Zenith Project — Privacy Policy

Effective as of March 24, 2026.

1. Introduction

Zenith Project LLC, a Florida limited liability company (“Provider,” “we,” “us,” or “our”), respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website at app.zenithproject.co (the “Website”) and use our software-as-a-service platform and related services (collectively, the “Services”).

This Privacy Policy applies to information we collect:

• Through the Website and the Services.
• In email, text, and other electronic communications between you and us.
• When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.

This Privacy Policy does not apply to information collected by third parties, including any Third-Party Platform (as defined in our Terms of Service) that may be integrated with or accessible through the Services.

Please read this Privacy Policy carefully. By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices as described in this Privacy Policy, please do not use the Services.

2. Information We Collect

We collect several categories of information from and about users of the Services.

2.1 Information You Provide to Us

We collect information that you voluntarily provide when you register for an account, subscribe to the Services, or otherwise interact with us, including:

• Account Information. When you create an account, we collect your name, email address, password (stored in hashed form), company name, and other registration details.
• Profile Information. Information you add to your account profile, such as your role, job title, or team affiliation.
• Payment Information. If you purchase a subscription, we collect billing details such as payment card information, billing address, and related financial information. Payment card processing is handled by our third-party payment processor, and we do not store complete payment card numbers on our systems.
• Communications. When you contact us for support, submit feedback, or otherwise communicate with us, we collect the content of those communications along with any associated metadata (such as timestamps and email addresses).

2.2 Customer Data

Our Services enable you to submit, upload, and import data for use with the platform, including data from Third-Party Platforms such as LinkedIn. This data (“Customer Data”) may include:

• Contact and prospect information (names, titles, companies, LinkedIn profile URLs, email addresses, phone numbers, and similar professional contact details).
• Conversation logs and messaging history.
• Campaign parameters, lead list configurations, and outreach strategies.
• AI-generated message drafts, voiced messages, and approval records.
• Analytics and performance data related to your outreach campaigns.

As described in our Terms of Service, Customer Data belongs to the Customer. We process Customer Data on your behalf to provide the Services and in accordance with your instructions and this Privacy Policy.

2.3 Information Collected Automatically

When you access or use the Services, we automatically collect certain information, including:

• Log and Usage Data. We collect information about your interactions with the Services, including the pages or features you access, the time and date of your visits, the time spent on pages, clickstream data, and other usage statistics.
• Device and Connection Data. We collect information about the device and internet connection you use to access the Services, including your IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Cookies and Similar Technologies. We use cookies, web beacons, and similar tracking technologies to collect information about your browsing behavior and preferences. See Section 6 (Cookies and Similar Technologies) for more details.

2.4 Information from Third Parties

We may receive information about you from third-party sources, including:

• Third-Party Platforms.When you connect a Third-Party Platform (such as LinkedIn) to the Services, we may receive information from that platform in accordance with your authorization and the platform's terms and policies.
• Service Providers. We may receive information from our service providers that assist us in operating the Services, such as analytics providers.

3. How We Use Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Services

• To create and manage your account.
• To provide, maintain, and improve the Services, including the approval queue, analytics dashboards, and campaign management features.
• To process your transactions and manage your subscriptions.
• To respond to your requests, inquiries, and support tickets.

3.2 AI Processing

Our Services use artificial intelligence and large language models (“AI”) to process Customer Data for the purpose of providing core platform features. Specifically, we use AI to:

• Generate outreach messages. AI drafts initial outreach messages based on campaign parameters and contact data you provide.
• Voice and refine messages. AI applies tone-matching and voicing to align messages with your communication style and brand voice.
• Provide approval suggestions. AI may suggest approval actions to assist navigators (human reviewers) in the approval queue.
• Generate analytics insights. AI may analyze campaign performance data to surface trends, recommendations, and actionable insights.

AI processing is performed using third-party AI providers (such as Anthropic). When we send Customer Data to AI providers for processing, we send only the data necessary to perform the specific task (such as contact details and conversation context for message generation). We do not send account credentials, payment information, or passwords to AI providers. See Section 10 (AI Data Processing) for more details.

3.3 Analytics and Improvement

• To understand how users interact with the Services and to improve the user experience.
• To generate aggregated, anonymized, or de-identified data for analytics, benchmarking, and service improvement purposes.
• To monitor and analyze trends, usage patterns, and activities in connection with the Services.

3.4 Communications

• To send you transactional communications, such as account confirmations, billing notifications, and service updates.
• To send you technical notices, security alerts, and administrative messages.
• To communicate with you about products, services, features, or events we think may be of interest to you, subject to your communication preferences.

3.5 Security and Compliance

• To detect, prevent, and address technical issues, fraud, abuse, and security threats.
• To enforce our Terms of Service and other agreements.
• To comply with applicable laws, regulations, and legal processes.

4. How We Share Information

We do not sell your personal information to third parties. We will never sell your personal information.

We may share information in the following circumstances:

4.1 Service Providers and Subprocessors

We share information with third-party service providers and subprocessors who perform services on our behalf, including:

• Cloud hosting and infrastructure. We use Vercel for application hosting and Google Cloud Platform (via Google APIs) for data storage and processing.
• AI providers. We use third-party AI providers (such as Anthropic) to power the AI features of the Services. See Section 10 (AI Data Processing) for details on what data is shared with AI providers.
• Payment processing. We use third-party payment processors to handle subscription billing and payment transactions.
• Analytics. We use analytics tools to understand usage patterns and improve the Services.
• Communication tools. We use email service providers to send transactional and marketing communications.

All service providers and subprocessors are bound by contractual obligations to keep personal information confidential and to use it only for the purposes for which we disclose it to them.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (such as a court order, subpoena, or government request). We will use commercially reasonable efforts to notify you of such requests where permitted by law.

4.3 Protection of Rights

We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our Terms of Service, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.

4.4 Business Transfers

If we are involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

4.5 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

4.6 Anonymized and Aggregated Data

We may share anonymized or aggregated information that cannot reasonably be used to identify you. Such information is not subject to the restrictions set forth in this Privacy Policy.

5. Customer Data Processing

5.1 Customer as Data Controller

When you use the Services to process personal data of your contacts, prospects, or other individuals, you act as the data controller (or equivalent designation under applicable law) for such data. We process Customer Data on your behalf as a data processor, in accordance with your instructions and the terms of this Privacy Policy and our Terms of Service.

5.2 Customer Responsibilities

You are responsible for ensuring that your collection, use, and processing of Customer Data through the Services complies with all applicable laws, including data protection and privacy regulations. You represent and warrant that you have all necessary rights, consents, and permissions to submit Customer Data to the Services and to authorize us to process it as described in this Privacy Policy and our Terms of Service.

5.3 Customer Data Ownership

As described in our Terms of Service, Customer Data belongs to you. We do not claim ownership of Customer Data. We use Customer Data solely to provide and improve the Services in accordance with your instructions and this Privacy Policy.

6. Cookies and Similar Technologies

6.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website operators.

6.2 How We Use Cookies

We use the following types of cookies:

• Essential Cookies. These cookies are necessary for the Website and Services to function properly. They enable core functionality such as authentication, security, and session management. You cannot opt out of essential cookies without affecting the functionality of the Services.
• Analytics Cookies. These cookies help us understand how users interact with the Services by collecting and reporting information about usage patterns. This information is used to improve the Services.
• Preference Cookies. These cookies remember choices you make (such as language preferences or display settings) to provide a more personalized experience.

6.3 Your Cookie Choices

Most web browsers allow you to manage your cookie preferences through browser settings. You can set your browser to refuse all or some cookies, or to alert you when cookies are being set. Please note that if you disable or refuse cookies, some parts of the Services may become inaccessible or may not function properly.

6.4 Web Beacons and Similar Technologies

We may use web beacons (also known as pixel tags or clear GIFs) in connection with the Services and our emails to track user activity, measure the effectiveness of our communications, and compile statistics about usage and response rates.

7. Google API Services Compliance

Our Services use Google API Services (specifically, the Google Sheets API) to read, write, and store Customer Data. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request the minimum necessary access to Google user data required to provide the Services.
• We do not use data obtained through Google APIs for advertising purposes.
• We do not sell or share data obtained through Google APIs with third parties for any purpose unrelated to providing the Services.
• All use of data obtained through Google APIs is solely for the purpose of enabling the core features of the Services, such as reading and writing campaign and contact data.
• We restrict human access to data obtained through Google APIs unless (a) we have your explicit consent, (b) it is required for security purposes or legal compliance, or (c) it is necessary for internal operations (such as debugging or abuse prevention), and in all cases only under strict access controls.
• We do not allow offline storage or export of data obtained through Google APIs except when necessary to support the specific features of the Services you have authorized.
• We maintain appropriate technical and organizational safeguards to protect all data obtained through Google APIs.

8. Data Security

We implement commercially reasonable technical and organizational measures designed to protect personal information from unauthorized access, use, alteration, disclosure, and destruction. These measures include:

• Encryption. Passwords are hashed using bcrypt. Data in transit is encrypted using TLS/SSL.
• Access Controls. Access to personal information is restricted to authorized personnel on a need-to-know basis. We use role-based access controls and authentication mechanisms to limit access.
• Infrastructure Security.Our application is hosted on Vercel, which maintains industry-standard security certifications and practices. Data storage through Google Cloud Platform benefits from Google's enterprise-grade security infrastructure.
• Monitoring. We monitor our systems for potential vulnerabilities and security incidents.

While we take reasonable steps to protect your information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information. Any transmission of personal information is at your own risk, and we are not responsible for circumvention of any privacy settings or security measures contained in the Services.

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

• Account Information. We retain your account information for as long as your account is active or as needed to provide the Services. If you close your account, we will delete or anonymize your account information within a commercially reasonable time, subject to our legal obligations.
• Customer Data. We retain Customer Data for the duration of your Subscription Term. As described in our Terms of Service, thirty (30) days following termination of your account, you will have no further access to Customer Data, and we may delete it at any time thereafter.
• Log and Usage Data. We retain log and usage data for a reasonable period to analyze trends, administer the Services, and gather demographic information.
• Communications. We retain records of communications with you (such as support requests) for as long as necessary to resolve the matter and for a reasonable period thereafter for quality assurance and legal purposes.

When personal information is no longer required, we delete it or take steps to anonymize it in accordance with applicable laws. If deletion is not immediately possible (for example, because the information has been stored in backup archives), we will securely store the information and isolate it from further processing until deletion is possible.

10. AI Data Processing

We believe in transparency about how artificial intelligence is used within the Services. This section describes how Customer Data is processed by AI systems.

10.1 Data Sent to AI Providers

When AI features of the Services are used, we transmit certain Customer Data to third-party AI providers (such as Anthropic) for processing. The data transmitted may include:

• Contact and prospect information (names, titles, companies, LinkedIn profile details).
• Conversation history and messaging context.
• Campaign parameters and outreach strategies.
• Previously generated or approved messages (for context and tone-matching).

10.2 Data Not Sent to AI Providers

We do not send the following to AI providers:

• Account credentials or passwords.
• Payment or billing information.
• Internal system identifiers or API keys.

10.3 AI Provider Data Policies

Our primary AI provider, Anthropic, does not use data submitted through its API to train its AI models. We select AI providers that maintain robust data handling and privacy practices. We contractually require AI providers to process Customer Data solely for the purpose of providing their services to us and to maintain appropriate security measures.

10.4 No Training on Customer Data

We do not use Customer Data to train, fine-tune, or improve any AI or machine learning models, whether our own or those of third parties. Customer Data is processed by AI solely to generate outputs (such as message drafts) for your use within the Services.

11. Your Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. We honor the following rights for all users, regardless of jurisdiction:

11.1 Right of Access

You have the right to request a copy of the personal information we hold about you. You can access much of your information directly through your account settings.

11.2 Right to Rectification

You have the right to request that we correct any personal information that is inaccurate or incomplete. You can update much of your information directly through your account settings.

11.3 Right to Erasure

You have the right to request that we delete your personal information, subject to certain exceptions (such as where we need to retain the information to comply with legal obligations or to establish, exercise, or defend legal claims).

11.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or object to our processing of it.

11.5 Right to Data Portability

You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format, and to request that we transfer it to another service provider where technically feasible.

11.6 Right to Object

You have the right to object to our processing of your personal information for direct marketing purposes. You can exercise this right by unsubscribing from our marketing communications at any time using the unsubscribe link in any marketing email or by contacting us at the address below.

11.7 Right to Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

11.8 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within a reasonable timeframe and in accordance with applicable law. We may ask you to verify your identity before processing your request.

12. Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If you are under 18, please do not use the Services or provide any information to us.

If we learn that we have collected personal information from a person under 18 without verification of parental consent, we will delete that information promptly. If you believe we may have collected information from or about a child under 18, please contact us at [email protected].

13. International Data Transfers

We are based in the United States and process and store information in the United States and other countries. If you are located outside of the United States, please be aware that your information may be transferred to, stored in, and processed in the United States or other jurisdictions where our service providers operate.

These countries may have data protection laws that are different from the laws of your country of residence. By using the Services, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy.

Where required by applicable law, we implement appropriate safeguards for international data transfers, such as standard contractual clauses or other mechanisms recognized by applicable data protection authorities.

14. Third-Party Links and Services

The Services may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to any third-party websites or services. We are not responsible for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policy of every website or service you visit or use.

Our Services integrate with Third-Party Platforms (such as LinkedIn). Your use of Third-Party Platforms is governed by the terms and privacy policies of those platforms. We are not responsible for how Third-Party Platforms collect, use, or disclose your information.

15. Legal Basis for Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal information only when we have a valid legal basis to do so. These legal bases include:

• Performance of a Contract. We process your information as necessary to provide the Services you have requested and to manage your account.
• Legitimate Interests. We process your information where it is necessary for our legitimate business interests (such as improving the Services, preventing fraud, and ensuring security), provided that these interests are not overridden by your rights and freedoms.
• Legal Obligations. We process your information where it is necessary to comply with applicable laws, regulations, or legal processes.
• Consent. We process your information where you have given us your consent to do so for specific purposes. You may withdraw your consent at any time.

16. State-Specific Privacy Rights

Residents of certain U.S. states (including but not limited to California, Colorado, Connecticut, Florida, Virginia, and other states with comprehensive privacy laws) may have additional rights regarding their personal information under applicable state privacy laws. These rights may include:

• The right to confirm whether we process your personal information.
• The right to access and obtain a copy of your personal information.
• The right to delete your personal information.
• The right to correct inaccuracies in your personal information.
• The right to data portability.
• The right to opt out of the processing of personal information for targeted advertising, the sale of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects.

We do not sell personal information. We do not use personal information for targeted advertising based on activities across unaffiliated websites or applications.

To exercise any rights available to you under applicable state privacy laws, please contact us at [email protected]. We will respond to your request in accordance with applicable law.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable laws. If we make material changes, we will notify you by posting the updated Privacy Policy on the Website with a new effective date and, where appropriate, by sending you an email notification or providing a notice through the Services.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of the Services after the updated Privacy Policy becomes effective constitutes your acceptance of the updated Privacy Policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Zenith Project LLC
Email: [email protected]

19. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of laws principles, consistent with our Terms of Service.