§ LEGAL
Privacy Policy
Last updated: 7 May 2026
Who we are.
ZxAI, LLC is a Texas limited liability company operated from Dallas / Fort Worth, United States. We install AI staff into the systems that founder-led services firms already use. This policy explains what data we collect when you visit zxai.ai or submit a Bottleneck Audit, how we use it, and how to exercise your rights. Contact us at hello@zxai.ai for any privacy question. In this policy, "ZxAI," "we," "us," and "our" all refer to ZxAI, LLC.
What we collect.
- Audit submissions. When you complete the Bottleneck Audit form, we collect your name, work email, business category, team size, what you sell, who you sell to, your optional website URL, and your answers to the audit questions. We also collect a hash of your IP address and your user agent string for abuse prevention.
- Cookies and analytics. We use Google Tag Manager (and any tags configured inside it, such as Google Analytics or Google Ads) to understand site usage. We use Meta Pixel to measure ad performance. These services place cookies in your browser and collect IP address, browser, device, pages visited, and referring URL. They only run after you accept non-essential cookies in our banner. See the Cookie Policy for the full list and your choices.
- Communications. If you email us, we keep the message and your email address so we can reply.
We do not knowingly collect financial account numbers, government IDs, health data, or other special-category personal data through the site. Please do not paste those into the audit form.
How we use it.
- Run your audit and send back your written report.
- Reply to questions you send us.
- Improve the website and the audit framework.
- Measure marketing performance and decide where to invest.
- Comply with law and enforce our agreements.
We do not sell your personal information for money. We do not use your audit answers to train third-party AI models. We do not buy enrichment data about you from data brokers.
Lawful bases (EU and UK visitors).
If you are in the EU, EEA, or UK, our lawful bases under the GDPR and UK GDPR are:
- Consent for analytics and advertising cookies and for marketing emails. You can withdraw consent at any time without affecting prior processing.
- Legitimate interests for responding to your inquiry, operating the site, and basic server logs.
- Contract when we are preparing or performing services for you.
- Legal obligation when applicable.
Where the data lives.
We share personal data only with the service providers we use to operate the site and respond to you. Today that list is:
| Recipient | Purpose | Data received |
|---|---|---|
| Cloudflare, Inc. | Hosting, DNS, edge compute, the D1 database that stores audit submissions, security logging | IP, request metadata, security signals, audit submissions |
| Resend | Transactional email delivery | Email address, message body |
| Google LLC | Tag Manager and any analytics or ads tags loaded inside it (only after consent) | IP, page URL, referrer, user agent, cookies set by tags loaded inside GTM |
| Meta Platforms, Inc. | Meta Pixel for ad measurement and audience matching (only after consent) | IP, page URL, browser, page events, Meta cookie identifiers |
| Calendly | Optional walkthrough booking. If you choose to book, Calendly collects your booking details under their privacy policy. | Name, email, scheduling preferences |
We may add or change service providers as the business evolves. We will update this list before any new vendor receives personal data from the site.
Retention.
- Audit submissions: up to 24 months after submission, unless you become a client. Then for the life of the engagement plus 6 years for legal and tax purposes.
- Email correspondence: up to 6 years.
- Server logs and analytics: up to 14 months.
- Backups: rotated out within 90 days of the underlying record being deleted.
You can ask us to delete sooner. See "Your rights" below.
Your rights.
U.S. residents (CA, TX, CO, CT, UT, VA, and other states with similar laws). Depending on where you live, you may have the right to know what personal information we hold about you and request a copy, request correction or deletion, opt out of "sale" or "sharing" for cross-context behavioral advertising, limit the use of sensitive personal information (we do not collect any through the site), and not be discriminated against for exercising your rights.
EU, UK, and EEA residents. You have the rights to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent where consent is the lawful basis. You can lodge a complaint with your local supervisory authority if you believe we are mishandling your data.
To exercise any of these rights, email hello@zxai.ai with the subject line "Privacy Request" and tell us which right you want to exercise. We will respond within 45 days. We may need to verify your identity by matching information you provide against the information we already hold.
Do Not Sell or Share.
ZxAI does not sell personal information for money. We do disclose limited identifiers to Meta for ad measurement and audience matching, which California law treats as "sharing." To opt out:
- Reject non-essential cookies in our banner, or click at any time.
- Send a Global Privacy Control signal from your browser. We treat GPC as a valid opt-out and do not load advertising trackers when it is active.
- Email hello@zxai.ai with the subject "Do Not Sell or Share."
International transfers.
ZxAI is based in the United States. If you contact us from outside the U.S., your data is transferred to and processed in the U.S. and other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses (and the UK Addendum) plus appropriate supplementary measures to protect personal data leaving the EEA or UK.
Security.
We use reasonable administrative, technical, and physical safeguards to protect personal data, including TLS in transit, access controls on stored data, and minimal collection (we ask only what we need). No method of transmission or storage is perfectly secure. If we ever learn of a breach affecting your personal data, we will notify you and any required regulators within the timelines set by law.
Children.
ZxAI is a B2B service. We do not knowingly collect data from anyone under 16. If you believe a minor has submitted information, contact us and we will delete it.
Changes.
We may update this policy as the business evolves. Material changes will be reflected in the "Last updated" date at the top of this page. Continuing to use the site after a change means you accept the updated policy.
Contact.
ZxAI, LLC
Dallas / Fort Worth, Texas, United States
Email: hello@zxai.ai