Privacy Policy

Broad Technologies FZ-LLC ("Broad Technologies", "we", "us", or "our"), incorporated in the United Arab Emirates (UAE), is committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. Zation is an AI-powered product prioritization engine designed to help product teams make data-driven decisions rapidly and confidently.

This policy explains how we collect, use, share, transfer, and secure your information when you use our Service globally—including in the United States, Europe, Asia, Africa, Australia, and other regions—while complying with UAE Data Protection Law, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable regulations.

PLEASE NOTE: By using our Service, you consent to the practices described herein. If you do not agree with any aspect of this Privacy Policy, you must discontinue use of the Service immediately.

We collect different types of information to provide and continually improve Zation. This information falls into three main categories:

A. Information You Provide Directly

• Account Information: Your name, email address, company name, and other identifiers collected during registration and authentication (including through Google and Azure login via Supabase).
• Input Data: Data you enter into Zation, including company context, goals, user personas, stakeholder feedback, and other details necessary for our AI-driven prioritization analysis.
• Billing and Payment Information: Payment details processed by our payment partner, Stripe. (Note: We do not store raw payment card data.)
• User Content and Communications: Any additional information you provide via customer support, surveys, feedback forms, or other communications.

B. Information Collected Automatically

• Usage Data: Information on how you interact with our Service, including pages visited, features used, time spent, referral sources, IP addresses, device type, browser type and version, and timestamps. Collected using Google Analytics and Microsoft Clarity.
• Technical Data: Data automatically collected via our infrastructure (e.g., Vercel, Google Cloud Platform, Supabase) including device identifiers, operating system details, and connection information.
• AI Processing Data: Inputs and outputs processed via our integration with third party Large Language Models' APIs. Such data is anonymized, disassociated from personal identifiers, and used solely for generating and refining our prioritization insights.

C. Data from Third-Party Integrations

• Authentication and Profile Data: When you sign in using third-party services (Google, Azure), we receive basic profile information in accordance with their respective privacy policies.
• Third-Party Service Data: Data transmitted via our integrated partners (e.g., third party Large Language Models' APIs for AI processing, Stripe for payments) subject to strict data protection agreements and their own privacy policies.

We use the collected information for the following purposes:

1. Service Provision and Operation:
   • Deliver, maintain, and improve Zation.
   • Authenticate user identities and manage user accounts.
   • Process payments and manage billing through Stripe.
   • Generate AI-powered prioritization insights and recommendations.


2. Product and Service Improvement:
   • Analyze usage patterns and trends to enhance functionality.
   • Optimize and develop new features based on aggregated and anonymized data.
   • Conduct internal research and analytics for continuous product development.


3. Security and Fraud Prevention:
   • Monitor and protect our Service from fraud, abuse, and unauthorized access using industry-standard security measures.
   • Perform audits, vulnerability assessments, and incident response procedures.


4. Communications:
   • Send account-related notifications, product updates, and customer support communications.
   • With your consent, send marketing communications; you may opt-out at any time.


5. Legal and Regulatory Compliance:
   • Fulfill contractual obligations and comply with legal, regulatory, and law enforcement requirements.

Disclaimer of Reliance: The insights and recommendations provided by Zation are generated by AI based on the data supplied and our proprietary algorithms. They are intended for informational purposes only. Users are solely responsible for verifying and applying these insights. Broad Technologies shall not be liable for any decisions or actions taken based on the output from our Service.

We process your personal data only where we have a lawful basis to do so, which may include:

1. Consent: For non-essential uses such as marketing or analytics cookies.
2. Contractual Necessity: To fulfill our contractual obligations to you by providing the Service.
3. Legal Obligation: To comply with applicable laws and regulations.
4. Legitimate Interests: To operate, improve, and secure our Service, provided such processing does not infringe on your rights.

We may share your information with trusted third parties, subject to confidentiality and security obligations:

A. Service Providers and Partners

• Cloud and Infrastructure Providers: Google Cloud Platform (Cloud Run, Functions, Secret Manager), Vercel, and Supabase.
• Payment Processors: Stripe.
• Analytics Services: Google Analytics and Microsoft Clarity.
• AI Processing: Third party Large Language Models' APIs.
• Authentication Providers: Google and Azure (via Supabase).

These providers are contractually bound to use your information solely for the purposes we specify and in accordance with this Privacy Policy.

B. Legal and Regulatory Disclosures

• Compliance: We may disclose your data if required by law, regulation, or legal process (e.g., court orders, government requests).
• Protection of Rights: Disclosures necessary to protect our rights, users, or to investigate potential violations.

C. Business Transfers

In the event of a merger, acquisition, or asset sale, your information may be transferred to a successor entity. We will notify you before any such transfer becomes effective, and the new entity will be bound by a privacy policy no less protective than this one.

Our Service is provided globally. Your data may be transferred to and maintained on servers located outside your country of residence (including in the UAE, United States, Europe, Asia, Africa, and Australia). We use internationally recognized safeguards—such as Standard Contractual Clauses (SCCs) and other approved mechanisms—to ensure your data is protected when transferred internationally.

• Account Data: Retained for as long as your account is active and for a period thereafter (typically 30–90 days) to facilitate recovery and compliance.

• Analytics and Log Data: Retained for a period consistent with operational requirements and applicable laws (e.g., up to 26 months).

• AI Training Data: Aggregated and anonymized data may be retained indefinitely to improve our models and service.

• Backup Data: Retained in accordance with our backup policies and securely deleted once no longer necessary.

When data is no longer required, we will securely delete or anonymize it in accordance with our data retention policies.

We implement industry-standard and, where appropriate, state-of-the-art security measures to protect your personal data:

• • Encryption:
  • AES-256 encryption for data at rest.
  • TLS 1.3 encryption for data in transit.
• • Access Controls:
  • Role-based access and strict authentication mechanisms.
  • Regular audits and security assessments.
• • Technical and Organizational Measures:
  • Continuous monitoring and incident response procedures.
  • Regular employee training on data protection best practices.

Despite these measures, no method of transmission or storage is entirely secure. You acknowledge that while we strive to protect your data, we cannot guarantee absolute security.

Our Service uses cookies and similar tracking technologies to enhance user experience, analyze usage, and deliver personalized content. These include:

• Essential Cookies: Required for the basic functionality of the Service.
• Analytics Cookies: Used to gather statistical data about usage (e.g., Google Analytics, Microsoft Clarity).
• Marketing Cookies: Used for targeted advertising and marketing (subject to your consent).
• Other Tracking Technologies: Including web beacons, pixels, local storage, and session tracking.

You may adjust your cookie preferences via your browser settings, though disabling cookies may affect the Service's functionality.

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Access: Request details of the personal data we hold about you.
• Rectification: Request corrections to inaccurate or incomplete data.
• Deletion: Request the deletion of your personal data, subject to legal and contractual obligations.
• Restriction: Request restrictions on the processing of your data.
• Objection: Object to processing based on our legitimate interests.
• Data Portability: Request a copy of your personal data in a structured, machine-readable format.
• Withdrawal of Consent: Withdraw your consent for data processing where consent is the legal basis.

To exercise any of these rights, please contact our Data Protection Officer (DPO) using the details provided in Section 18. We may require additional information to verify your identity, and in some cases, we may be legally required to refuse your request.

Our Service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

• AI Usage:
- Zation uses advanced AI algorithms (including via third party Large Language Models' APIs) to analyze user-provided data and generate product prioritization insights.
- The AI processing is performed in real time and uses anonymized, aggregated data where applicable.

• Data for AI Training:
- Any data used for training or improving our AI models is aggregated and anonymized to ensure that no personal identifiers are included.
- Results from AI processing are used solely for the purpose of providing actionable insights and are not shared with third parties for other purposes.

• "As Is" Service: Zation is provided on an "as is" and "as available" basis without any warranties—express, implied, or statutory—including but not limited to warranties of accuracy, reliability, fitness for a particular purpose, or non-infringement.

• No Reliance on AI Recommendations: The insights and recommendations provided by our AI engine are based on the data supplied by users and proprietary algorithms. Users are solely responsible for any decisions or actions taken based on these insights. Broad Technologies shall not be liable for any direct, indirect, incidental, consequential, or punitive damages arising from or in connection with your use of Zation.

• Third-Party Links and Services: Our Service may contain links to third-party websites or services. We do not control these sites, and their privacy practices may differ from ours. We are not responsible for the content or privacy practices of such third parties.

• Indemnification: To the fullest extent permitted by law, you agree to indemnify, defend, and hold harmless Broad Technologies, its officers, directors, employees, and agents from any claims, losses, damages, liabilities, or expenses (including legal fees) arising from or related to your use of our Service or any breach of this Privacy Policy.

Because we provide our Service globally, your personal data may be processed in countries outside your own. We implement internationally recognized safeguards—including Standard Contractual Clauses (SCCs) and other approved mechanisms—to ensure your data is protected in accordance with this Privacy Policy and applicable data protection laws.

• Active Accounts: Personal data is retained for as long as your account remains active.

• Post-Termination: After account termination, personal data is retained for a specified period (typically 30 to 90 days) to comply with legal, regulatory, and operational requirements.

• Analytics and Backup Data: Retention periods for analytics data and backup systems are defined by our internal policies and applicable law.

• Deletion Procedures: When personal data is no longer required, it will be securely deleted or anonymized using industry-standard methods.

• Governing Law: This Privacy Policy and your use of the Service shall be governed by and construed in accordance with the laws of the United Arab Emirates.

• Dispute Resolution: Any disputes arising from this Privacy Policy or your use of our Service shall be resolved through binding arbitration, except where prohibited by applicable law. Notwithstanding the foregoing, users exercising rights under GDPR or other regional regulations may seek redress in accordance with such laws.

We reserve the right to modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or operational needs. In the event of material changes, we will notify you by posting an updated version on our website and, where appropriate, via email or in-app notifications. Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Broad Technologies FZ-LLC

Email: privacy@zation.ai

Website: https://www.zation.ai

By using Zation, you confirm that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with any part of this policy, please discontinue your use of the Service immediately.