Back to Home

Privacy Policy

Last updated: August 7, 2025

GDPR Compliance Statement

This privacy policy explains how Zymbly Ltd ("we", "us", "our") collects, uses, and protects your personal data when you use our EU AI Act compliance platform. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

Company: Zymbly Ltd
Address: 82, Unit A James Carter Road, Mildenhall, United Kingdom, IP28 7DE
Email: dev@zymbly.com
Data Controller: Ben Jacob, Zymbly Ltd

2. Information We Collect

2.1 Information You Provide

  • Contact information (name, email address, phone number)
  • Company information when booking consultations
  • Assessment responses and quiz submissions
  • Messages sent through our AI assistant
  • Communication preferences

2.2 Information Collected Automatically

  • IP address and location data
  • Browser type and version
  • Device information
  • Usage analytics and interaction data
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your personal data for the following purposes, based on legitimate interests and consent:

Service Provision

To provide AI compliance consulting services, EU AI Act guidance, assessments, and legal consultation.

Communication

To respond to inquiries, schedule consultations, and send relevant updates.

Improvement

To analyze usage patterns and improve our platform and services.

Legal Compliance

To comply with legal obligations and protect our legitimate interests.

4. Legal Basis for Processing

Processing ActivityLegal Basis
Assessment and quiz responsesConsent (GDPR Art. 6(1)(a))
Consultation schedulingContract performance (GDPR Art. 6(1)(b))
Analytics and improvementLegitimate interests (GDPR Art. 6(1)(f))
Legal compliance monitoringLegal obligation (GDPR Art. 6(1)(c))

5. Data Sharing and Third Parties

We may share your data with the following categories of recipients:

  • Service Providers: Cal.com (scheduling), OpenAI (AI assistant), PostHog (analytics), Vercel (hosting)
  • Legal Advisors: For consultation services and legal compliance
  • Authorities: When required by law or to protect our rights
  • Business Partners: With your explicit consent for specific services

International Transfers: Some of our service providers may be located outside the EU. We ensure adequate protection through standard contractual clauses and adequacy decisions.

6. Your Rights Under GDPR

Access & Portability

Right to access your data and receive a copy in a structured format.

Rectification

Right to correct inaccurate or incomplete personal data.

Erasure

Right to deletion of your personal data under certain circumstances.

Restriction & Objection

Right to restrict processing or object to certain uses of your data.

To exercise your rights, contact us at dev@zymbly.com. You also have the right to lodge a complaint with your local data protection authority.

7. Data Retention

We retain personal data only for as long as necessary:

  • Assessment data: 2 years from last interaction
  • Consultation records: 7 years for legal and professional requirements
  • Analytics data: 12 months in PostHog, aggregated form
  • Communication records: 3 years from last contact

8. Security Measures

We implement appropriate technical and organizational measures to protect your data:

Technical Measures

  • • End-to-end encryption
  • • Secure HTTPS protocols
  • • Regular security audits
  • • Access controls and authentication

Organizational Measures

  • • Staff training and awareness
  • • Data processing agreements
  • • Incident response procedures
  • • Regular compliance reviews

9. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of significant changes through email or prominent notice on our website. Your continued use of our services constitutes acceptance of the updated policy.

10. Contact Information

For any questions about this privacy policy or our data practices, please contact us:

Email: dev@zymbly.com

Legal Inquiries: dev@zymbly.com

Address: 82, Unit A James Carter Road, Mildenhall, United Kingdom, IP28 7DE