1. Who we are and scope of this policy
ZUWP ("ZUWP," "we," "us," or "our") operates ZUWP OS, an AI-powered growth-marketing advisor platform for direct-to-consumer (DTC) and e-commerce brands. ZUWP places a set of senior "advisors" — covering paid media, lifecycle and retention, SEO, brand, and business intelligence — alongside a customer's own data, and surfaces recommendations the customer can choose to act on.
The legal entity responsible for your information is ZUWP LLC, a Washington limited liability company, with a mailing address of PO Box 3624, Bellevue, WA 98009, United States.
This policy applies to: (a) visitors to zuwp.com and its subdomains, including studio.zuwp.com (the "Website"); (b) people who interact with our interactive demo; (c) customers and authorized users of the ZUWP OS platform and the Content Engine and Studio services (together, the "Services"); and (d) prospects and others who contact us. It does not apply to third-party websites or services we link to.
2. Our roles: controller and processor
Privacy laws distinguish between a party that decides why and how data is processed (a "controller" or "business") and a party that processes data on another's behalf (a "processor" or "service provider"). ZUWP acts in both capacities depending on the data:
- Controller. For information we collect about Website visitors, prospects, demo users, and the individual administrators and authorized users of a customer account (for example, account contact details, billing information, and usage logs), ZUWP is the controller.
- Processor. For the business data a customer connects to ZUWP OS from their own marketing and commerce stack ("Connected Data"), and for any personal information contained in it, ZUWP acts as a processor / service provider on the customer's behalf. The customer is the controller of that data and is responsible for having a lawful basis and any required notices or consents. Our handling of Connected Data is governed by the customer agreement and, where applicable, a Data Processing Addendum ("DPA").
If you are an end customer of a brand that uses ZUWP and you have questions about how your personal data is used, please contact that brand directly, as they are the controller of that data.
3. Information we collect
3.1 Information you provide to us
- Beta access and contact requests. When you submit our "Request beta access" or contact forms, we collect your name, work email, company name (where provided), and the contents of your message.
- Account information. When you are onboarded as a customer, we collect account and profile details, the names and contact information of authorized users, and authentication credentials.
- Goals and configuration. Targets you set in the product (for example, target CAC, ROAS, and retention goals) and other settings.
- Billing information. If you subscribe, billing and transaction details. Card payments are processed by our payment processor; we do not store full payment-card numbers.
- Communications and support. Records of your correspondence with us, including support requests and feedback.
3.2 Connected Data from your stack
With your authorization, ZUWP OS connects to the tools you already run on and ingests data from them to ground your advisors in your real numbers. Connected sources may include, for example, Shopify, Meta Ads, Google Ads, Klaviyo, Google Analytics 4 (GA4), and Google Search Console. This Connected Data may include performance metrics, campaign and creative data, order and revenue data, and, depending on the source and your configuration, personal information about your own customers (such as customer or subscriber identifiers and engagement data). You control which sources you connect and may disconnect them at any time.
3.3 Demo interactions
Our interactive demo lets anyone ask an advisor questions without signing up. We process the questions you submit and may log them to operate, secure, and improve the demo. Please do not enter sensitive personal information into the demo.
3.4 Information we collect automatically
- Usage and device data. Pages viewed, features used, actions taken, approximate location derived from IP address, browser and device type, and similar analytics.
- Log data. IP address, timestamps, referring pages, and diagnostic data used for security and troubleshooting.
- Cookies and similar technologies. See Section 7.
Sensitive information. We do not seek to collect special categories of data (such as health, biometric, or government-ID data). Please do not submit such information to us or through the Services.
4. How we use information
We use information for the following purposes:
- Provide, operate, and maintain the Website and Services, including generating advisor recommendations and answering questions from your connected data.
- Set up and manage your account, authenticate users, and provide customer support.
- Process the Connected Data you authorize, on your behalf and in accordance with your instructions and the customer agreement.
- Respond to beta requests, inquiries, and other communications.
- Process payments, manage subscriptions, and prevent and detect fraud.
- Monitor, secure, debug, and improve the Website and Services, including analyzing usage trends.
- Send service and transactional messages and, where permitted, marketing communications you can opt out of.
- Comply with legal obligations and enforce our terms and agreements.
5. Artificial intelligence and your data
ZUWP OS uses artificial intelligence, including large language models, to analyze your data and produce recommendations and answers. We want to be clear about how this works:
- Your data stays yours. Connected Data and your business information are private to your company and are used to operate your advisors — not shared with other customers.
- No training of third-party public models on your data. We do not permit your Connected Data or customer content to be used to train third-party providers' general-purpose AI models. Where we use third-party AI providers as subprocessors, we contract for them to process inputs only to return outputs to us and not to train their models on that content.
- Advisory by design. Recommendations are suggestions, not commands; the platform does not act on its own. Optional automations run only after you turn them on, and they report back to you.
- Accuracy. AI output can be incomplete or wrong. You are responsible for reviewing recommendations before relying on or acting on them. See the disclaimers in our Terms of Service.
6. Legal bases for processing (EEA/UK)
If you are in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR when we act as a controller:
- Contract. To provide the Website and Services you request and to administer your account and billing.
- Legitimate interests. To secure, operate, analyze, and improve our Services, to communicate with prospects, and to prevent fraud — balanced against your rights.
- Consent. For certain marketing communications and non-essential cookies, where required. You can withdraw consent at any time.
- Legal obligation. To comply with applicable laws.
Where we process Connected Data as a processor, the customer (controller) is responsible for establishing the legal basis for that processing.
7. Cookies and similar technologies
We and our analytics providers use cookies and similar technologies to run the Website, remember preferences, measure performance, and understand usage. You can control cookies through your browser settings and, where offered, our cookie controls. Blocking some cookies may affect how the Website functions. Where required by law, we obtain consent for non-essential cookies.
8. How we share information
We do not sell your personal information for money. We share information only as described below:
- Service providers / subprocessors. With vendors that help us run the Services under contract — for example, cloud hosting, AI/model providers, analytics, email delivery, and payment processing. Representative categories are listed below.
- At your direction. With the third-party tools you connect, and with people you authorize on your account.
- Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to this policy.
- Legal and safety. To comply with law, enforce our agreements, or protect the rights, property, and safety of ZUWP, our customers, or others.
Subprocessor categories. The representative categories of subprocessors we use are:
| Category | Purpose |
|---|---|
| Cloud hosting and infrastructure | Host and run the Website and Services |
| AI / large-language-model providers | Generate recommendations and answers from your data |
| Analytics and product monitoring | Measure usage and performance; debug issues |
| Email and communications | Send service and marketing messages |
| Payment processing | Process subscription payments |
| Data integrations / connectors | Connect to the sources you authorize (e.g., Shopify, ad platforms, Klaviyo, GA4, Search Console) |
A current list of subprocessors is available on request and, for customers, may be maintained under the applicable DPA.
9. How ZUWP OS accesses and uses Google user data
Effective June 29, 2026. ZUWP OS is operated by ZUWP LLC ("ZUWP," "we," "us"). When you connect a Google account to ZUWP OS, you grant us read-only access to specific Google services. This section explains exactly what we access, why, how we store it, and how we share it, and supplements the rest of this Privacy Policy.
Google services we access, and why
| Google data | Scope | Why we access it |
|---|---|---|
| Google Analytics | analytics.readonly | Read your GA4 traffic, engagement, and conversion metrics to power the BI copilot's answers and marketing recommendations. Read-only. |
| Google Search Console | webmasters.readonly | Read organic search performance (clicks, impressions, queries, rankings) to power SEO recommendations. Read-only. |
| Google Meet | meetings.space.readonly | Read conference records and transcripts to generate action-oriented meeting summaries routed to your teams. We store only the generated summary — we never retain the raw transcript. |
| Google Drive | drive.file | Access only the specific files and folders you explicitly select through the Google Picker, to summarize them into knowledge that grounds your advisors. We cannot see any other files in your Drive. We store only the generated summary, not the original file. |
| Account sign-in | openid, email | Identify your Google account and associate the connection with your organization. |
How we use this data
- We use Google user data solely to provide and improve the user-facing features described above — answering questions and producing recommendations for your organization.
- To generate those results, we send content derived from your connected Google data to our large-language-model providers — currently Moonshot AI and Anthropic — acting as subprocessors, strictly to produce your answers and recommendations.
- We do not use Google user data for advertising, to train our own models, or for any purpose beyond providing the features you use.
- We do not sell Google user data or transfer it to data brokers.
How we store and protect it
- OAuth credentials (refresh tokens) are encrypted at rest (AES-256-GCM) and are never exposed in our interface.
- All data is isolated per organization; members of one organization cannot access another's data.
- Data is transmitted over encrypted connections (TLS).
- Access is limited to authorized members of your organization and to personnel who need it to operate the service.
- We retain Google-derived content while your organization's account is active, and delete it when you remove it or close your account.
How we share it
- With the AI subprocessors named above (Moonshot AI, Anthropic), strictly to deliver the features you use.
- With infrastructure and service providers (e.g., hosting) bound by confidentiality obligations.
- We do not otherwise share Google user data with third parties, except with your consent, to comply with applicable law, or to protect against security threats.
Your choices and controls
- You can disconnect any Google connection at any time from the Integrations page in ZUWP OS, which revokes our access and deletes the stored credentials.
- You can review and revoke ZUWP OS's access directly at myaccount.google.com/permissions.
- You can request deletion of data derived from your Google account by contacting us at hello@zuwp.com.
Limited Use disclosure
ZUWP OS's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
10. International data transfers
ZUWP is based in the United States, and we and our service providers may process information in the United States and other countries. Where we transfer personal data from the EEA, the UK, or Switzerland to a country without an adequacy decision, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum), together with additional measures where needed. A copy of the relevant safeguards is available on request.
11. Data retention
We retain personal information for as long as needed to provide the Services, maintain your account, comply with our legal obligations, resolve disputes, and enforce our agreements. Connected Data is retained for the duration of your use of the relevant integration and as set out in the customer agreement; on termination or disconnection, we delete or return Connected Data as described there, subject to legal retention requirements and routine backup cycles. We retain Website and prospect data only as long as reasonably necessary for the purposes described in this policy.
12. How we protect your information
We maintain administrative, technical, and organizational measures designed to protect personal information — including encryption in transit, access controls, and the principle of least privilege. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for the access you grant to authorized users and connected tools.
13. Your privacy rights
13.1 EEA / UK (GDPR)
Subject to conditions and exceptions, you may have the right to access, correct, delete, or restrict processing of your personal data; to object to processing based on legitimate interests; to data portability; and to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority.
13.2 California (CCPA/CPRA)
If you are a California resident, you may have the right to know what personal information we collect, use, and disclose; to access and delete it; to correct inaccurate information; and to opt out of any "sale" or "sharing" of personal information and to limit use of sensitive personal information. We do not sell personal information for money, and we do not knowingly "share" it for cross-context behavioral advertising in exchange for value. We will not discriminate against you for exercising these rights. You may use an authorized agent to submit a request.
13.3 Other U.S. states and regions
Residents of other states and jurisdictions with comprehensive privacy laws may have similar rights. We honor applicable rights regardless of where you live, consistent with law.
13.4 How to exercise your rights
To make a request, email us at hello@zuwp.com. We will verify your request and respond within the timeframe required by applicable law. If your request concerns Connected Data for which a ZUWP customer is the controller, we will refer the request to that customer or assist them in responding.
14. Children's privacy
The Website and Services are intended for businesses and are not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, please contact us so we can delete it.
15. Third-party services and links
The Services connect to and the Website may link to third-party services (for example, the platforms you authorize and external sites referenced in our content). Their use of your information is governed by their own privacy policies and terms, not this policy. We encourage you to review them.
16. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Website or Services after an update means you accept the revised policy.
17. Contact us
If you have questions or requests about this policy or your personal information, contact us at:
ZUWP
Email: hello@zuwp.com
Mailing address: PO Box 3624, Bellevue, WA 98009, United States.