Privacy Policy
Zivy Applications India Private Limited (d/b/a Zoven AI)
Last Updated: 20th March 2026
We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how Zoven (“we”, “us”, “our”) collects, uses, discloses, and secures information when you visit our website (zoven.ai) or use our services. It applies globally and is designed to comply with Indian law (the Digital Personal Data Protection Act, 2023), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
Zoven is an AI-native risk management platform for banks and fintechs. We help manage merchant onboarding, transaction monitoring, fraud detection, and compliance. In providing our platform, we handle personal and financial data securely and responsibly. This Privacy Policy describes the information we collect through our website and services, why we collect it, and your rights regarding that information.
Information We Collect
We collect information in several ways:
Information You Provide: When you sign up for an account, book a demo, or contact us, we collect personal data such as your name, email address, job title, company, and phone number. For example, to create your Zoven account we need your name and email. When you fill out a “Book Demo” form, we use your name, company, and email to schedule and prepare for the demo.
Account Credentials: If you create an account, we collect your chosen login credentials (username/email and password). We store credentials securely to enable your access to our platform.
Usage Data: We collect data about how you use our website and services. This includes log data (such as your IP address, browser type, pages visited, and referral source), device information, and analytics data. We use this to maintain and improve our services.
Cookies and Tracking: We use cookies and similar technologies to enhance your experience. We use strictly necessary cookies for the site’s core functions, analytics cookies (e.g. Google Analytics) to understand site usage, and marketing cookies (e.g. for LinkedIn or ad platforms) to provide relevant information. We obtain user consent where required by law and explain the purpose of each cookie. You can control cookies through your browser or our cookie banner.
Data from Third Parties: If you log in via a third-party service (e.g. LinkedIn) or engage with us on social media, we may receive information from those services. This could include publicly available profile information or other data you have permitted the service to share. We also use publicly available information to help provide our services.
Service Data: If you become a customer of our platform, you may provide us with data about your merchants, transactions, or customers (such as KYC information or financial records). We process this data on your behalf to deliver our services. This might include merchant names, addresses, transaction details, or other relevant data. You remain in control of this data.
How We Use Your Information
We use the collected information for the following purposes:
Provide and Improve Our Services: We use your data to set up and maintain your account and to deliver the Zoven platform. This includes enabling features, personalizing your experience, and fixing bugs. For example, we use your account information to allow secure login, and we use usage data to improve our user interface and functionality.
Communication: We use your contact details (email or phone) to communicate with you. This includes sending service-related notifications (like account confirmations), responding to your inquiries, and providing updates or newsletters (if you have opted in). You can opt out of marketing communications at any time via email or account settings.
Analytics and Security: We analyze website and service usage data to monitor performance, troubleshoot issues, and understand user behavior. We also use data to detect and prevent fraud or abuse. For instance, we monitor login attempts for suspicious activity and use encryption to protect data in transit and at rest.
Legal and Compliance: We process data to comply with legal obligations and protect our rights. This includes responding to lawful requests from authorities and enforcing our terms of use. We may also use data to comply with regulations (such as financial compliance for transactions) or to protect against legal claims.
We process personal data only for purposes that are necessary, lawful, and as described in this policy. We provide this notice in clear language and specify what categories of data we collect and why. For example, when we collect your email to create an account, we explain that it is for account access and communication.
Legal Bases for Processing
India (DPDP Act): We rely on your consent for processing personal data (e.g. when you sign up or submit a form) and on legitimate interests or contractual necessity for processing needed to operate our services. We ensure all processing is lawful and limited to the stated purpose.
EU (GDPR): For EU residents, we rely on lawful bases such as consent (when you agree to cookies or marketing communications), contract (processing necessary to provide our services to you), and legitimate interests (for security and analytics, balanced against your rights). For example, we may process data to protect against fraud or to enhance the service, which are legitimate interests.
California (CCPA/CPRA): Under California law, we collect and use personal information as described in this policy. We do not sell personal information. If we were to ever sell data, we would provide a clear opt-out choice as required by law. California consumers have specific rights (see the “Your Privacy Rights” section below).
Data Sharing and Disclosure
We do not sell your personal information. We may share your information as follows:
Service Providers: We use third-party vendors to perform certain services (like hosting, email delivery, analytics, payment processing). Examples include cloud hosting providers (e.g. AWS, Azure), email/SMS providers, and analytics services. These providers can access your data only as needed to perform their functions, and they are required to keep it secure.
Affiliates and Partners: We may share data with our subsidiaries or affiliates in order to provide the services. We require any such recipients to protect your data and use it only for the agreed purposes.
Business Transfers: If Zoven merges with or is acquired by another company, your information may be transferred to the new owner. We will notify users if there is a change of control of their personal data.
Legal Compliance: We may disclose personal data if required by law or legal process, or to protect the safety, rights, or property of Zoven or others. For example, we may release data to comply with court orders or regulations, or to prevent wrongdoing.
Wherever we transfer personal data, we ensure legal safeguards are in place. For example, transfers from the EU use standard contractual clauses or other approved mechanisms, and transfers from India comply with DPDP Act conditions. We keep data sharing strictly limited to what is necessary.
Cookies and Tracking Technologies
We use cookies and similar technologies on our site for various purposes:
Strictly Necessary Cookies: Essential for the website to function (e.g. session cookies for login). We do not require consent for these, but we inform you about their use.
Performance and Analytics Cookies: These collect anonymous data on how visitors use our site, helping us improve functionality. We only enable these after obtaining your consent.
Functional Cookies: These help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
Marketing Cookies: These track user behavior for advertising and remarketing purposes. They are only set with your consent, and we provide a way to opt out (through the cookie banner or browser settings).
We provide clear information about the cookies we use and their purposes. You can manage cookie preferences through our banner or your browser settings. We do not use cookies to identify you personally unless you have provided information (like logging in).
Data Retention
We retain personal data only as long as necessary for the purposes outlined above and as required by law. Specifically:
We keep account and contact information as long as your account is active or as needed to provide the service.
Usage logs and analytics may be retained for a defined period (e.g. 1–2 years) to help with security and service improvement.
If you request deletion of your data or close your account, we will delete or anonymize your personal data unless we need to retain it for legal reasons (e.g. financial records for tax compliance).
For business data (such as merchant or transaction data provided by clients), retention is governed by the contractual terms with that client and applicable laws (often multiple years).
After data is no longer needed, we securely delete or anonymize it. Under both Indian and global regulations, we avoid storing personal data longer than necessary.
Your Privacy Rights
Depending on your location, you have certain rights regarding your personal data:
India (DPDP Act): Indian users (Data Principals) have the right to access their personal data, correct or update inaccuracies, and request erasure when data is no longer needed. We provide a mechanism for grievance redressal. You can withdraw consent at any time, and we will cease processing except as required by law.
European Union (GDPR): EU residents have rights including access, correction, erasure (“right to be forgotten”), restriction of processing, data portability, and the right to object to certain processing. For example, you may ask for a copy of your data that we hold, or request deletion of your data if there is no legitimate reason for us to retain it. You can also object to marketing processing. We will respond to any such requests within the required timeframes.
California (CCPA/CPRA): California residents can request information about the categories of personal data we have collected, used, and shared about them. They can also request deletion of their personal information and opt out of any future sales (we do not sell data). We cannot discriminate against you for exercising these rights.
To exercise any rights, please contact us (see “Contact Us” below). We will verify your identity before responding. We also inform you about your rights in the notice we provide when collecting data.
Data Security
International Data Transfers
Our services are intended for businesses and adults. We do not knowingly collect personal information from children under the age of 18. If we discover that we have inadvertently collected data from a minor without parental consent, we will delete it immediately.
We may update this Privacy Policy from time to time (e.g. when laws change or we introduce new services). The revised policy will be posted on this page with an updated “Effective Date.” Significant changes will be communicated (for example, via email to registered users). We encourage you to review this policy periodically.
If you have questions or concerns about this policy or our data practices, please contact us:
Email: security@zoven.ai
Address: 3rd Floor, Workflo Ranka Junction, Old Madras Road, K R Puram Hobli, Bengaluru, Karnataka - 560016
For users in India, you may also lodge a complaint with the Data Protection Board of India if your grievance is not resolved internally. We are committed to addressing all privacy inquiries and concerns promptly.
Ready to Transform Your Risk Operations?
© 2026 Zoven. All rights reserved.
