Privacy Policy

Effective Date: June 1, 2022
Last modified: November 15, 2024

1. Introduction and Scope

Zone Huddle, LLC (“Zone Huddle,” “Company,” “we,” “us,” or “our”) operates the website located at https://zonehuddle.com and related mobile applications, browser extensions, and API services (collectively, the “Service”). This Privacy Policy (“Policy”) describes our practices regarding the collection, use, disclosure, and protection of information that we collect from or about you when you access or use our Service.

By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, you must not access or use our Service.

Business Address: 8735 Dunwoody Place, Atlanta, GA 30350

2. Definitions

“Personal Information” means any information relating to an identified or identifiable natural person
“Controller” means the entity that determines the purposes and means of processing Personal Information
“Processor” means an entity that processes Personal Information on behalf of a Controller
“Data Subject” means the individual to whom Personal Information relates
“Service Provider” means any third party that processes information on our behalf

3. Information We Collect

3.1 Information You Provide Directly

Account Registration: Full name, email address, password, company name, job title, phone number, billing address
Payment Information: Credit card details, billing address, tax identification numbers (processed by our payment processor Stripe)
Profile Information: Time zone, language preference, profile photo, department, role
Calendar Data: Meeting titles, descriptions, times, locations, attendees, recurring patterns, availability preferences
Team Information: Team member names, email addresses, roles, permissions, organizational hierarchy
Integration Data: OAuth tokens, API keys, workspace IDs, channel preferences
Communication Data: Support tickets, feedback, survey responses, chat transcripts, email correspondence
User Content: Files uploaded, notes, custom fields, tags, categories

3.2 Information Collected Automatically

Device Information: IP address, device ID, hardware model, operating system, browser type and version, screen resolution
Usage Data: Features accessed, buttons clicked, pages viewed, session duration, frequency of use, error logs
Location Data: Country, state, city (derived from IP address)
Cookie Data: Session cookies, preference cookies, analytics cookies (see Section 6)
Log Data: Server logs, error reports, performance metrics, API calls

3.3 Information from Third-Party Integrations

Google Workspace: Calendar events, contacts, availability, Google Meet links, workspace domain
Microsoft 365: Outlook calendar data, Teams meeting information, Azure Active Directory data
Slack: Workspace information, user IDs, channel data, team member lists, custom emoji
Future Integrations: Microsoft Teams, Google Chat

3.4 Information from Other Sources

Public Sources: Company information from public databases
Marketing Partners: Lead information from legitimate B2B marketing sources
Referral Programs: Information provided by users who refer others

4. Legal Basis for Processing (for EEA, UK, and Swiss Users)

We process Personal Information based on the following legal grounds:

Contractual Necessity: To provide the Service you’ve requested
Legitimate Interests: To improve our Service, prevent fraud, ensure security
Consent: For marketing communications and optional features
Legal Obligations: To comply with applicable laws and regulations
Vital Interests: To protect someone’s life or physical safety

5. How We Use Your Information

5.1 Service Provision

Create and manage user accounts
Provide calendar scheduling functionality
Enable team collaboration features
Process payments and manage subscriptions
Send transactional communications

5.2 Service Improvement

Analyze usage patterns and user behavior
Develop new features and functionality
Optimize user interface and experience
Conduct A/B testing and analytics
Generate aggregated insights and benchmarks

5.3 Communications

Send service-related announcements
Provide customer support
Send marketing communications (with consent)
Conduct user surveys and research
Notify about security incidents

5.4 Legal and Security

Detect and prevent fraud
Monitor for security threats
Enforce our Terms of Service
Comply with legal obligations
Protect our legal rights

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

Essential Cookies: Required for Service functionality
Analytics Cookies: Google Analytics
Preference Cookies: Remember user settings
Marketing Cookies: Track campaign effectiveness

6.2 Third-Party Analytics

We use the following analytics services:

Google Analytics (see Google’s privacy policy)

6.3 Your Cookie Choices

Browser settings to block cookies
Google Analytics opt-out browser extension
Cookie preference center on our website

7. Information Sharing and Disclosure

7.1 Service Providers

We share information with third-party service providers including:

Payment Processing: Stripe
Email Services: Sendgrid/Twilio
Cloud Infrastructure: Google Cloud, Amazon Cloud, Hivelocity
Customer Support: Intercom, Bold Desk
Analytics: Google Analytics

7.2 Integration Partners

Data necessary for integration functionality only
Subject to their respective privacy policies
Users must explicitly authorize each integration

7.3 Legal Disclosures

We may disclose information when:

Required by law, subpoena, or court order
Necessary to protect safety or prevent illegal activity
Investigating potential violations of our Terms
Defending against legal claims
Requested by government authorities

7.4 Business Transfers

In the event of merger, acquisition, bankruptcy, or sale of assets, Personal Information may be transferred to the successor entity.

7.5 Aggregated Data

We may share aggregated, non-identifiable data publicly or with partners.

7.6 Consent

With your explicit consent for purposes not listed above.

8. Data Security

8.1 Security Measures

Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
Access Controls: Role-based permissions, multi-factor authentication
Infrastructure: SOC 2 compliant hosting providers
Monitoring: 24/7 security monitoring and intrusion detection
Incident Response: Documented incident response procedures
Employee Training: Regular security awareness training
Vulnerability Management: Regular security assessments and penetration testing

8.2 Data Breach Notification

In the event of a data breach affecting Personal Information, we will notify affected users within 72 hours of discovery, as required by applicable law.

9. Data Retention

9.1 Retention Periods

Account Data: Duration of account plus 365 days
Calendar Data: 6 months
Payment Records: 3 years for tax compliance
Support Tickets: Until consent withdrawn
Analytics Data: Until consent withdrawn
Marketing Data: Until consent withdrawn

9.2 Deletion

Upon account termination, we will delete or anonymize Personal Information within 90 days, except where retention is required by law.

10. Your Rights and Choices

10.1 Access Rights

You have the right to:

Access your Personal Information
Receive a copy in a portable format
Know what information we collect

10.2 Control Rights

Correction: Update inaccurate information
Deletion: Request deletion (subject to legal obligations)
Restriction: Limit processing in certain circumstances
Objection: Object to certain processing activities
Portability: Export data in machine-readable format
Withdraw Consent: For consent-based processing

10.3 How to Exercise Rights

Submit requests to: privacy@zonehuddle.com or through your account settings.

10.4 California Privacy Rights

California residents have additional rights under CCPA:

Right to know categories and sources of Personal Information
Right to non-discrimination for exercising privacy rights
Right to opt-out of “sale” of Personal Information (we do not sell Personal Information)

10.5 European Privacy Rights

EEA, UK, and Swiss residents have additional rights under GDPR:

Right to lodge a complaint with supervisory authorities
Right to appoint a representative
Supervisory Authority: None

11. International Data Transfers

11.1 Transfer Mechanisms

We are based in the United States of America. If you access our Service from outside the United States of America, your information may be transferred to and processed in:

the United States of America

11.2 Safeguards

We ensure appropriate safeguards through:

Standard Contractual Clauses
Adequacy decisions
Binding Corporate Rules (where applicable)

12. Children’s Privacy

Our Service is not directed to individuals under 16 years of age. We do not knowingly collect Personal Information from children under 16. If we become aware of such collection, we will delete the information immediately.

13. Third-Party Links and Services

Our Service may contain links to third-party websites and services. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

14. Marketing and Communications

14.1 Marketing Preferences

Opt-in required for marketing emails
Unsubscribe link in every marketing email
Account settings to manage preferences
Different categories of communications

14.2 Do Not Track

We do not currently respond to Do Not Track browser signals.

15. Data Protection Officer

Name: Mark Cusant
Email: dpo@zonehuddle.com
Address: 8735 Dunwoody Pl, Atlanta, GA 30350

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Email notification
Prominent notice on our Service
Requiring acknowledgment for continued use

The “Last Updated” date at the top indicates the latest revision.

17. Jurisdiction-Specific Provisions

17.1 European Economic Area

Representative: None

17.2 United Kingdom