Privacy Policy

Effective date: January 22, 2026

This Privacy Policy explains how DelegateZero (“DelegateZero,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use our website, applications, APIs, and related services (collectively, the “Services”).

This document is a template and should be reviewed by qualified counsel to ensure it matches your actual data practices, vendors, and jurisdictional requirements.

1. Summary

  • What we do: DelegateZero is a decision proxy/knowledgebase service that helps users delegate decision-making under constraints they control.
  • What we collect: account details, usage data, and—if you choose—knowledgebase content and integration data needed to provide the Services.
  • How we use it: to operate the Services, secure them, provide audit logs, support customers, and improve reliability and performance.
  • Your control: you control what you add to your knowledgebase and which integrations you connect. You can request access, deletion, and other rights as described below.

2. Information We Collect

2.1 Information you provide

  • Account information: name, email address, password (stored as a salted hash), organization/workspace name, and billing details (handled by our payment processor where applicable).
  • Support communications: information you provide when you contact us (e.g., support tickets, emails).
  • Content you submit: information you add to DelegateZero such as preferences, policies, examples, templates, prior decisions, and other knowledgebase entries (“Customer Content”).

2.2 Information collected automatically

  • Usage data: pages or screens viewed, features used, timestamps, API request metadata, and general interaction patterns.
  • Device and log data: IP address, browser type, operating system, device identifiers, referrer URL, and related diagnostic information.
  • Security data: authentication events, access logs, and signals used to detect abuse, fraud, or attacks.

2.3 Information from integrations and connected systems (optional)

If you connect third-party services (for example, Slack, email providers, CRMs, ticketing systems, HRIS, or other tools), we may receive information from those services to provide the features you enable. This may include:

  • Message content, metadata (sender, channel, timestamps), and thread context
  • Contact and account records, deal/ticket context, status fields, and notes
  • Policy-relevant attributes (e.g., role, department, limits, escalation paths)

The scope of data depends on the permissions you grant and the configuration you choose. You can disconnect an integration at any time.

2.4 Cookies and similar technologies

We use cookies and similar technologies for authentication, preferences, analytics, and security. See Cookies & Tracking for details.

2.5 Sensitive information

We do not require sensitive personal information to provide the Services. Please avoid submitting sensitive data (e.g., government IDs, health information) unless necessary for your use case and you have the right to do so. If you do submit sensitive data, you remain responsible for ensuring compliance with applicable laws and policies.

3. How We Use Information

We use information for the following purposes:

  • Provide and operate the Services: authenticate users, process requests, and deliver decisions, drafts, escalations, and audit logs.
  • Maintain the knowledgebase: store and retrieve Customer Content to support delegated decision-making under your configured rules.
  • Integrations: connect to third-party systems you authorize and retrieve context when required for a decision.
  • Security and fraud prevention: protect accounts, prevent abuse, enforce rate limits, and investigate suspicious activity.
  • Support and communications: respond to support requests and send service-related notices.
  • Analytics and improvement: understand usage trends, improve reliability, and develop new features.
  • Legal compliance: comply with applicable laws, respond to lawful requests, and enforce our terms.

3.1 Legal bases (EEA/UK and similar jurisdictions)

If you are in the EEA/UK (or similar jurisdictions), we process personal data under the following legal bases:

  • Contract: to provide the Services you requested.
  • Legitimate interests: to secure, improve, and operate our Services (balanced against your rights).
  • Consent: for certain cookies or marketing communications (where required).
  • Legal obligation: to comply with applicable laws and lawful requests.

3.2 No sale of personal information

We do not sell your personal information. We do not share personal information for cross-context behavioral advertising as that term is used under certain privacy laws (unless explicitly disclosed and enabled).

4. How We Share Information

We may share information in the following circumstances:

4.1 Service providers (processors)

We use trusted third parties to help operate the Services (for example: hosting, analytics, customer support, error monitoring, and payment processing). These providers are authorized to process information only as needed to provide services to us and are required to protect it.

4.2 Integrations you enable

If you connect third-party services, we may send limited information back to those services to perform actions you request (e.g., posting a reply, creating a ticket, updating a record). The specific data shared depends on the integration and your configuration.

4.3 Legal and safety

We may disclose information if we believe in good faith that such disclosure is necessary to (a) comply with the law or legal process, (b) protect the rights, property, or safety of DelegateZero, our users, or others, or (c) investigate fraud or security issues.

4.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will provide notice if required by law.

4.5 Aggregated or de-identified data

We may share aggregated or de-identified data that cannot reasonably be used to identify you (for example, usage metrics or performance statistics).

5. Data Processing Roles

5.1 Customer Content and controller/processor roles

For Customer Content you submit (including knowledgebase entries and integration-derived content), you (or your organization) are typically the controller and DelegateZero is the processor, processing such data on your behalf to provide the Services.

5.2 Subprocessors

We may use subprocessors to help deliver the Services (e.g., cloud hosting). If required for your customers, we can provide a list of subprocessors and updates through our documentation or upon request.

5.3 Data Processing Addendum (DPA)

If your use of the Services is subject to GDPR/UK GDPR or similar laws, we may offer a Data Processing Addendum governing our processing of personal data on your behalf. (Link your DPA here if available.)

6. Cookies & Tracking

6.1 Types of cookies we use

  • Strictly necessary: authentication, session management, security.
  • Preferences: remember settings such as theme, region, or display options.
  • Analytics: understand usage and improve performance.
  • Marketing: (optional) measure campaigns or communicate updates where permitted.

6.2 Managing cookies

You can control cookies through your browser settings. If we provide a cookie preference tool, you can use it to manage non-essential cookies. Note that disabling certain cookies may affect site functionality.

6.3 Do Not Track

Some browsers offer a “Do Not Track” setting. Because there is no consistent industry standard for how to respond, we do not respond to Do Not Track signals.

7. Data Retention

We retain information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary depending on the type of data and your plan settings.

  • Account data: retained while your account is active and as needed thereafter for legal or operational purposes.
  • Audit logs: retained based on plan and configuration; may be longer for compliance needs.
  • Customer Content: retained until you delete it, delete your workspace, or as required to provide the Services.
  • Backups: deleted on a rolling basis after a limited period, subject to system constraints.

If you request deletion, we will delete or de-identify information unless we must retain it for legal obligations or legitimate business purposes (e.g., security and fraud prevention).

8. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, disclosure, alteration, and destruction. These may include encryption in transit, access controls, and monitoring.

No method of transmission or storage is 100% secure. You are responsible for keeping your credentials secure and for configuring access and permissions appropriately.

9. Your Rights & Choices

9.1 Account and profile

You can update certain account information through your account settings. You may also contact us to request changes or deletion.

9.2 Access, correction, deletion, portability

Depending on your location, you may have rights to request access to, correction of, deletion of, or portability of your personal data. You can exercise these rights by contacting us using the details below.

9.3 Objection and restriction

In some jurisdictions, you may have the right to object to certain processing or request that we restrict processing.

9.4 Consent withdrawal

If we rely on consent to process your personal data (for example, certain cookies), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

9.5 Marketing communications

You can opt out of marketing emails by using the unsubscribe link in those messages. We may still send you transactional or service-related communications.

9.6 U.S. state privacy rights (if applicable)

If you reside in certain U.S. states, you may have additional rights (e.g., to know, access, delete, correct, or opt out of certain processing). If applicable, we will honor verified requests as required by law.

10. International Data Transfers

We may process and store information in countries other than your country of residence. Where required, we use appropriate safeguards for international transfers, such as Standard Contractual Clauses or other lawful mechanisms.

11. Children’s Privacy

The Services are not directed to children under 13 (or the minimum age required by your jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided personal data, please contact us so we can take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by posting the updated policy on this page and updating the “Effective date” above, and/or by other means as required by law.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

If you are in the EEA/UK and believe we have not adequately addressed your concerns, you may have the right to lodge a complaint with your local data protection authority.