Privacy Policy
Privacy Policy
ZORI, Inc. (“ZORI,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring transparency in how we collect, use, store, and share your data. This Privacy Policy explains how we handle personal and business information collected through our platform, including supplier documents, uploaded files, user interactions, and system-generated insights.
Information We Collect:
We collect data necessary to provide ZORI’s procurement intelligence and automation services. This includes:
1. User Account Information: Names, email addresses, organization details, authentication tokens (e.g., Google OAuth), and login credentials.
2. Uploaded Content: Contracts, invoices, RFPs, vendor responses, and any documents you upload or sync through integrations.
3. Usage Data: Interactions with ZORI features (e.g., chat, search, workflow triggers), device type, IP address, browser information, and session logs.
4. Google Workspace User Data: If you authorize Gmail access, ZORI will access only procurement-relevant messages or files. This includes email metadata and attachments that contain procurement documents such as quotes, contracts, invoices, or purchase orders. We do not access or process personal communications, non-relevant documents, or unrelated user content.
5. System of Record (SOR) Data: Structured procurement intelligence derived from uploaded or synced content, including vendor data, line items, terms, summaries, and clause-level compliance flags.
How We Use Your Information:
We use collected information to:
Provide and personalize ZORI’s features (e.g., document intelligence, memory search, negotiation workflows)
Improve system performance through non-identifiable feedback loops
Enable automation via user-triggered AI workflows
Provide support and troubleshoot product issues
Detect, prevent, and respond to misuse or abuse
Use of Google User Data
ZORI’s use and transfer of information received from Google APIs strictly adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
We only access Gmail data that is necessary to support procurement workflows explicitly triggered by the user
We NEVER use your Gmail data to develop, improve, or train generalized AI or ML models
We do not use your Gmail data for advertising, profiling, or marketing analytics
We never automatically send emails on a user’s behalf — all sending actions (e.g., forwarding a contract summary, replying to a vendor) must be explicitly initiated or confirmed by the user
For clarity, ZORI only accesses Gmail data after users explicitly grant permission via OAuth.
Data Security and Protection of Sensitive information
ZORI implements multiple layers of data protection, including:
Encryption of data in transit (TLS) and at rest (AES-256)
Access controls and audit logs to restrict data access internally to only essential personnel under strict confidentiality
Separation of personal, business, and system-generated data to isolate sensitive information
Role-based permissioning to ensure workspace-level control over shared access
Regular security reviews and penetration testing
Gmail data is stored in isolated environments with strict data retention and deletion controls. We do not log or retain message bodies or file contents beyond what is necessary for the explicitly requested service.
Data Retention and User Rights
At ZORI, our data retention and user rights are as follows
You can access, modify, or delete your personal data at any time.
You may revoke Gmail access through your Google Account or within the ZORI settings.
Upon request or account deletion, your account data and all uploaded content will be permanently deleted from our systems within 30 days.
You may also request deletion of specific synced files or associated metadata by contacting us at admin@zori.io.
Data Sharing and Disclosure
We do not sell your personal information or Gmail data.
We only share data in the following limited cases:
With your authorized team members or collaborators
With infrastructure partners and subprocessors under strict data protection agreements (e.g., hosting, OpenAI/Anthropic model access)
As required by law or valid legal process (e.g., subpoenas, court orders)
ZORI does not share Gmail data with any third party for unrelated use, analytics, or machine learning model development.
AI Models and Responsible Use
ZORI uses large language models (LLMs) to analyze and summarize procurement documents. Our AI is configured as follows:
Retrieval-Augmented Generation (RAG) that grounds model output in your uploaded documents or structured memory
Citation-first outputs to increase transparency and traceability
No model training is performed on your data
ZORI does not use any user-uploaded or Gmail data to train public or proprietary models
Model prompts and tuning are performed on ZORI-controlled infrastructure only and are designed to operate within the scope of user-initiated actions.
Children's Privacy
ZORI is not intended for use by individuals under 16. We do not knowingly collect or store personal data from children.
Changes to This Policy
We may update this privacy policy periodically. Material changes will be communicated through ZORI or via email.
Contact
For questions or requests related to your data or privacy rights, contact:
ZORI, Inc.
Email: admin@zori.io
Website: https://zori.io/privacy