Cookie, AI and Data Processing Policy
Zeta AI, Inc.
Zeta AI, Inc. (“we,” “our,” or “us”) uses cookies, AI technologies, and similar tracking technologies on our websites and services to enhance your user experience, analyze site traffic, and personalize content. This policy explains what cookies, AI, and other technologies we use, how we use them, and how you can control them. This includes how our AI agent autonomously performs actions on your behalf in compliance with GDPR, ePrivacy Directive, AI Act, and other relevant regulations.
Key Definitions
In this policy, the following abbreviations and terms are used:
- GDPR: General Data Protection Regulation – A European Union regulation that governs data protection and privacy for individuals within the EU and EEA.
- AI Act: Artificial Intelligence Act – A proposed EU regulation that sets guidelines and rules for the use of AI, focusing on high-risk AI applications, transparency in AI decision-making, and human oversight.
- ePrivacy Directive: A European Union directive that complements GDPR, focusing on privacy in electronic communications, including the use of cookies, tracking technologies, and unsolicited marketing communications.
- NIS 2 Directive: Network and Information Security Directive – An EU directive aimed at enhancing cybersecurity for critical infrastructure and essential services, including AI systems and online platforms.
- DSA: Digital Services Act – An EU regulation that governs online platforms, intermediary services, and their responsibilities regarding user safety, transparency, and accountability.
- DMA: Digital Markets Act – An EU regulation aimed at ensuring fair competition and transparency in digital markets, especially for large platforms acting as gatekeepers.
- ISO/IEC 27001: An international standard for information security management systems (ISMS), providing guidelines for securing sensitive information and managing security risks.
- ISO/IEC 27701: An extension of ISO/IEC 27001, this international standard specifies requirements for a privacy information management system (PIMS) to ensure compliance with privacy regulations such as GDPR.
What are Cookies and Similar Tracking Technologies?
Cookies are small data files stored on your device (computer, smartphone, or tablet) when you visit a website. They allow websites to recognize your device and store information about your preferences or past actions. We also use other tracking technologies, such as local storage and pixels, which may function similarly to cookies.
Types of Cookies & Tracking Technologies We Use
We use the following types of cookies and technologies:
- Essential Cookies: Necessary for the functioning of our website, such as secure login and access to services. These comply with GDPR and ePrivacy Directive requirements.
- Analytics Cookies: Used to understand user interactions with our website, as permitted by GDPR and ISO/IEC 27001 guidelines.
- Functional Cookies: Store user preferences and provide personalized features.
- Marketing Cookies: Track your activities across websites for personalized ads, compliant with ePrivacy Directive.
AI Tracking: Our AI system collects data to improve personalization and take autonomous actions. This tracking complies with the GDPR, AI Act, and is supported by ISO/IEC 27701 for privacy management.
How We Use Cookies & AI
We use cookies and AI to:
- Enhance user experience: Cookies remember preferences, while our AI agent performs personalized actions.
- Analyze traffic: Cookies monitor visits, pageviews, and behaviors under the GDPR and ePrivacy Directive.
- AI-Based Personalization: Our AI agent autonomously performs actions such as filling forms or completing tasks based on past interactions, as outlined in the AI Act.
Autonomous AI Actions: The AI agent may autonomously interact on your behalf across websites. These actions comply with the Digital Services Act (DSA), and safeguards are in place as per the NIS 2 Directive for security.
Legal Basis for Data Processing
We process data based on:
- Essential Cookies: Legitimate interest for website operation under GDPR and ePrivacy Directive.
- Non-Essential Cookies: User consent, as required by the ePrivacy Directive.
- AI-driven Data Processing: Explicit consent when the AI performs tasks for you, under the GDPR and AI Act.
- Data Security: We follow NIS 2 Directive and ISO/IEC 27001 standards to secure all data interactions.
For any data involving high-risk AI activities (e.g., autonomous legal or financial actions), we ensure explicit consent and provide details on the legal grounds for processing under the AI Act.
Managing Your Cookie & AI Preferences
You can manage preferences through:
- Cookie Banner: Upon first visit, consent for non-essential cookies and AI data collection will be requested, in compliance with the ePrivacy Directive.
- Settings Management: Change your cookie and AI preferences at any time, including opting out of tracking.
Right to Withdraw: You can revoke consent for AI processing and cookies under GDPR Article 7 at any time.
Data Collected Through Cookies and AI
We collect:
- Interaction data: User engagement data to monitor site usage and AI interaction, ensuring compliance with the GDPR and ISO/IEC 27001 security standards.
- Behavioral data: AI-driven actions and decisions taken on your behalf, governed by the AI Act.
- Personalization data: Your preferences to improve AI-driven services.
- AI Risk Management: High-risk AI tasks follow risk mitigation processes under the AI Act and NIS 2 Directive.
We do not share this data with third parties unless it is outlined in this policy and compliant with GDPR and ePrivacy Directive.
Third-Party Cookies & AI Service Providers
We work with third-party service providers to enhance website functionality and AI services:
- Third-Party Cookies: May be used for cross-site tracking and personalized advertising, in compliance with the ePrivacy Directive and GDPR.
Third-Party AI: Some AI services may be powered by third-party providers. We ensure that all third-party AI services comply with the GDPR and AI Act.Include the names and details of third-party service providers here if applicable.
Data Retention
Cookies and AI-related data are stored for the following durations:
- Session Cookies: Deleted when you close your browser, in line with ePrivacy Directive.
- Persistent Cookies: Remain until manually deleted or after a set expiration period.
AI Interaction Data: Retained per data retention policies under ISO/IEC 27701 and for the duration required by the AI Act.Include specific retention periods here.
User Rights & AI Processing (GDPR Article 22 & AI Act)
As a user, you have the right to:
- Be informed: Understand how our AI processes your data and any decisions it makes.
- Human intervention: Request human review for any AI decisions that impact your legal or financial standing, in compliance with GDPR and AI Act.
- Opt-out: Manage and decline AI-based tracking and decision-making under the ePrivacy Directive.
- Control AI risks: We mitigate AI risks in compliance with the AI Act and perform regular audits per ISO/IEC 27001.
For any high-risk AI actions, we ensure transparency, security, and human oversight to protect your rights.
Security Measures and Risk Mitigation (NIS 2, AI Act Compliance)
We prioritize the security and robustness of our systems, in compliance with NIS 2 Directive and ISO/IEC 27001 standards. Our AI systems are regularly assessed to mitigate risks and ensure safety for users in accordance with the AI Act.
Digital Services and Markets Compliance (DSA and DMA)
If our AI agent interacts with digital platforms, we ensure compliance with the Digital Services Act (DSA) and Digital Markets Act (DMA) by ensuring transparency in interactions and fair competition. If our AI agent performs actions across different marketplaces or platforms, those interactions will be governed by these regulations to ensure fairness and transparency.
Changes to this Policy
We may update this policy to reflect changes in cookies, AI usage, and regulatory requirements, including the ePrivacy Directive, GDPR, and AI Act. Please review the policy regularly for updates.
Contact Us
For questions about our cookies, AI, or data processing, contact us at: team@zetalabs.ai.