Introduction

Welcome to Zenith Workflows. When you hire us to investigate and document your automation workflows, you're entrusting us with access to sensitive business information. This Privacy Policy explains how we collect, use, store, and protect your data.

This policy is written in plain language because we believe transparency shouldn't require a law degree to understand.

Who This Policy Applies To

This Privacy Policy applies to:

• Visitors to zenithworkflows.com
• Prospective clients who contact us through our website
• Clients who engage our services

Information We Collect

From Website Visitors

• Contact information you provide through our contact form (name, email)
• Usage data including an anonymized IP address, your country, browser type, and how you interact with our website
• Technical information necessary to enhance your browsing experience and security

From Clients During Service Delivery

• Account credentials for Make, Zapier, or other workflow automation platforms
• Business process information revealed during our consultations and investigations
• System access information including API keys, connection details, and authentication tokens
• Communication content from our emails, calls, and messages

How We Use Your Information

Website Visitor Information

• To communicate with you when you request information
• To improve our website functionality and content
• To analyze visitor patterns and service interest

Client Information

• To deliver the workflow investigation and documentation services you've requested
• To authenticate with your systems as needed to perform our work
• To create deliverables including workflow maps and documentation
• To maintain our business relationship and provide ongoing support if contracted

The Legal Basis for Processing Your Data

We process your data based on:

• Contract fulfillment: When necessary to deliver services you've requested
• Legitimate interests: To operate our business effectively
• Consent: When you explicitly agree to specific data processing
• Legal obligations: When required by applicable laws and regulations

How We Protect Your Information

Security is at the core of what we do. We implement industry-standard measures to protect your data:

• Strong authentication: Using multi-factor authentication whenever possible
• Encryption: Applying encryption for data in transit and at rest
• Secure storage: Using enterprise-grade credential management solutions
• Limited retention: Keeping your sensitive data only for as long as needed
• Controlled access: Maintaining strict access controls
• Regular updates: Keeping all systems and software current with security patches

Credential Handling Practices

When you provide access credentials for your systems:

• We document them securely in an encrypted credential manager
• We never store passwords in plain text
• We never share your credentials with third parties
• We revoke or return all access upon project completion

Information Sharing

We maintain strict control over your information. We do not sell your data under any circumstances.

We may share limited information with:

• Service providers we use to run our business (email providers, cloud storage)
• Legal authorities if required by law or to protect legal rights
• Professional advisors such as attorneys or accountants as needed

Any third-party providers we use are bound by confidentiality requirements and must maintain appropriate security controls.

Data Retention

We keep your information only as long as necessary:

• Contact information: Until you ask us to delete it or our business relationship ends
• System credentials: Until project completion or our agreed maintenance period ends
• Documentation created: For the period specified in our contract
• Website analytics: Up to 24 months to analyze website trends

Your Rights Regarding Your Data

At Zenith Workflows, we respect your control over your personal data regardless of your location. We extend the following data rights to all our clients and website visitors:

• Access: You can request a copy of the information we hold about you
• Correction: You can ask us to update or correct any inaccurate information
• Deletion: You can request that we delete your data from our systems
• Restriction: You can ask us to temporarily or permanently stop certain processing activities
• Portability: You can request your data in a structured, commonly used format
• Objection: You can object to certain types of processing activities
• Consent Withdrawal: You can withdraw any previously given consent for data processing

These rights are available to everyone we interact with, not just those in regions with specific privacy regulations. We believe respecting your data rights is simply good business practice and the right thing to do.

To exercise any of these rights, please contact us at [email protected]. We'll respond to all requests promptly, typically within 7 business days.

Cookies and Similar Technologies

Our website currently has minimal use of cookies and focuses on essential functionality only. We don't use tracking cookies for advertising purposes.

For details on exactly what is collected when you visit our website, please see our separate Cookie Policy.

Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We'll notify you of significant changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email to clients with active contracts
• Adding a notice on our website homepage for important changes

Contact Information

If you have questions about this Privacy Policy or how we handle your data:

• Email: [email protected]

Regional Privacy Rights

While we extend core data rights to all our users regardless of location, we also comply with regional privacy regulations that may provide additional protections:

European Economic Area (EEA), UK, and Similar Jurisdictions

For individuals in the EEA or UK, we comply with the General Data Protection Regulation (GDPR). For data protection inquiries, we serve as the data controller for website information and may act as either a controller or processor for client project data depending on our specific agreement.

California Privacy Rights

For California residents, we comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). To be completely clear: we do not sell personal information under any circumstances. The CCPA/CPRA provides California residents with specific rights, and although some (like the right to opt out of data sales) don't apply to our practices, we're committed to honoring all applicable rights and maintaining transparency about our data handling.

Our Global Commitment

We believe in applying the highest standard of privacy protection to all our users. Rather than creating different experiences based on location, we generally extend the core protections required by strict regulations like the GDPR to everyone. This means that regardless of where you're located, you can expect thoughtful and respectful handling of your data.

Professional Commitment

As workflow automation professionals, we understand that we're handling not just technical systems but potentially sensitive business information. We treat your data with the same care and attention that we apply to automation development - with precision, security, and a commitment to clean, maintainable solutions.