Privacy Policy
Last updated: April 7, 2026
This Privacy Policy describes how Zemo ("we", "us", or "our"), accessible at zemo.cc and via the Zemo mobile application for Android and iOS, collects, uses, and protects your personal information. By using our services, you consent to the practices described below.
1. Information We Collect
Account Information
When you sign in via Google OAuth, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.
When you sign in via Apple (available on iOS), we receive your name and email address (or an Apple private relay email) from Apple. We do not receive or store your Apple password.
When you create an account with email and password, we collect your full name, email address, and a password. Your password is securely hashed and never stored in plaintext. For password recovery, we send a one-time verification code (OTP) to your registered email address.
WhatsApp Message Data
When you connect a WhatsApp Business account through Zemo, we process and store:
- Incoming and outgoing WhatsApp messages
- Contact names and phone numbers of your customers
- Media files (images, documents) shared in conversations
- Message timestamps and delivery status
This data is stored securely and used solely to provide you with the Zemo platform services.
You can disconnect your WhatsApp Business account at any time from the WhatsApp tab in Zemo's dashboard. Disconnecting immediately clears the stored access token, unsubscribes the WhatsApp Business Account from Zemo's webhooks, and stops Zemo from sending or receiving any further WhatsApp messages on your behalf. To request permanent deletion of all stored WhatsApp message data (incoming and outgoing messages, customer names and phone numbers, media, and delivery metadata), you may either (a) use the disconnect button followed by deleting your Zemo account, or (b) submit a deletion request to support@zemo.cc. Stored WhatsApp data is deleted as described in the Data Retention section below.
Instagram Business Account Data
When you connect an Instagram Business or Creator account through Zemo via Meta's official Instagram Graph API, we process and store the following data, all scoped strictly to the connected business account:
- Account profile information — username, display name, profile picture, follower count, media count, and account type. Used to display the connected account in your Zemo dashboard so you can confirm the correct account is linked.
- Post metadata — post IDs, captions, timestamps, like counts, comment counts, share counts, and saved counts for posts published by your connected Instagram account. Used to display post performance analytics in the Insights tab.
- Comments on your posts — comment text, the commenter's Instagram username and ID, and the post the comment was made on. Used to power the comment auto-reply feature based on keyword triggers you configure.
- Direct messages — message text, the sender's Instagram username and ID, message timestamps, and conversation thread metadata. Used to display your Instagram inbox inside Zemo and to enable AI-powered automatic replies (Bot Mode) or manual replies by your team (Human Mode).
- OAuth access token — used to authenticate API calls to Instagram on your behalf. Stored securely and never exposed to the client.
Instagram data is processed for the sole purpose of enabling Zemo's customer-facing automation features (comment replies, DM auto-replies, post analytics) on your connected business account. We do not access, read, or store data from Instagram accounts you have not explicitly connected. We do not access posts, comments, or messages from accounts other than the one you connected.
You can disconnect your Instagram account at any time from the Instagram tab in Zemo's dashboard. Disconnecting immediately clears the stored access token, unsubscribes from all webhooks, and stops all data collection for that account. To request permanent deletion of all stored Instagram data, you may either (a) use the disconnect button followed by deleting your Zemo account, or (b) submit a deletion request to support@zemo.cc. Meta also provides an automated data deletion request flow when you remove the Zemo app from your Instagram settings — Meta will notify Zemo's data deletion endpoint and we will delete all data tied to your Instagram user ID. You can verify the status of any such request at https://zemo.cc/data-deletion-status.
Business Data
When you use Zemo's inventory and order management features, we collect and store:
- Product catalog information (names, prices, descriptions, and images)
- Order details (customer orders, order status, and transaction history)
- Contact CRM data (customer profiles, email addresses, company names, phone numbers, notes, tags, and custom fields)
- Business location data (addresses, location names) when you use multi-location management features
This data is stored to provide you with inventory management and order tracking features within the platform.
AI Processing
When Bot Mode is enabled, customer messages are sent to AI language models (Google Gemini) to generate automated responses. We do not use your conversation data to train AI models. AI-generated responses are attributed as such within the platform.
Usage Data
We collect standard usage data such as browser type, IP address, pages visited, and session duration to improve our services.
Contact Form Submissions
When you submit our contact form, we collect your name, email, and message content to respond to your inquiry.
2. How We Use Your Information
- To provide and maintain the Zemo platform
- To process and route WhatsApp messages on your behalf
- To process Instagram comments and direct messages on your connected Instagram Business account, and to send replies (manual or AI-generated) on your behalf
- To display Instagram post performance analytics inside the Zemo dashboard
- To generate AI-powered responses when Bot Mode is active
- To send you service-related notifications
- To respond to your support requests and inquiries
- To improve our platform and develop new features
No Third-Party Tracking: We do not use third-party advertising, analytics, or tracking SDKs in our mobile applications or web platform. We do not collect data for advertising or marketing profiling purposes.
3. Data Sharing
We do not sell your personal data. We share data only with:
- Meta (WhatsApp Business API) — to send and receive WhatsApp messages on your behalf
- Meta (Instagram Graph API) — to read your connected Instagram Business account's profile, posts, comments, and direct messages, and to send replies on your behalf
- Google Cloud Platform — our hosting and infrastructure provider
- Google Gemini AI — to process messages in Bot Mode
- Apple Inc. — to authenticate users who sign in with Apple on iOS
- Zoho Mail — to send service-related emails
All third-party providers are bound by their own privacy policies and data protection standards.
4. Data Storage & Security
Your data is stored on Google Cloud Platform servers. We use industry-standard security measures including:
- Encryption in transit (HTTPS/TLS)
- Encrypted database connections
- Role-based access control within the platform
- Regular security reviews
5. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights, we will:
- Notify the Data Protection Board of India as required under the DPDP Act, 2023
- Inform affected users via email or in-app notification
- Take immediate steps to contain and remediate the breach
6. Cross-Border Data Transfers
Your data may be processed in countries outside India by our service providers:
- Google Cloud Platform — servers in India (asia-south1/asia-south2 regions) for primary hosting
- Google Gemini AI — message processing may occur on servers outside India
- Meta (WhatsApp) — message delivery through Meta's global infrastructure
These transfers are made to provide our core services and are governed by each provider's data processing agreements. We ensure that adequate safeguards are in place consistent with the DPDP Act, 2023.
7. Your Rights
Under the Digital Personal Data Protection (DPDP) Act, 2023 and the Information Technology Act, 2000, you have the right to:
- Access your personal data stored with us
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Withdraw consent for data processing
- Nominate a representative to exercise your rights
- Right to grievance redressal through our Grievance Officer
- Right to lodge a complaint with the Data Protection Board of India
To exercise any of these rights, contact us at support@zemo.cc. We will respond within 30 days.
Data Controller
The data controller responsible for your personal data is:
- Enterprise: Zemo
- Udyam Registration: UDYAM-TN-20-0227721
- Address: 1A, Rajamanickam, Velasamy Street, Salem, Tamil Nadu 636009, India
- Email: support@zemo.cc
- Phone: +91 98427 33531
Grievance Officer
In accordance with the Digital Personal Data Protection (DPDP) Act, 2023, our Grievance Officer can be contacted at:
- Name: Sandhiya R
- Email: support@zemo.cc
- Response time: Within 15 days of receiving a complaint
8. Data Retention
We retain your data for as long as your account is active and as needed to provide our services:
- Account data: Retained while your account is active.
- Message data: Retained while your account is active.
- Business data (products, orders): Retained while your account is active.
Upon account deletion, your personal credentials and project memberships are permanently removed. Shared project data (products, orders, contacts) that you contributed to remains accessible to other project members. If you are the sole owner of a project, all project data is permanently deleted within 90 days. Encrypted backups may be retained for up to 30 additional days before being permanently destroyed.
9. Mobile Application
The Zemo mobile app for Android and iOS provides a companion interface to the Zemo web platform. In addition to the data described above, the mobile app may access or store the following:
Camera & Photo Library Access
The app requests camera and photo library permissions for two purposes:
- Barcode/QR code scanning: Images captured for scanning are processed locally on your device and are not uploaded or shared.
- Product photos: When you capture a photo with the camera or select an image from your gallery for a product listing, that image is uploaded to Zemo servers and stored as part of your product catalog.
On Android, the app requests storage or media permissions (READ_EXTERNAL_STORAGE on Android 12 and below, READ_MEDIA_IMAGES on Android 13+) to access your photo library for product image uploads.
Local Device Storage
The app stores limited data on your device using local preferences, including:
- Your login session token (to keep you signed in)
- Server connection URL and display preferences
This data remains on your device and is cleared when you sign out or uninstall the app.
Network Communication
The app communicates with Zemo servers over encrypted HTTPS connections and WebSocket for real-time message updates. No data is sent to third-party analytics, advertising, or tracking services.
Bluetooth Access
The app requests Bluetooth permissions to connect to thermal receipt printers for order printing. On Android 12 and above, this requires the BLUETOOTH_CONNECT and BLUETOOTH_SCAN permissions. Bluetooth is used solely to discover and communicate with paired printers on your local network. No Bluetooth data is transmitted to Zemo servers or any third party.
No Background Data Collection
The app does not collect data in the background, does not access your contacts, location, or microphone. Device sensors accessed are limited to the camera (when you initiate a scan) and Bluetooth (when you connect to a printer).
Authentication
The app supports three sign-in methods: Google OAuth, Apple Sign In (on iOS), and email with password. When you sign in with Google or Apple, you are redirected to the provider's sign-in page in your device's browser. After authentication, a session token is securely passed back to the app. No passwords or third-party credentials are stored on your device. When you sign in with email and password, your credentials are transmitted securely over HTTPS and your password is verified against a securely hashed copy on our servers.
Offline Behavior
The app requires an active internet connection to function. When offline, no data is cached or stored locally beyond the session token and preferences described above. Messages and business data are only accessible when connected to Zemo servers.
Account Deletion
You can delete your account directly within the Zemo mobile app by navigating to Settings > Delete Account. You will be asked to type "DELETE MY ACCOUNT" to confirm. You can also request account deletion by contacting support@zemo.cc.
Data After App Uninstall
Uninstalling the app removes all locally stored data (session token, preferences). However, your account and server-side data (messages, contacts, products, orders) remain on Zemo servers. To delete server-side data, you must delete your account before or after uninstalling the app (see Account Deletion above).
10. Cookies
We use essential cookies to maintain your login session and remember your preferences. We do not use third-party tracking or advertising cookies.
11. WhatsApp Messaging Consent
If you opt in to receive WhatsApp messages from a business using Zemo, you may opt out at any time by:
- Replying STOP to any WhatsApp message
- Contacting the business directly
- Contacting us at support@zemo.cc
12. Children's Privacy
Zemo is a business platform intended for users aged 18 and older. We do not knowingly collect personal information from children under 18. If we discover that we have inadvertently collected personal information from a child, we will promptly delete that information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@zemo.cc.
13. Changes to This Policy
We may update this policy from time to time. Significant changes will be communicated via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.
14. Contact Us
For privacy-related questions or concerns:
- Email: support@zemo.cc
- Website: zemo.cc/contact
- Entity: Zemo, Salem, Tamil Nadu, India