Privacy Notice
Last updated: 2026-03-14
1. Who we are
PyZoo Solutions Limited
Product: DeepConcierge
General contact: support@pyzoosolutions.cloud
Privacy contact: privacy@pyzoosolutions.cloud
2. Scope of this notice
This notice applies to DeepConcierge websites, pilot engagements, and SaaS/service operations where PyZoo Solutions Limited processes personal data. Some processing may take place directly for our own business purposes, and some may take place on behalf of customer organizations using the service.
3. Controller vs processor role
DeepConcierge does not always act in the same legal role for every processing activity.
- For our own business operations — such as website inquiries, direct sales conversations, billing, supplier management, security operations, and legal/compliance records — PyZoo Solutions Limited generally acts as a controller.
- For customer workspace/service data — such as operational requests, member/staff workflows, meeting-assist outputs, and related workspace records processed for a customer organization — we generally act as a processor on that customer’s instructions, unless otherwise expressly agreed.
Where we act as a processor, the relevant customer organization is typically responsible for the primary relationship with data subjects and for deciding the purposes of processing.
4. Categories of data we may process
- Contact and identity data — name, email address, organization, role, contact history.
- Account and workspace data — user roles, permissions, organization settings, service configuration, workspace metadata.
- Operational workflow data — tickets, requests, assignments, handoffs, task history, notes, action traces.
- Meeting and knowledge data — meeting transcripts, summaries, action items, protocol drafts, knowledge-base retrieval interactions, document references.
- Technical and security data — IP address, browser/device data, timestamps, authentication events, audit and security logs.
- Support and commercial data — support requests, pilot inquiries, commercial communications, contract/account administration records.
DeepConcierge is not intended by default for special-category or otherwise highly sensitive personal data unless this is explicitly scoped, reviewed, and subject to additional safeguards.
5. Why we process personal data
- to respond to inquiries and discuss pilots or services;
- to provide, operate, secure, and support the DeepConcierge service;
- to manage user accounts, permissions, and customer workspaces;
- to run operational workflows such as request handling, coordination, knowledge retrieval, and meeting assistance;
- to maintain service reliability, abuse prevention, logging, and incident response;
- to comply with legal, contractual, security, and governance obligations;
- to improve the quality, safety, and operational performance of the service, subject to appropriate controls.
6. Legal bases (EU GDPR and UK GDPR)
Depending on the context, we rely on one or more lawful bases, including:
- Contract — where processing is necessary to take steps before entering into a contract or to provide contracted services.
- Legitimate interests — for example, to protect the security of our systems, prevent misuse, administer our operations, and improve service reliability, provided those interests are not overridden by rights and freedoms of individuals.
- Consent — where consent is legally required, such as for specific optional communications or non-essential tracking technologies, if used.
- Legal obligation — where we must retain or disclose information to meet legal or regulatory duties.
Where DeepConcierge acts as a processor, the relevant customer/controller is generally responsible for determining the lawful basis for the processing carried out in their workspace.
7. Recipients and subprocessors
We may use carefully selected service providers for hosting, email delivery, infrastructure, security, observability, support tooling, and other operational components. Where these providers process personal data on our behalf, we require appropriate contractual and governance controls. A more detailed subprocessor list may be provided in customer documentation or contractual materials where applicable.
8. International transfers
Where personal data is transferred outside the UK, EEA, or other applicable jurisdictions, we aim to use appropriate safeguards such as contractual transfer mechanisms and supplementary technical or organizational measures where required.
9. Retention
We retain personal data only for as long as necessary for the relevant purpose, contract, legal obligation, security need, or legitimate operational requirement, and then delete or anonymize it where appropriate.
Retention periods may vary depending on the type of data, the customer relationship, legal requirements, backup cycles, and the operational context. More specific retention terms may be defined in customer contracts, workspace settings, or service documentation.
10. Your rights
Depending on the applicable law and the context of the processing, individuals may have rights such as:
- access;
- correction;
- deletion/erasure;
- restriction of processing;
- objection to processing;
- data portability; and
- withdrawal of consent where consent is the legal basis.
If your request relates to a customer organization’s use of DeepConcierge, we may need to direct you to that organization or coordinate with them, because they may be the controller for that processing.
11. Security and governance approach
We aim to apply technical and organizational measures proportionate to the risks involved. Depending on the deployment and use case, this may include role-based access controls, logging and audit trails, controlled approval paths for sensitive actions, vendor due diligence, data minimization, retention/deletion rules, and incident response procedures.
We do not intend this notice to overstate our compliance maturity or to claim controls that are not implemented in the relevant environment.
12. Cookies and analytics
If we use cookies or analytics that require consent under applicable law, we will provide appropriate notice and consent handling. If no such technologies are active, this section should be read as a forward-looking policy statement rather than a claim that all such tools are currently in use.
13. Complaints and contact
For privacy questions or requests, contact privacy@pyzoosolutions.cloud.
If you are in the UK, EU, or EEA and believe your data has been handled unlawfully, you may also have the right to lodge a complaint with your local supervisory authority.
14. Updates to this notice
We may update this notice from time to time. The latest version will be published on this page with the updated date.
Important: this privacy notice is a stronger operational baseline, not a substitute for legal advice. Customer-specific deployments, pilot scopes, subprocessors, transfer mechanisms, and contractual terms may require additional disclosures or legal review before production reliance.