Zaro
LEGAL

Privacy Policy

Last updated · May 28, 2026

1. Introduction

Work Nexus Limited (referred to as "Zaro", "we", "us" or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy (“Policy”) describes how we collect, use, disclose, and safeguard personal information when you use our website (https://www.zaro.ai/) (“Website”), the platform, including automated functionality, artificial intelligence features and related products and services (collectively, the "Services”).

By accessing or using our Services, you acknowledge that you have read and understood this Policy. If you do not agree with our practices, please do not use our Services. If you change your mind in the future, you must stop using the Services and you may exercise your rights as set out in this Policy.

Zaro is the controller of your personal information and is responsible for the processing described in this Policy, in accordance with applicable data protection laws.

For support, you can contact us at [email protected].

This Policy does not apply to personal information we process as a processor or service provider on behalf of our customers when providing services to them. For example, if your personal information is part of a database we manage or process for a customer, such customer will act as the controller and its privacy policy will govern the processing of your personal information.

2. Definitions

In this Policy:

“Prompt(s)” means text commands or other instructions, queries or textual cues you provide to the AI Agent (defined below). This includes data you provided to the AI Agent for the purpose of personalising, prompting, or customising the Services to a specific need or use-case.

“AI Agent” means Zaro's AI-driven virtual assistant solution that uses artificial intelligence to perform tasks, based on Prompts (defined above) for and on behalf of you.

“Output(s)” means any and all content, decisions, recommendations, interactions, actions and transactions generated or executed by the AI Agent in response to a Prompt.

3. Personal information we collect

We collect personal information from you in the following ways:

  • Contact information and communications: we may collect your email address, when you communicate with us. When you contact us, you also provide us with the content of your communications. When you engage with us as a customer representative, we may also collect your job position and company you are associated with.
  • Account: if you register or sign in to your account, we will collect your email address, company name, password and any other details you provide during sign-up.
  • Joining our waitlist: if you join our waitlist, we will collect your name, email address, job title, your company name and size.
  • Services: if you use our Services, we will collect the Prompts and inputs you provide in the course of receiving the Services, customisation preferences, configurations, Output generated through the Services, and feedback and support requests. This may include technical logs, performance data, and metadata associated with your use of the Services.
  • Prompts: when interacting with our Services we will collect information included in your Prompts such as instructions for tasks or any other information you input into our Services. This may include workspace content (such as files, documents, notes, memory entries, and other content you upload or create within your Zaro workspace). Where you choose to connect third-party services, we may also access and process personal information made available through those connected services to provide and support the functionality of the Services.
  • Marketing information: we collect information about your marketing preferences, such as your preferences for receiving communications via email, phone or social media.
  • Careers: we may collect personal information from you when you enquire or apply for a vacancy with us, such as your name, contact details, curriculum vitae (including qualifications, previous employment history and professional activities), and results of background checks (such as references, qualifications, and to the extent permitted by law, criminal background checks (unspent convictions)).
  • Business: if you engage with us as a customer, supplier, partner, or other business contact, we may collect your business contact details, role, organisation, and information relating to our interactions and transactions with you.

You should not include personal information in Prompts, inputs, or uploaded data unless it is strictly necessary and you are authorised to do so under applicable law. Where personal information is included in the Services by a customer, Zaro will act as a processor on behalf of that customer in relation to such personal information.

Automatic data collection

We and our service providers may automatically log information about you, your computer, or mobile device, and our communications with you, including through the use of cookies and other similar technologies. This information includes:

  • Device Information: the browser type and version, manufacturer and model, operating system, IP address, and unique identifiers of the device, as well as the browser you use to access the Services. The information we collect may vary based on your device type and settings. We may also derive a rough estimate of your geolocation from your IP address when you visit the Website.
  • Usage Information: information about how you engage with our Website and Services, such as timing, frequency and patterns of usage, features and functionalities accessed, session duration and navigation paths, the types of content that you view or actions you take, and performance and error data.

For more information on our use of cookies, please see our Cookie Policy.

Personal information we obtain from third parties

Social media platforms. We maintain pages on social media platforms, such as Facebook, LinkedIn, X (Twitter). You or the platform providers may provide us with information through the social media platform, and we will treat such information in accordance with this Policy.

4. How we use your personal information

We will use your personal information for one or more of the purposes set out below.

  • To operate and deliver our Services. We will use your personal information where it is necessary for the performance of our contract with you, when it is in our legitimate business interests, or based on your consent, including to:
    • Provide, operate, maintain, and secure our Services;
    • Provide support assistance and troubleshooting;
    • Send you updates about administrative matters such as changes to our terms or policies;
    • Provide user support, and respond to your requests, questions and feedback;
    • Allow you to use our AI Agent by processing Prompts, inputs, and related data to generate Outputs, optimise solutions, and provide results through the Services.
  • To improve, monitor, personalise, and protect our Services. It is in our legitimate business interests to improve and keep our Services safe, which includes:
    • Enriching your user experience and customising your experience with us;
    • Analysing usage patterns and conducting research and development to help us understand how people use our Services;
    • Creating or using aggregated data to support research and insights that help us provide better offerings as part of our Services;
    • Protecting the security of our Services; and
    • Preventing and detecting security threats, fraud or other criminal or malicious activities.
  • To comply with legal obligations and to defend Zaro against legal claims or disputes. We may use your personal information to comply with our legal obligations or when it is in our legitimate business interests, which includes to:
    • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
    • Protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims);
    • Audit our compliance with legal and contractual requirements and internal policies; and
    • Protect the security of and manage access to our premises and prevent, identify, investigate and deter fraudulent, harmful, unauthorised, unethical or illegal activity, including cyberattacks and identity theft.
  • Training our algorithms. It is in our legitimate business interest to use personal data to develop, analyse and improve the Services including by training our models and algorithms. As part of these activities, we may create or use aggregated, de-identified or other anonymised data from personal data we collect. We may anonymise data by removing information that makes the data personally identifiable to you. We may use this anonymised data and share it with third parties for our lawful business purposes, including to analyse and improve the Services and promote our business.
  • Content moderation and monitoring. We may use personal information to monitor and review Prompts, inputs and Outputs to prevent misuse of the Services, including to detect, investigate and address unlawful, harmful or unauthorised activity.
  • For marketing and advertising. We and our advertising partners may use your personal information for marketing and advertising purposes, including to send you direct marketing communications as permitted by law.
  • Job application processing. When you apply for a job with us, we use your personal data in our legitimate interest to facilitate our recruitment activities, process employment applications and personalise candidate communication, including evaluating candidates and monitoring recruitment statistics. We also use successful applicants' information to take steps to enter into an employment contract and to administer the employment relationship.
  • To facilitate corporate acquisitions, mergers or transactions. We may use your personal information, when it is in our legitimate business interests, when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.

5. AI Processing and Automated Decision Making

Our platform uses artificial intelligence systems, which may include third-party models and internally developed systems, to generate Outputs based on user inputs and configurations. The Services are designed to operate on technical, operational, or non-personal datasets. Where personal information is processed through such artificial intelligence systems, such processing is carried out in accordance with this Policy and applicable data protection laws.

Unless expressly agreed in writing, we do not use personal information contained in Prompts or Outputs to train or fine-tune our artificial intelligence systems. We may, however, use aggregated, de-identified or anonymised data, and limited operational data (such as logs or usage data), to develop, maintain and improve the Services. We maintain human oversight over our artificial intelligence systems. Customers remain responsible for evaluating Outputs before relying on them.

6. How we share your personal information

We may share your personal information with the following third parties:

  • Service Providers: to assist us in meeting business operational needs and to perform certain services and functions, we may share personal information with our vendors and service providers, including providers of artificial intelligence systems and infrastructure, hosting services, cloud services, and other information technology services providers. Pursuant to our instructions, these parties will access, process, or store personal information in the course of performing their duties for us.
  • Professional Advisors: we may share personal information with our professional advisors such as lawyers and accountants where doing so is necessary to facilitate the services they render to us.
  • Legal Requirements: we do not volunteer your personal information to government authorities or regulators, but we may disclose your personal information where required to do so to comply with laws and regulations applicable to us as described above.
  • Business Transaction: if Zaro is involved in a merger, acquisition or asset sale, financing due diligence, reorganisation, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal information may be sold, transferred, or otherwise shared including as part of any due diligence process.

We do not sell, rent or trade your personal information to third parties.

7. How we keep your personal information secure

We use reasonable organisational, technical and administrative measures designed to protect against unauthorised access, misuse, loss, disclosure, alteration, and destruction of personal information we process. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee its security.

8. Where we store your personal information

Zaro is based in the United Kingdom and therefore your personal information will be stored here. We may share your personal information with third parties who may be based outside the United Kingdom. If personal information is transferred outside the United Kingdom or the European Economic Area, we will ensure that relevant safeguards are in place to afford adequate protection for your personal information (for example, relying on appropriate safeguards such as the EU Standard Contractual Clauses approved by the European Commission or UK International Data Transfer Agreement). For more information about how we transfer personal information internationally, please contact us as set out in the “Contact us” section below.

9. How long we keep your personal information

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention procedures, and in accordance with applicable laws.

To determine the appropriate retention period for your personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we use your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

10. Your Rights

Depending on where you are based, and as provided under applicable law and subject to any limitations in such law, you may have the following rights:

  • Right of Access: request a copy of the personal information we hold about you;
  • Right to Rectification: request correction of incomplete or inaccurate data we hold about you;
  • Right to Erasure: ask us to erase the personal information we hold about you in certain circumstances;
  • Right to Restriction of Processing: ask us to restrict our handling of your personal information;
  • Right to Data Portability: receive any personal information we hold about you in a structured and commonly used machine-readable format or have such personal information transmitted to another company;
  • Right to Object: object to how we are using your personal information, including for direct marketing purposes;
  • Right to Withdraw Consent: withdraw your consent to us handling your personal information at any time (without affecting the lawfulness of prior processing); and
  • Right to Lodge a Complaint: file a complaint with your local data protection authority.

Requests can be made to [email protected].

Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity. In addition, we may have valid legal reasons to refuse your request, and will inform you if that is the case. For more information on your rights, please contact us using the details in the “Contact us” section below.

You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in any marketing communication we send you.

11. Links to other websites

Our Services may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Changes and updates to this Policy

We will update this Policy from time to time. Please review this Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page.

If we make material changes, we will let you know.

13. Children

Our Service are designed for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under the age of 18. If you are a parent or guardian and believe that your child is using our Website or Services, please contact us. Before we remove any information we may ask for proof of identification to prevent malicious removal of account information. If we discover that an individual under the age of 18 is accessing our Website or Services, we will delete their information within a reasonable period of time. You acknowledge that we do not verify the age of our users nor have any liability to do so.

14. Complaints

If you wish to lodge a complaint about how we process your personal information, please contact us at [email protected]. We will endeavour to respond to your complaint as soon as possible. If you are based in certain jurisdictions, you may also lodge a complaint with a supervisory authority, including in your country of residence.

15. Contact us

If you have any questions about this Policy, you can contact us at [email protected].