Privacy Policy

Last updated: May 1, 2026

Русская версия

This Privacy Policy explains how Zenium (the “Service”, “we”, “us”) collects, uses, stores, and protects user data. It applies to the Zenium platform and to the AI agents that customers operate through Zenium on third-party messaging channels including WhatsApp, Instagram and Telegram. The Policy is written to comply with the EU General Data Protection Regulation (GDPR) and Russian Federal Law No. 152-FZ on Personal Data.

1. Who we are

Operator: Zenium.
Privacy & data-deletion contact: [email protected].
Telegram: @zeniumsupport_bot.

2. What data we collect

We collect the following categories of personal data:

• Account & contact data — full name, email address, phone number, company name and job title submitted through our contact and signup forms.
• Technical data — IP address, browser and device information, cookies and similar identifiers collected automatically when you visit our website.
• Message content from connected channels— the content of messages (text, media files, attachments) exchanged between our customers' AI agents and their end users on WhatsApp (via WhatsApp Business Platform),Instagram (via Instagram Messaging API) and Telegram.
• End-user contacts uploaded by our customers — phone numbers, names and other contact attributes that customers upload to operate their AI agent.
• Conversation metadata — timestamps, channel, sender identifiers, message status and routing data.

3. Why we collect it

• Account & contact data — to create and manage your account, respond to your inquiries, and provide customer support.
• Technical data — to operate the website, prevent abuse, and produce aggregate (non-identifying) analytics.
• Message content — to deliver the core service: routing messages between customers and end users, and generating AI-assisted replies.
• Uploaded end-user contacts — to allow our customers to send replies to their own clients through the connected channels.
• Conversation metadata — to ensure delivery, debug delivery failures, enforce rate limits, and detect abuse.

4. Legal basis for processing

For users in the European Economic Area, our legal bases under GDPR Art. 6 are: (a) your consent for marketing communications and optional cookies, (b) performance of a contract for delivering the Service, (f) our legitimate interests in operating, securing and improving the Service.

For users in the Russian Federation, processing is performed under Art. 6 of Federal Law No. 152-FZ — consent of the data subject, performance of a contract, and fulfilment of statutory obligations.

5. AI processing of messages

Messages exchanged through the Service may be processed by third-party AI providers — OpenAI, Anthropic, and Google (Gemini)— for the purpose of generating replies on behalf of the customer. We use these providers under enterprise/API terms that prohibit the training of their foundation models on our customers' data. We do not use message content for any purpose other than delivering the Service.

6. Third parties we share data with

We share data only with the providers strictly necessary to operate the Service. We never sell user data. The current providers are:

• Meta Platforms, Inc. — for sending and receiving messages on WhatsApp Business Platform and Instagram Messaging API. See Meta's Privacy Policy.
• OpenAI — AI message processing. See OpenAI Privacy Policy.
• Anthropic — AI message processing. See Anthropic Privacy Policy.
• Google LLC — Gemini AI message processing. See Google Privacy Policy.
• Hetzner Online GmbH and OVH SAS — EU-based hosting and database infrastructure. See Hetzner Privacy Policy and OVHcloud Personal Data Protection.
• Telegram Messenger Inc. — for sending and receiving messages on the Telegram channel, where customers have connected it.

We may also disclose data to public authorities when required by applicable law.

7. We do not sell user data

We do not sell user data to third parties for advertising or for any other purpose. We do not share user data with advertising networks. The only recipients of data are the providers listed in Section 6 and authorities acting under valid legal process.

8. International transfers

Operating the Service involves transfers of personal data outside the European Economic Area and the Russian Federation:

• To the United States — for processing by Meta Platforms, OpenAI, Anthropic and Google.
• To Germany and France (European Union) — for hosting at Hetzner and OVH.

These transfers are made under the European Commission's Standard Contractual Clauses (SCCs) executed with each recipient, supplemented by technical safeguards such as transport-layer encryption and access control.

9. Data retention

Account and billing data are retained for the duration of your subscription and for three years after termination, unless a longer period is required by law. Message content is retained for as long as needed to deliver the Service and is removed or anonymised in analytics aggregates after 90 days of inactivity. End users may request earlier deletion at any time (see Section 11).

10. Your rights

You have the right to:

• access the personal data we hold about you;
• request correction of inaccurate data;
• request deletion of your data (right to erasure);
• request a portable export of your data;
• withdraw any consent you have given;
• object to or restrict processing based on legitimate interest;
• lodge a complaint with your local data-protection authority.

To exercise any of these rights, email [email protected]with the subject “Privacy request”. We respond within 30 days.

11. Data deletion

To request deletion of your data, send an email to [email protected] with the subject “Data Deletion Request”. Include the email address, phone number or account identifier associated with the data. We confirm receipt within 7 days and complete deletion within 30 days, except where retention is required by law (for example, billing records). Deletion is propagated to our AI provider caches and to backups within their respective retention windows.

12. Cookies

The website uses functional cookies that are required for the site to operate, and analytics cookies that help us improve the Service. You can disable cookies in your browser settings; some functions of the website may then not work as intended.

13. Security

We apply technical and organisational measures to protect personal data: TLS encryption in transit, role-based access control, audit logging, and regular security reviews. The website operates over HTTPS only.

14. Children

The Service is not directed at, and is not intended for use by, persons under the age of 18. We do not knowingly collect data from children. If you believe a child has provided data to us, contact us and we will delete it.

15. Changes to this Policy

We may update this Policy from time to time. The current version is always available at this URL. For material changes that affect your rights, we notify registered customers by email at least 30 days before the changes take effect.

16. Contact

Operator: Zenium
Email: [email protected]
Telegram: @zeniumsupport_bot