Legal & Trust
Privacy Policy
Last updated: April 2026
1. Who we are
Zoveto Technologies Private Limited (“Zoveto”, “we”, “us”) provides the Zoveto software platform and related services. This policy describes how we process personal and account-related information when you use our website and services.
For privacy requests and data rights: privacy@zoveto.com
2. Data we collect
Depending on how you interact with Zoveto, we may process:
- Account data: email address, name, company name, phone number where provided, and credentials (passwords are stored using strong one-way hashing; we never store them in plain text).
- Usage data: product and website interactions, diagnostic and security logs, approximate device/browser metadata, and session information needed to operate and secure the service.
- Billing and tax data: billing contact details, GST identification where applicable, invoice metadata, and payment references. Card or UPI payment details are handled by our payment service provider; we do not store full card numbers.
- Operational business data you enter: inventory, orders, invoices, and other records you choose to process in the platform (processed on your instructions as part of the service).
- Workforce and customer records submitted by clients: employee role/contact records and customer contact/order records where clients choose to store and process them in Zoveto.
3. Purposes of processing
We use data to:
- Provide, operate, maintain, and secure the Zoveto platform;
- Authenticate users, prevent fraud and abuse, and enforce our terms;
- Bill subscriptions, issue tax-compliant invoices, and meet accounting obligations;
- Improve reliability and performance using aggregated or de-identified analytics where permitted;
- Comply with applicable law and respond to lawful requests.
We do not sell your personal data. We do not use your confidential business records to train third-party AI models unless we have a clear legal basis and, where required, your explicit agreement.
4. Where data is stored
Zoveto hosts production workloads on Amazon Web Services (AWS) infrastructure, with encryption in transit (TLS) and encryption at rest for core data stores. Backup and retention policies are applied in line with our security programme and contractual commitments.
Data may be processed in data centres outside your country of residence when required for infrastructure, resilience, support, or service delivery. We apply appropriate contractual and technical safeguards required by applicable law.
5. Third-party services
We use a limited set of processors and infrastructure providers, including:
- AWS: cloud hosting, storage, networking, and related operational services;
- Payment providers: to collect subscription payments and issue receipts (their privacy notices apply to payment fields they collect directly);
- Analytics: where enabled and only if you consent (e.g. Google Analytics, Microsoft Clarity), to understand aggregated traffic and UX diagnostics on our marketing site.
- Communication providers: transactional email services (including Google Gmail SMTP), for account notifications and service communication.
A current list of material sub-processors is available at /subprocessors. Sub-processor updates are governed by our agreements and applicable law.
7. Retention
We retain information for as long as needed to provide the service, comply with law, resolve disputes, and enforce agreements. Tax, invoicing, and accounting records (including GST-related information) may be retained for periods required under Indian tax and company law. After account termination, operational copies are deleted or anonymised according to our retention schedule, subject to legal holds and statutory retention.
- Account profile data: retained while your account is active and for a limited period after closure for support, audit, and legal purposes.
- Billing and tax records: retained as required under applicable tax and corporate law.
- Security and audit logs: retained for security operations, abuse prevention, and incident response obligations.
8. Your rights
Depending on your jurisdiction (including GDPR and India's Digital Personal Data Protection Act, 2023), you may have rights to access, correct, update, or delete certain personal data, and to withdraw consent where processing is consent-based. You may also have rights to portability or to object to certain processing.
To exercise your rights, contact privacy@zoveto.com. We will verify your request and respond within a reasonable period as required by law, typically within 30 days.
- EU/EEA (GDPR): rights may include access, rectification, erasure, restriction, objection, and portability.
- India (DPDP Act 2023): rights may include access, correction, erasure, grievance redressal, and nomination.
- California (CCPA/CPRA framework): rights may include access, deletion, and choices around data sharing where applicable.
- Other regions: contact privacy@zoveto.com for rights available under applicable local law.
9. International transfers
Where personal data is transferred outside India or your country, we implement appropriate safeguards (such as contractual clauses and technical measures) consistent with applicable regulations.
10. Children
Zoveto is a business platform not intended for children. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a minor, contact us at privacy@zoveto.com.
11. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated as required by law (for example, by email or an in-product notice). Continued use after the effective date constitutes acceptance of the updated policy where permitted.
12. Related policies
13. Contact
Zoveto Technologies Private Limited
Privacy and data rights: privacy@zoveto.com
Security and compliance requests: security@zoveto.com