Privacy

Privacy Policy

Clear public information for customers, buyers, and operators reviewing the platform.

Page content

Effective date: July 10, 2026
Last updated: July 10, 2026

This Privacy Policy explains how Alzaro AI ("Alzaro", "we", "us", or "our") collects, uses, shares, and protects information in connection with the websites, applications, and services available at https://alzaro.ai and its subdomains (collectively, the "Service"). It also explains the choices and rights you have regarding your information.

By creating an account, using the Service, or submitting information through pages hosted on the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Service.

1. Who we are and our two roles

Alzaro is an AI-powered growth platform for local businesses. It provides business health assessments and growth reports, AI-assisted websites and microsites, booking pages, review and feedback collection, lead capture, content publishing, SEO and AI-search visibility tools, and an AI assistant.

We handle personal information in two distinct roles:

  • As a data controller — for information about our own users and visitors (for example, your account details, billing records, and how you use the Service). This Privacy Policy applies fully to this information.
  • As a data processor / service provider — for information that our business customers collect from their customers through pages hosted on the Service (for example, a booking request, review, or contact form submitted on a business's microsite). We process this information on behalf of, and under the instructions of, the business concerned. The business is the controller of that data, and its own privacy practices apply in addition to the safeguards described here. If you submitted information to a business through a page hosted by us, please direct privacy requests to that business first; we will assist them in fulfilling your request.

2. Information we collect

2.1 Information you provide to us

  • Account information: name, username, email address, password (stored in hashed form), preferred language, and optional profile details.
  • Business information: details about the businesses you manage on the platform, such as business name, address, phone number, opening hours, categories, service descriptions, brand assets, and brand voice materials.
  • Content you create or upload: website and microsite content, blog posts, published articles, images and files, questionnaire and assessment answers, notes, and other materials you store on the Service.
  • AI interaction data: prompts, questions, and content you submit to AI-powered features (such as the AI assistant, content generators, and report builders), and the outputs generated for you.
  • Payment and billing information: subscription plan, orders, invoices, and transaction records. Card and payment credentials are collected and processed directly by our third-party payment processors; we do not store full card numbers.
  • Communications: support tickets, feedback, survey responses, and any other messages you send us.

2.2 Information collected through hosted pages (on behalf of businesses)

When end customers interact with public pages operated by our business users — such as microsites, booking pages, review and feedback forms, and lead capture forms — we collect the information those forms request on behalf of the business, typically: name, contact details (email, phone), appointment details, review or feedback content and ratings, and any message the end customer chooses to submit.

Hosted public pages and QR codes may also record basic visit analytics for the business — such as IP address, device and browser type, and approximate (city-level) location — to help the business understand how its pages are performing.

2.3 Information collected automatically

  • Usage and log data: IP address, browser type and version, device and operating system information, referring pages, pages viewed, actions taken, and timestamps.
  • Cookies and similar technologies: we use cookies that are necessary for the Service to function (session and authentication cookies, security/CSRF tokens, language preference) and, where enabled, analytics cookies. See Section 8 for details.

2.4 Information from third parties

  • Social sign-in: if you sign in with Google, Facebook, or X, we receive basic profile information from that provider (such as your name, email address, and avatar) as permitted by your settings with that provider.
  • Connected services: if you connect third-party accounts (for example Google Search Console, Google Analytics, or social media accounts for content publishing), we receive the data those services make available under the permissions you grant, such as site performance statistics or publishing permissions. Access tokens are stored encrypted, and you can disconnect a service at any time from your settings.

2.5 Google user data (Limited Use disclosure)

Where you connect a Google account (for example, Google sign-in, Google Search Console, or Google Analytics), Alzaro's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve the user-facing features you request (such as displaying your site's search performance), we do not transfer it to third parties except as necessary to provide those features, comply with the law, or as part of a merger or acquisition with notice to you, we do not use it for advertising, and we do not allow humans to read it except with your consent, for security purposes, to comply with the law, or where the data has been aggregated and anonymized.

3. How we use information

  • To provide, operate, maintain, and secure the Service, including hosting your sites and pages, processing bookings, collecting reviews and leads, and generating reports.
  • To power AI features: content you submit to AI features is sent to our AI model providers (see Section 5) to generate the requested output, such as reports, website copy, blog drafts, or assistant answers.
  • To process payments, manage subscriptions and usage credits, and send transactional messages (such as receipts, booking confirmations, and security notices).
  • To provide customer support and respond to your requests.
  • To understand how the Service is used and to improve features, performance, and user experience.
  • To detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Use.
  • To comply with legal obligations and enforce our legal rights.
  • With your consent or at your direction, for other purposes explained at the time of collection.

We do not sell your personal information, and we do not use the content you store on the Service to train our own or third parties' AI models.

4. Legal bases (EEA/UK and similar jurisdictions)

Where applicable data protection law requires a legal basis, we rely on: (a) performance of a contract — to provide the Service you signed up for; (b) legitimate interests — to secure and improve the Service and to communicate with you about it, balanced against your rights; (c) consent — where required, for example for optional cookies or marketing messages, which you can withdraw at any time; and (d) legal obligation — for example, retaining billing records for tax purposes.

5. How we share information

We share personal information only as described below, and never sell it:

  • Service providers (sub-processors): hosting and infrastructure providers; payment processors (such as Stripe, PayPal, or regional payment providers, depending on the payment method you choose — they receive the data needed to complete your transaction under their own privacy policies); email delivery providers; and AI model providers (such as OpenAI, Anthropic, or Google, used to generate reports, content, and assistant responses). These providers process data only to provide services to us and are bound by contractual confidentiality and data protection obligations. We rely on AI providers' commitments not to use API-submitted content to train their models where such commitments are offered.
  • Third-party platforms you connect: when you use publishing or integration features, we transmit the content and data you choose to publish to the platforms you have connected (for example Facebook, Instagram, LinkedIn, X, Pinterest, Telegram, Discord, Mastodon, or Bluesky, and search/indexing services such as IndexNow). Their terms and privacy policies govern the data once received by them.
  • Businesses you interact with: if you submit information through a business's hosted page (booking, review, lead, or feedback form), that information is shared with the business concerned.
  • Team members: if you join a team workspace, information such as your name, email, and activity within that workspace is visible to other members according to their roles.
  • Legal and safety: when required by law, regulation, legal process, or governmental request, or when necessary to protect the rights, property, or safety of Alzaro, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, in which case we will continue to protect personal information as described in this Policy and notify you of any material changes.

6. International data transfers

We and our service providers may process information in countries other than the one in which you live. Where personal information is transferred across borders from jurisdictions that restrict such transfers, we implement appropriate safeguards, such as standard contractual clauses or equivalent mechanisms, and require our providers to protect the data to comparable standards.

7. Data retention

  • Account data: retained while your account is active and for a reasonable period afterwards to comply with legal obligations, resolve disputes, and enforce agreements.
  • Content and business data: retained until you delete it or your account is deleted, subject to backup cycles.
  • End-customer data collected for businesses: retained according to the controlling business's settings and instructions.
  • Billing records: retained as required by tax and accounting laws.
  • Log data: retained for a limited period for security and diagnostics, then deleted or anonymized.

When retention is no longer necessary, we delete or de-identify the data.

8. Cookies

We use the following categories of cookies and similar technologies:

  • Strictly necessary: session and authentication cookies, security tokens (e.g. CSRF protection), and load-balancing — required for the Service to work and not subject to consent.
  • Preferences: your language selection and interface preferences. Your cookie-consent choice is stored locally in your browser (local storage).
  • Analytics (where enabled): we may use Google Analytics to collect aggregate statistics about usage of our public pages (Google Analytics sets its own cookies, such as _ga). Where required by law, these are set only with your consent, which you can withdraw at any time.

You can control cookies through your browser settings; disabling necessary cookies may prevent parts of the Service from functioning.

9. Security

We apply administrative, technical, and organizational measures appropriate to the risk, including encryption of data in transit (HTTPS/TLS), hashed passwords, encrypted storage of third-party access tokens, role-based access controls, tenant isolation between workspaces, and logging and monitoring. No method of transmission or storage is completely secure; we cannot guarantee absolute security, but we review and improve our safeguards on an ongoing basis and will notify you and the relevant authorities of data breaches where required by law.

10. Your rights and choices

Depending on where you live, you may have some or all of the following rights regarding your personal information:

  • Access and portability — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information. Most account and business details can be edited directly in your settings.
  • Deletion — delete your account at any time from your account settings, which removes your personal data except where retention is legally required. You may also request deletion by contacting us.
  • Objection and restriction — object to or ask us to restrict certain processing.
  • Consent withdrawal — withdraw consent at any time where processing is based on consent, without affecting prior processing.
  • Marketing opt-out — unsubscribe from marketing emails via the link in each message; transactional messages will still be sent.
  • Complaint — lodge a complaint with your local data protection authority.

To exercise any right, use your account settings or contact us at [email protected]. We will verify your request and respond within the timeframe required by applicable law. We will not discriminate against you for exercising your rights.

11. Regional provisions

  • European Economic Area / United Kingdom (GDPR/UK GDPR): the rights in Section 10 apply, together with the legal bases in Section 4 and the transfer safeguards in Section 6.
  • California (CCPA/CPRA): we do not sell or share personal information for cross-context behavioral advertising. You have the rights to know, access, correct, delete, and limit use of sensitive personal information, and the right to non-discrimination.
  • China (PIPL): we process personal information for the purposes stated in this Policy with your consent or another lawful basis, and provide the rights of access, copy, correction, deletion, and account cancellation described above. For cross-border provision of personal information we follow applicable PIPL requirements.
  • South Korea (PIPA) and Vietnam (PDPD): equivalent rights of access, correction, deletion, and consent withdrawal apply as provided by local law.

12. Children's privacy

The Service is intended for business use and is not directed to children under 16 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it promptly.

13. Third-party links and services

The Service may contain links to third-party websites and may allow you to connect third-party services. We are not responsible for the privacy practices of third parties; we encourage you to review their privacy policies before providing them information.

14. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice on the Service before the changes take effect. The "Last updated" date at the top indicates the latest revision. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

15. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us: