How we handle
your data.

Zoe collects only the metadata required to compute an operational diagnostic. That means: who communicates with whom, how often, in what cadence, and across which channels. We never read message bodies, code commits, document text, or financial line items. We collect basic account information (name, email, company) when you sign up, and we collect technical telemetry (page views, clicks) for product analytics.

Diligence metadata is used exclusively to compute the Zoe Score and findings for your engagement. Account information is used to operate the service and communicate with you. Technical telemetry is used to improve the product. We do not sell, rent, or share personal data with third-party advertisers, ever.

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Each diligence engagement runs in an isolated workspace with its own encryption key. Raw metadata is processed and discarded after the diagnostic ships — only the resulting scores, findings, and aggregated patterns persist. See our /security page for the full data handling spec.

Nobody. Zoe does not share customer data with third-party advertisers, data brokers, or affiliates. We use a small number of vetted infrastructure providers (cloud hosting, email delivery, analytics) under strict data processing agreements. We will disclose data only when required by law or to protect against fraud or imminent harm.

You have the right to access, correct, export, or delete your personal data at any time. To exercise these rights, email privacy@zoediagnostics.com. We respond within 30 days. If you are an EU or California resident, you have additional rights under GDPR / CCPA — we honor those for all users regardless of jurisdiction.

We use a minimal set of cookies for authentication and product analytics. We do not use third-party advertising cookies or cross-site tracking pixels. You can disable cookies in your browser settings; the site will continue to work with the exception of features that require login.

Zoe operates from the United States. If you access the service from outside the US, your data will be transferred to and processed in the US under standard contractual clauses or equivalent safeguards. EU customers can request that diagnostic data be processed in EU regions on request.

We may update this policy as Zoe evolves. Material changes will be communicated to active customers via email at least 30 days before they take effect. The "last updated" date below reflects the most recent revision.