IN PLAIN LANGUAGE
We collect only what we need to reply to reviews and improve your business. We never sell. Compliant with Costa Rica's L
1. What we collect
We divide data into three groups:
- Your account: email, name, hashed password (via our authentication provider), business name, location, plan.
- Your operation: customer reviews (text, rating, date, public Google author info), replies you approve, brand-voice settings, detected operational patterns.
- Technical telemetry: IP (anonymized), browser, pages visited and funnel events on zumoiq.com. We use Google Analytics 4 on the public site only, and only if you accept analytics cookies (see the Cookie Policy). We don't use Meta Pixel or advertising pixels.
2. Why we collect it
- To deliver the service (legal basis: contract — Costa Rica Law 8968, art. 5).
- To issue electronic invoices (legal basis: legal obligation — Hacienda 4.4).
- To improve the product and detect abuse (legal basis: legitimate interest, balanced).
- We don't sell data. We use the providers needed under data-processing agreements to host, operate, and improve the service. We never use your data for third-party advertising.
3. Who we share it with
Only strictly necessary processors under DPAs:
- Enterprise cloud provider — hosting, database, file storage. Does not access your content for its own purposes.
- Conversational AI provider — generation of reply drafts and insights. Prompts are not used to train the provider's models.
- CRM provider — if you consented on the report, we store your contact to send you commercial communications. You can withdraw consent anytime.
- Google — only to read your reviews on your own profile, via OAuth you authorize.
- Google Analytics 4 (Google LLC, USA) — traffic + funnel measurement on the public site, enabled only with your consent (Consent Mode v2), with IP anonymized. We don't use its data for personalized advertising.
- OnvoPay — process payments (receives only amount and email).
- Costa Rica Tax Authority (Hacienda) — mandatory electronic invoicing.
Some of these providers are located outside Costa Rica. They act as intermediaries on our behalf under data-processing agreements (DPAs), solely to deliver the service. We don't sell or transfer your data to third parties for their own marketing.
4. How long we keep it
- Active account: while you're a customer.
- 30 days post-cancellation: you can export everything and request early deletion.
- Invoices: 5 years (Costa Rica tax law minimum).
- Anonymized logs: 90 days for diagnostics.
5. Your rights (Costa Rica Law 8968 + GDPR equivalent)
Email privacy@zumoiq.com any time to:
- Access: receive a copy of everything we have about you, JSON or CSV, in 30 days or less.
- Rectify: correct incorrect data.
- Delete / forget: close your account and erase associated data (except invoices).
- Object: stop processing for any specific purpose.
- Portability: receive your data in a structured format to move elsewhere.
If our response doesn't satisfy you, file a complaint with the Costa Rica Data Protection Agency (PRODHAB) at prodhab.go.cr.
6. How we protect data
- Encryption in transit (TLS 1.3) and at rest (AES-256).
- Managed authentication with optional second factor.
- Limited internal access with audit logs.
- Encrypted daily backups.
7. Children's data
ZumoIQ is a B2B (business) product. We don't knowingly collect data from anyone under 18. If we discover we did, we delete immediately.
8. Changes
Any material change is notified 30 days in advance by email. Current version: 1.1 (May 28, 2026).
9. Contact
Data Protection Officer: privacy@zumoiq.com
ZumoIQ Tecnología SRL · San José, Costa Rica.
Questions about this document? Email legal@zumoiq.com — we respond within 5 business days.
ZumoIQ Tecnología SRL · San José, Costa Rica · zumoiq.com