Privacy Policy
1. Introduction
At Zylior, protecting your personal data is a priority. This privacy policy describes how we collect, use, share, and protect the personal data of users of our growth management platform (hereinafter "the Service"), in accordance with Regulation (EU) 2016/679 of April 27, 2016 ("GDPR") and the amended French Data Protection Act ("Informatique et Libertés").
It applies to anyone who visits our website, creates an account, uses the Service, or interacts with us. By using Zylior, you acknowledge that you have read this policy. We invite you to read it carefully and to review it regularly, with its latest update indicated at the bottom of the page.
2. Data controller
The controller of the data collected through the Service is the company that publishes Zylior (hereinafter "Zylior", "we"), reachable at the following contact details:
- Service: Zylior
- Website: zylior.com
- Email address: hello@zylior.com
- Data Protection Officer (DPO): hello@zylior.com (subject: "DPO")
For the data you yourself enter into Zylior regarding your own prospects, customers, or contacts, Zylior acts as a processor within the meaning of the GDPR: you remain the controller of that data, within the framework of the data processing agreement (DPA) that supplements our Terms and Conditions.
3. Data we collect
We collect only the data necessary for the proper functioning of the Service and the business relationship. Depending on your use, this includes:
3.1 Account and identification data
- Last name, first name, job title;
- Business email address, phone number;
- Company name, industry, size;
- Login credentials (encrypted password, authentication tokens).
3.2 Billing data
- Legal name, billing address, intra-Community VAT number;
- History of subscriptions, invoices, and payments (card data is processed directly by our payment provider and is never stored by Zylior).
3.3 Usage and technical data
- Pages viewed, features used, actions performed within the application;
- IP address, browser type, operating system, device identifiers;
- Connection logs, timestamps, performance and diagnostic data.
3.4 Data you import into the Service
- Content, campaigns, leads, contacts, meetings, and data of your own customers/prospects that you connect or import (CRM, ad networks, calendars, etc.);
- Information shared during exchanges with our support team or our team.
We do not knowingly collect so-called "sensitive" data (origin, opinions, health, etc.). We ask you not to include any in the Service.
4. Purposes and legal bases
Each processing operation relies on a specific legal basis within the meaning of Article 6 of the GDPR:
| Purpose | Legal basis |
|---|---|
| Creating and managing your account, providing the Service | Performance of the contract |
| Billing, collection, and accounting obligations | Legal obligation / Performance of the contract |
| Customer support and responding to your requests | Performance of the contract / Legitimate interest |
| Improvement and security of the Service | Legitimate interest |
| Tracking pixel: visitor profile, intent score and outreach | Consent |
| Sending product information and marketing communications | Legitimate interest / Consent |
| Processing your contacts' data through the Service | Processing on your behalf |
| Non-essential cookies and analytics/advertising trackers | Consent |
| Fraud prevention and compliance with legal obligations | Legal obligation / Legitimate interest |
Where processing relies on your consent, you may withdraw it at any time, without affecting the lawfulness of prior processing.
5. Recipients and processors
Your data is never sold. It is accessible only to authorized Zylior personnel and to carefully selected processors, acting on our instructions and bound by confidentiality and security obligations. These providers are involved in particular for:
- Hosting and cloud infrastructure;
- Payment processing and billing;
- Sending transactional emails and communications;
- Customer assistance and support;
- Audience measurement and usage analytics;
- The artificial intelligence model providers used for the Service's features.
Each processor is governed by a contract compliant with Article 28 of the GDPR. We may also disclose data where the law requires it (judicial or administrative authority) or to protect our rights and the security of the Service.
6. Transfers outside the European Union
We prioritize hosting and processing data within the European Union. Where a transfer to a third country is necessary (for example via certain technical providers or AI vendors), we ensure that it benefits from appropriate safeguards:
- An adequacy decision by the European Commission; or
- Standard contractual clauses (SCCs) adopted by the European Commission; or
- Recognized certification mechanisms, supplemented where appropriate by additional measures.
You can contact us at hello@zylior.com to obtain a copy or details of the safeguards in place.
7. Retention periods
We retain your data only for as long as necessary for the purposes pursued, after which we delete or anonymize it:
| Data category | Retention period |
|---|---|
| Account data and Service content | For the entire duration of the subscription |
| Data after account closure | Deletion or anonymization within 90 days (unless a legal obligation applies) |
| Billing and accounting data | 10 years (legal obligations) |
| Prospects and marketing data | 3 years from the last contact |
| Connection and security logs | Up to 12 months |
| Cookies and trackers | 13 months maximum |
8. Your rights
In accordance with the GDPR, you have the following rights over your personal data:
- Right of access: obtain confirmation that your data is being processed and receive a copy of it;
- Right to rectification: have inaccurate or incomplete data corrected;
- Right to erasure: request the deletion of your data in the cases provided for by law;
- Right to restriction: request the temporary freezing of a processing operation;
- Right to portability: receive your data in a structured, commonly used, and machine-readable format, or have it transferred to a third party;
- Right to object: object to processing based on legitimate interest or to direct marketing;
- Right to withdraw your consent at any time where it is the basis of the processing;
- Right to set directives regarding the fate of your data after your death.
To exercise these rights, write to us at hello@zylior.com. We may ask you for proof of identity, and we will respond within one month. If you believe your rights are not being respected, you may lodge a complaint with the French Data Protection Authority (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr.
9. Cookies and trackers
Our website and application use cookies and similar technologies to function, measure audience, and improve your experience. We distinguish between:
- Strictly necessary cookies: essential to the operation of the Service (authentication, security, preferences). They do not require your consent;
- Audience measurement cookies: to understand usage and improve the product;
- Marketing and advertising cookies: to measure our campaigns and offer you relevant content.
First-party tracking pixel
With your consent (“Accept all” banner), our pixel stores a random identifier (zy_vid, localStorage) and collects: pages viewed, sessions, scroll depth, time on site, pricing-page visits, and your email address if you provide it (signup, form). Purpose: build a visitor profile in our CRM, compute a purchase-intent score for our outreach, and link that profile to your account at signup. Sites covered: zylior.com, plus quant-api.dev and inkkore.com (sites operated by the same publisher). Anonymous profiles are deleted after 13 months of inactivity. You can withdraw consent at any time via the “Cookies” link in the footer (the identifier is then removed) or request deletion of the profile at hello@zylior.com.
Non-essential cookies are only placed after your consent, collected via our dedicated banner. You can change your choices at any time from the preference manager or your browser settings. Refusing certain cookies may limit access to some features.
10. Data security
We implement appropriate technical and organizational measures to protect your data against any unauthorized access, loss, alteration, or disclosure, in particular:
- Encryption of data in transit (TLS) and at rest;
- Access control, strong authentication, and permission management;
- Hosting with certified providers (ISO 27001, SOC 2, or equivalent);
- Regular backups, logging, and security monitoring;
- Staff awareness training and an incident management policy.
In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the CNIL and, where applicable, the individuals concerned, under the conditions provided for by the GDPR.
11. Data and artificial intelligence
Zylior relies on artificial intelligence models to generate content, qualify leads, and automate actions. The data you provide for these features is processed for the sole purpose of delivering the requested service. We select AI vendors that do not use your data to train their models without an appropriate legal basis, and we govern these processing operations contractually.
12. Minors
The Service is intended exclusively for professional use by adults. We do not knowingly collect data concerning minors. If you believe a minor has provided us with data, contact us so that we can delete it.
13. Changes to the policy
We may update this privacy policy to reflect legal, technical, or organizational changes. Any substantial change will be notified to you by email or through the Service. The applicable version is the one published on this page, the date of last update of which appears below.
14. Contact
For any question regarding this policy or the protection of your data, or to exercise your rights, contact our Data Protection Officer:
- Email: hello@zylior.com (subject: "Privacy" or "DPO")
- Website: zylior.com
Last updated: June 2026.