GDPR & CCPA Compliant

Last Updated: January 1, 2025

Privacy Policy

ZorroFlow Inc. is committed to protecting your privacy. This Privacy Policy outlines how we handle your data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws.

1. Data Controller

For the purposes of GDPR, the Data Controller is:

ZorroFlow Inc.
Legal Department
privacy@zorroflow.com

2. Data We Collect

Account Data

Information you provide when creating an account:

  • Name and email address
  • Billing address and payment method details (processed via PCI-compliant providers)
  • Company name (optional)

Traffic Data

Data necessary for SMS transmission:

  • Phone numbers (sender/recipient)
  • Message content (transiently processed, not stored long-term)
  • Timestamps and delivery status

Technical Data

For security and fraud prevention:

  • IP addresses and API key usage logs
  • Device fingerprints and browser information
  • Error logs and performance data

3. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Art. 6):

Art. 6(1)(b)
Contractual Necessity

To deliver the SMS services you have requested.

Art. 6(1)(f)
Legitimate Interests

To prevent fraud, ensure network security, and improve our routing algorithms.

Art. 6(1)(c)
Legal Obligation

To comply with telecommunications regulations and record-keeping requirements.

4. International Transfers

ZorroFlow operates globally. Data may be transferred to servers located in the United States or other jurisdictions. For transfers from the EEA/UK to third countries, we rely on the European Commission's Standard Contractual Clauses (SCCs) to ensure adequate protection.

5. Data Retention

Data TypeRetention Period
Account dataDuration of account + 30 days
Message logs90 days
Billing records7 years (legal requirement)
API logs30 days

6. Your Rights

Depending on your jurisdiction, you have the right to:

Access your data

Request a copy of all personal data we hold

Rectify inaccurate data

Correct any incorrect information

Request erasure

“Right to be Forgotten” - delete your data

Data portability

Receive your data in a structured format

Object to processing

Opt-out of certain data uses

Withdraw consent

Revoke previously given consent

To exercise these rights, contact us at dpo@zorroflow.com.

7. Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All data is encrypted using TLS 1.3
  • Encryption at rest: Database encryption using AES-256
  • Secure API keys: Hashed storage with configurable permissions
  • Regular audits: Periodic security assessments and penetration testing

8. Contact Us

For privacy-related inquiries, contact our Data Protection Officer at privacy@zorroflow.com