive personal data (also known as special category data under GDPR), such as health information, racial or ethnic origin, political opinions, religious beliefs, or biometric data. Please do not send us such information. If you inadvertently share sensitive data with us, we will delete it promptly upon becoming aware of it.

3.How We Use Your Personal Data

We use personal data for the following purposes and on the following legal bases:

3.1Delivery of Services (Contract Performance)

We process personal data as necessary to fulfil our contractual obligations to you, including:

  • Managing client accounts and project delivery.
  • Communicating with you about your project, requirements, and deliverables.
  • Processing payments and issuing invoices.
  • Accessing platforms and accounts you provide credentials for (solely to deliver agreed services).
  • Providing ongoing support where included in a service agreement.

3.2Business Operations (Legitimate Interests)

We process personal data where we have a legitimate business interest to do so, provided your rights and interests are not overridden, including:

  • Maintaining business records and managing our workflow.
  • Responding to enquiries and communicating with prospective clients.
  • Protecting our business from fraud, non-payment, and other legal risks.
  • Enforcing our Terms and Conditions and other contractual rights.
  • Improving our services, processes, and website based on usage data and feedback.
  • Displaying completed work in our portfolio (subject to client confidentiality requests).

3.3Marketing Communications (Consent or Legitimate Interest)

Where you have given consent, or where we have a legitimate interest, we may use your contact details to send you marketing communications about our services, offers, and updates. You may withdraw consent or opt out at any time (see Section 7).

3.4Legal Compliance

We may process and retain personal data as required by applicable laws and regulations, including tax laws, financial reporting obligations, and court orders.

3.5AI Automation Services

Where we provide AI automation services that involve the processing of personal data (such as chatbots, CRM integrations, or automated workflows handling end-user data), we act as a data processor on behalf of our clients, who remain the data controller. In such cases:

  • We process personal data strictly according to the client's documented instructions.
  • We will notify clients without undue delay if we become aware of a data breach affecting data we process on their behalf.
  • We will assist clients in fulfilling their data subject rights obligations where technically feasible.
  • Clients are solely responsible for ensuring their use of AI automations complies with all applicable data protection laws and for obtaining necessary consents from their end-users.

4.Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. Our general retention periods are:

  • Client contact and project data: Retained for the duration of the client relationship plus seven (7) years after project completion, for the purpose of legal, financial, and tax record-keeping.
  • Financial and invoicing records: Retained for a minimum of seven (7) years in compliance with applicable tax and accounting laws.
  • Marketing communications data: Retained until you withdraw consent or opt out, whichever is earlier.
  • Website analytics and usage data: Retained for up to twenty-four (24) months.
  • Enquiry and pre-contract communications: Retained for up to two (2) years from the date of last contact if no contract is entered into.
  • Credentials and access data: Deleted or returned promptly upon project completion or termination, unless retention is required for ongoing support.

When personal data is no longer required, we securely delete or anonymise it.

5.Who We Share Your Personal Data With

We do not sell, rent, or trade your personal data to any third party. We may share personal data in the following limited circumstances:

5.1Service Providers & Sub-Processors

We use trusted third-party tools and service providers to support our business operations. These providers act as data processors on our behalf and are contractually required to process personal data only on our instructions and in compliance with applicable data protection laws. Categories of service providers we use include:

  • Payment processing platforms (e.g., Stripe, PayPal, or similar).
  • Project management and communication tools (e.g., Notion, Slack, ClickUp, or similar).
  • Email and marketing platforms (e.g., Mailchimp, ConvertKit, or similar).
  • Website hosting and cloud storage providers.
  • AI platforms and APIs (e.g., OpenAI, Anthropic, Google AI, or similar) — used solely as tools to deliver agreed services.
  • Video editing and production tools.
  • Analytics platforms (e.g., Google Analytics or similar).

5.2Professional Advisors

We may share personal data with our legal advisors, accountants, or auditors where necessary for the conduct of our business, subject to applicable professional confidentiality obligations.

5.3Legal Obligations

We may disclose personal data to law enforcement agencies, regulators, courts, or other public authorities where we are legally required to do so, or where disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person.

5.4Business Transfers

In the event of a merger, acquisition, sale of assets, or other business restructuring, personal data held by Zoby Tech may be transferred to the acquiring entity. We will notify affected individuals of any such transfer in accordance with applicable law.

5.5With Your Consent

We may share your data with third parties in any other circumstances where we have your explicit prior consent to do so.

6.International Data Transfers

Some of our third-party service providers are based outside your country of residence and may process personal data in jurisdictions that do not offer the same level of data protection as your home country. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
  • Adequacy decisions recognising equivalent data protection standards in the destination country.
  • Other legally recognised transfer mechanisms under applicable data protection law.

By using our services, you consent to your personal data being transferred to and processed in countries outside your jurisdiction where such transfers are necessary to provide the services you have requested.

7.Your Privacy Rights

Depending on your location and applicable data protection laws, you may have the following rights with respect to your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you and information about how we process it.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure ("Right to be Forgotten"): You may request that we delete your personal data where there is no compelling reason for us to continue processing it, subject to our legal obligations to retain certain records.
  • Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances (e.g., while you contest the accuracy of the data).
  • Right to Data Portability: Where processing is based on your consent or a contract, and is carried out by automated means, you may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to Object: You have the right to object to processing based on our legitimate interests, including direct marketing. If you object to direct marketing, we will cease processing your data for that purpose immediately.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
  • Right Not to be Subject to Automated Decision-Making: You have the right not to be subject to decisions made solely by automated processing (including profiling) that produce legal or similarly significant effects on you.

To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within thirty (30) days. We may need to verify your identity before processing your request. We reserve the right to refuse requests that are manifestly unfounded, excessive, or repetitive.

Where we are unable to fulfil your request in full, we will explain the reason in writing. You also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with applicable law.

8.Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, alteration, or disclosure. Our security measures include, but are not limited to:

  • Use of secure, encrypted communication channels (SSL/TLS) for data transmission.
  • Restricted access to personal data on a need-to-know basis within our team.
  • Use of password-protected and access-controlled systems for storing client data and credentials.
  • Regular review of our data handling practices and access controls.
  • Secure deletion of data that is no longer required.

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We are not responsible for breaches that result from factors beyond our reasonable control, including hacking, phishing, malware, or the actions of third-party platforms.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and, where required, the relevant supervisory authority, in accordance with applicable data protection law.

Clients are responsible for maintaining the security of any login credentials or access details provided to them by Zoby Tech, and must notify us immediately if they suspect any unauthorised access to shared credentials or accounts.

9.Cookies & Tracking Technologies

9.1What Are Cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work, improve user experience, and provide information to the website owner.

9.2Types of Cookies We Use

Our website may use the following categories of cookies:

  • Strictly Necessary Cookies: These are essential for the website to function and cannot be switched off. They do not store personally identifiable information and do not require your consent.
  • Performance and Analytics Cookies: These help us understand how visitors interact with our website by collecting information on pages visited, time spent, and errors encountered. Data is aggregated and anonymised where possible. Examples include Google Analytics.
  • Functional Cookies: These enable enhanced functionality and personalisation, such as remembering your preferences or form submissions.
  • Marketing and Targeting Cookies: These may be set by our advertising partners (e.g., Meta Pixel, Google Ads) to build a profile of your interests and show you relevant advertising on other websites. These require your prior consent.

9.3Cookie Consent

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You may withdraw your consent or change your cookie preferences at any time by adjusting your browser settings or using our cookie management tool. Please note that disabling certain cookies may affect the functionality of our website.

9.4Third-Party Cookies

Some cookies on our website are placed by third parties (such as social media platforms, analytics providers, and advertising networks) over which we have limited control. We encourage you to review the privacy policies of those third parties to understand how they use cookie data.

9.5Do Not Track

Some browsers include a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing not be tracked. Our website does not currently respond to DNT signals, as there is no consistent industry standard for handling them. We will update this section if our practice changes.

10.Third-Party Websites & Links

Our website and Deliverables may contain links to third-party websites, platforms, tools, or resources. These third-party sites have their own privacy policies, and Zoby Tech has no control over and accepts no responsibility for their content, privacy practices, or data handling.

We encourage you to read the privacy policies of any third-party websites you visit. A link to a third-party website does not constitute an endorsement of that site or its privacy practices.

11.Children's Privacy

Our services are not directed at, and are not intended for use by, children under the age of 16 (or the applicable minimum age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without appropriate parental consent, we will take steps to delete that data as soon as possible.

If you believe we may have collected data from a child, please contact us immediately using the details provided in Section 14.

12.Social Media & Marketing

12.1Social Media Platforms

Zoby Tech operates profiles on social media platforms including but not limited to Instagram, Facebook, TikTok, LinkedIn, and YouTube. When you interact with our social media profiles (by following, liking, commenting, or messaging us), the relevant platform will collect and process your data in accordance with its own privacy policy. We encourage you to review the privacy policies of each social media platform you use.

We may use data collected via social media platforms (such as audience insights, engagement data, and remarketing audiences) to improve our marketing. We do not control the data practices of social media platforms and are not responsible for their privacy practices.

12.2Advertising

We may run targeted advertising campaigns on social media platforms and search engines. These platforms use cookies, pixels, and similar technologies to show our advertisements to users who have visited our website or match certain audience criteria. You may opt out of interest-based advertising through your account settings on the relevant platform or through industry opt-out tools such as the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI).

12.3Marketing Opt-Out

You may opt out of receiving marketing communications from us at any time by:

  • Clicking the "unsubscribe" link in any marketing email we send.
  • Contacting us directly using the details in Section 14 and requesting removal from our marketing list.

Opting out of marketing will not affect your receipt of service-related communications (such as invoices, project updates, or contractual notices).

13.Client Responsibilities for Data

Where Zoby Tech provides services that involve the design, development, or deployment of systems that collect, process, or store personal data belonging to the Client's customers, users, or employees (including websites with contact forms, AI chatbots, CRM automations, and marketing tools), the Client is the data controller and bears sole legal responsibility for:

  • Ensuring their website, application, or digital tool includes a compliant privacy policy and cookie notice that accurately reflects the data processing activities in place.
  • Obtaining all necessary consents and providing all required notices to their end-users prior to collecting personal data.
  • Complying with all applicable data protection laws in their jurisdiction and in the jurisdictions of their end-users, including but not limited to GDPR, the UK Data Protection Act 2018, CCPA (California Consumer Privacy Act), POPIA (South Africa), or equivalent legislation.
  • Ensuring that any personal data shared with Zoby Tech for the purpose of building or configuring automated systems is lawfully obtained, adequately anonymised or pseudonymised where feasible, and provided under a lawful basis for processing.
  • Maintaining and updating their privacy disclosures as their data practices change after project handover.

Zoby Tech provides technical services and is not a legal advisor. Nothing in this Policy or in any deliverable constitutes legal advice. Clients should seek independent legal counsel to ensure their data practices comply with applicable law.

14.Contact Us & Data Requests

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at:

Zoby Tech

Email: info@zoby.tech

Website: zoby.tech

Business Address: Dubai, United Arab Emirates

We will acknowledge your request within five (5) Working Days and aim to respond fully within thirty (30) days. Where a request is complex or you have submitted multiple requests, we may extend this period by a further two months, in which case we will notify you of the extension and the reason for it.

If you are not satisfied with our response, you have the right to raise a complaint with the relevant data protection authority in your jurisdiction.

15.Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal obligations, or applicable data protection laws. When we make material changes, we will update the "Last Updated" date at the top of this document and, where appropriate, notify you directly by email or via a notice on our website.

We encourage you to review this Privacy Policy periodically. Your continued use of our services after the effective date of any update constitutes your acceptance of the revised Policy.

Zoby Tech • All Rights Reserved • zoby.tech

Tell us what you're building — we'd love to help.

Anamaria R.

Anamaria R.

Founder, Zoby Tech

Contact

Let's connect

By submitting, you agree to our Terms and Privacy Policy.