Legal
Privacy Policy
This Policy explains how Zesto collects, uses, and shares personal data when you use our websites, product, and related services.
1. Scope
This Policy applies to zesto.dev, the Zesto application, system operator surfaces, and related communications. It does not cover third-party sites or services you connect on your own.
If you use Zesto to run a customer-facing help center, portal, or form for your end users, you are typically the controller of that end-user data; Zesto processes it on your instructions as a service provider / processor, subject to our agreement with you.
2. Data we collect
Account and workspace data. Name, email, authentication identifiers (e.g. OAuth provider ids), profile fields, roles, workspace membership, and settings you configure.
Customer content. Tickets, messages, notes, knowledge, public articles, forms and submissions, contacts, audit events, files, and similar content you or your end users submit to the Service.
Usage and device data. Log data, approximate location from IP, browser and device type, pages and actions in the product, performance diagnostics, and security signals.
Integrations and secrets metadata. Configuration for connected services and the presence of named secrets (we store secret values encrypted; we do not re-display them after save).
Communications. Support requests, feedback, and email you send us.
3. How we use data
We use personal data to:
- Provide, operate, and secure the Service
- Authenticate users and manage workspaces
- Deliver product features you enable (routing, search, AI assist, notifications)
- Prevent fraud, abuse, and security incidents
- Improve reliability and product quality
- Communicate service and account notices
- Comply with law and enforce our Terms
We do not sell personal data. We do not use Customer content to train generalized public foundation models for unrelated third parties. Limited processing for product safety, abuse detection, and service quality may occur as needed to run Zesto.
4. AI processing
When you use AI features, prompts, retrieved knowledge, ticket context, and related outputs may be processed by model providers you or we configure (including platform defaults and BYOK providers). That processing is to generate the feature result for your workspace.
Workspace admins control model providers, skill/tool allowlists, and whether certain content is eligible for public or AI use. Private knowledge and public site content are separate stores; public AI use of internal-only docs is gated by product policy.
7. Retention
We retain personal data for as long as needed to provide the Service, meet legal obligations, resolve disputes, and enforce agreements. Workspace admins may delete content and request workspace closure subject to product tools and backup cycles. Residual copies may remain in encrypted backups for a limited period.
8. Security
We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and encrypted storage of secrets. No method of transmission or storage is perfectly secure; please use strong account protections and manage workspace roles carefully.
9. Your rights and choices
Depending on your location, you may have rights to access, correct, delete, or export personal data, object to or restrict certain processing, and withdraw consent where processing is consent-based. Workspace users should start with their admin for Customer content held in a workspace.
To exercise rights regarding data we control as Zesto (for example your account profile), contact privacy@zesto.dev. We may verify your request before acting.
10. International transfers
We may process data in the United States and other countries where we or our providers operate. Where required, we use appropriate transfer mechanisms (such as standard contractual clauses) for cross-border transfers.
11. Children
The Service is not directed to children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children for Zesto accounts. If you believe a child has provided data, contact us and we will take appropriate steps.
12. Changes to this Policy
We may update this Policy. Material changes will be posted here with a new effective date, and we may notify account owners by email or in-product notice. Continued use after the effective date means you acknowledge the updated Policy.
13. Contact
Privacy questions and requests: privacy@zesto.dev.
Legal: legal@zesto.dev. Support: support@zesto.dev. Related: Terms of Service.