Privacy Policy

Zotley LLC (“we”, “us”, “our”) operates the Zotley platform. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

Account information: Name, email address, phone number, business name, business address, and billing information when you sign up.

Customer data: When you add customers to Zotley, we store their name, contact information, service address, and billing details on your behalf. This data belongs to you — we process it solely to provide our service.

Usage data: We collect information about how you use Zotley, including pages visited, features used, actions taken, and performance metrics. This helps us improve the product.

Location data: If your crew uses route and navigation features, GPS coordinates are collected during active use only. Location tracking stops when the crew app is closed or the user navigates away from the route view.

Communication data: When you use SMS or email features, we process message content, delivery status, and recipient information solely for the purpose of delivering messages and tracking delivery.

AI interaction data: When you use the AI agent, your conversations and commands are processed by our AI provider (Anthropic) to generate responses. Conversation history is stored to provide context for future interactions within your session.

Payment data: Payment card information is collected and processed directly by Stripe. We do not store credit card numbers on our servers.

• To provide and operate the Zotley platform
• To process payments via Stripe
• To send transactional emails and SMS messages
• To power AI agent features via Anthropic
• To optimize routes via Google Maps
• To monitor errors and improve reliability via Sentry
• To provide customer support
• To improve our product based on usage patterns
• To comply with legal obligations

We use the following services to operate Zotley:

• Stripe — payment processing (stripe.com/privacy)
• Supabase — database and authentication (supabase.com/privacy)
• Resend — email delivery (resend.com/legal/privacy-policy)
• Twilio — SMS delivery (twilio.com/legal/privacy)
• Google Maps — geocoding and route optimization (policies.google.com/privacy)
• Anthropic — AI processing (anthropic.com/privacy)
• Vercel — hosting (vercel.com/legal/privacy-policy)
• Sentry — error monitoring (sentry.io/privacy)

We share only the minimum data required for each service to function. We do not sell your data to any third party.

We send SMS messages only to customers who have explicitly opted in. Customers can opt out at any time by replying STOP. Opt-out requests are processed automatically and immediately. We retain message delivery logs for operational purposes. Message content is not shared with third parties except the delivery provider (Twilio).

When you use the AI agent, your input and business context is sent to Anthropic for processing. Anthropic does not use your data to train their models. AI responses are generated in real-time and may be stored in your conversation history. You can delete conversation history at any time.

We use essential cookies for authentication and session management only. We do not use advertising cookies, tracking cookies, or third-party marketing cookies. No cookie consent banner is needed as we only use strictly necessary cookies.

We use industry-standard security measures including:

• Encryption in transit (TLS/SSL)
• Encrypted database connections
• Row-level security to isolate tenant data
• Each business's data is completely separated from other businesses on our platform
• Regular security audits
• Access controls and authentication

Your data is retained as long as your account is active. If you cancel your account, your data will be permanently deleted within 30 days of account closure. Backup copies may persist for up to 90 days. You can request immediate data export at any time through the Platform.

You have the right to:

• Access your data at any time through the Platform
• Export your data in standard formats
• Correct inaccurate data
• Delete your account and all associated data
• Opt out of non-essential communications
• Request information about what data we hold

For California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of data sales (we do not sell data).

Zotley is not intended for use by anyone under 18. We do not knowingly collect data from minors.

In the event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of discovery.

We may update this privacy policy from time to time. We will notify you of significant changes via email at least 30 days before they take effect. The version number and effective date will always be displayed at the top of this page.

Questions about your privacy?
Email: privacy@zotley.com
Zotley LLC, North Port, FL