Privacy Policy
Last updated: May 2026. This policy explains how Zensebot collects, uses, stores, and protects your information.
This Privacy Policy explains how Zensebot ("we," "our," or "us") collects, uses, stores, and protects information obtained through our website (zensebot.com), AI automation services, chatbot systems, and AI calling agents. By using our services, you agree to the practices described in this policy.
1. Who We Are
Zensebot is an AI automation agency headquartered in Lahore, Pakistan, providing services to clients primarily in the United States, United Kingdom, UAE, and Australia. Our core services include AI chatbots, AI calling agents, CRM automation, and workflow automation systems for dental clinics and real estate professionals.
For privacy inquiries, contact us at: hello@zensebot.com
2. Information We Collect
We collect information in the following ways:
2.1 Information You Provide Directly
- Contact forms: Name, email address, phone number, company name, and message content when you submit a form on our website.
- Discovery call booking: Name, email, and company details collected via Calendly when you schedule a consultation.
- Client onboarding: Business information, technical credentials, and configuration data required to build and deliver your automation systems.
- Demo interactions: Information you voluntarily enter into our demo chatbots or submit to trigger demo calling agents for evaluation purposes.
2.2 Information Collected Automatically
- Website analytics: Pages visited, time on site, referral source, browser type, and device type via Google Analytics 4. IP addresses are anonymized.
- Essential cookies: Session identifiers and preferences required for the website to function correctly (see Section 8 for full cookie details).
- Chatbot interaction logs: Conversation transcripts from our website chatbot widget, used for quality assurance and service improvement.
2.3 Information Collected Through Client-Deployed Systems
When we build and operate AI systems on behalf of our clients (such as patient-facing chatbots or lead qualification calling agents), we may process data belonging to their end users. In these cases, Zensebot acts as a data processor and the client is the data controller. Processing is governed by our Data Processing Agreement (DPA) signed with each client.
3. How We Use Your Information
We use collected information for the following purposes:
- To respond to inquiries and schedule discovery calls
- To deliver, configure, and maintain AI automation services you have contracted
- To send service updates, onboarding instructions, and project communications
- To improve the quality and accuracy of our AI chatbot and calling agent systems
- To analyze website performance and optimize user experience
- To comply with legal obligations, including HIPAA requirements for healthcare clients
- To detect, prevent, and address technical issues or security incidents
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
4. Healthcare Data & HIPAA Compliance
Zensebot recognizes the sensitivity of Protected Health Information (PHI) and maintains strict compliance with the Health Insurance Portability and Accountability Act (HIPAA) for all healthcare clients.
- Business Associate Agreement (BAA): We sign a BAA with every healthcare client before any PHI is processed through our systems.
- Encryption: All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Minimum Necessary Standard: Our systems are configured to access only the minimum PHI required to perform the contracted automation function.
- No unauthorized storage: PHI is not retained in our internal systems beyond the duration necessary to complete a transaction, unless explicitly agreed upon in writing with the client.
- Breach notification: In the event of a security incident involving PHI, we will notify affected clients within 60 hours of discovery, in compliance with the HIPAA Breach Notification Rule.
- Subprocessors: Third-party subprocessors handling PHI (such as Vapi, Twilio, and GoHighLevel) are evaluated for HIPAA compliance and governed by their own BAAs where applicable.
5. AI Calling Agent Data
Our AI calling agents, built on the Vapi platform and routed through Twilio telephony, handle inbound and outbound phone calls on behalf of clients.
- Call processing: Conversations are processed in real time by our AI models to perform their configured functions (e.g., appointment booking, lead qualification).
- Call recordings: Calls are not permanently recorded or stored by Zensebot unless a client has explicitly requested and enabled call recording in their service agreement. Where recording is enabled, recordings are stored securely and accessible only to the client and authorized Zensebot personnel.
- Demo calls: Phone numbers used to interact with our public demo calling agents are not stored, logged, or used for any outbound marketing purpose.
- Caller consent: For client deployments, Zensebot provides clients with guidance on legally required disclosures (e.g., "This call may be handled by an AI assistant") and it is the client's responsibility to implement these disclosures in compliance with applicable law, including the Telephone Consumer Protection Act (TCPA).
- Transcript retention: Where call transcripts are generated for CRM integration purposes, they are stored within the client's GoHighLevel CRM sub-account and subject to that platform's data policies.
6. Chatbot Conversation Data
Our AI chatbots, deployed on client websites or on zensebot.com, log conversation data for the following purposes:
- Quality assurance and accuracy improvement of the AI model's responses
- CRM record creation (where the user provides contact information voluntarily)
- Identifying gaps in the AI's knowledge base for future training
Chatbot conversation logs are retained for a maximum of 90 days unless a longer retention period is required by the client or applicable law. Users may request deletion of their conversation data at any time by contacting hello@zensebot.com. No conversation data is shared with third parties for advertising or marketing purposes.
7. Data Sharing & Third-Party Subprocessors
We share data only with trusted third-party service providers necessary to deliver our services. All subprocessors are bound by data processing agreements and are prohibited from using your data for their own purposes.
| Subprocessor | Purpose | Data Transferred |
|---|---|---|
| Vapi | AI voice agent infrastructure | Call audio (real-time), transcript data |
| Twilio | Telephony, phone number routing | Caller phone number, call metadata |
| GoHighLevel (GHL) | CRM, pipeline, and marketing automation | Lead contact data, conversation summaries |
| n8n | Workflow automation orchestration | Data passed between integrated systems |
| Google Analytics 4 | Website analytics (anonymized) | Anonymized browsing behavior |
| Calendly | Discovery call scheduling | Name, email, booking details |
| Google Workspace | Internal communication and file storage | Client project files and correspondence |
| Anthropic (Claude API) | AI language model for chatbot and content features | Conversation input text (no PHI) |
We do not share personal data with government authorities unless required by a valid legal order. If we receive such a request, we will notify the affected party unless prohibited by law from doing so.
8. Cookies & Tracking Technologies
Zensebot uses only essential cookies required for the website to function. We do not use advertising cookies, retargeting pixels, or any third-party tracking technologies beyond anonymized analytics.
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
| zsb_session | Essential | Maintains your session state on the website | Session (deleted on browser close) |
| zsb_chat_id | Functional | Identifies your chatbot conversation to maintain context | 24 hours |
| _ga, _ga_* | Analytics | Google Analytics 4, anonymized page view tracking | 2 years (anonymized) |
| wordpress_* / wp-settings-* | Essential | WordPress CMS functionality (logged-in users only) | Session / 1 year |
You can disable non-essential cookies at any time via your browser settings. Disabling analytics cookies will not affect website functionality.
9. Data Retention
We retain personal data only for as long as necessary to fulfill the purpose for which it was collected or as required by law:
- Prospect inquiry data: 12 months from last contact, unless a contract is signed
- Client project data: Duration of the contract plus 24 months thereafter
- Chatbot conversation logs: 90 days (see Section 6)
- Call transcripts (where enabled): Per client's data retention agreement
- Invoices and financial records: 7 years (legal requirement)
- Healthcare PHI: As required by HIPAA (minimum 6 years from date of creation or last effective date)
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements
- Right to Restriction: Request that we limit processing of your data while a dispute is resolved
- Right to Data Portability: Request your data in a structured, machine-readable format
- Right to Object: Object to processing of your data for direct marketing or where processing is based on legitimate interests
- CCPA Rights (California residents): Right to know, right to delete, right to opt-out of sale (we do not sell data), and right to non-discrimination
To exercise any of these rights, contact us at hello@zensebot.com. We will respond within 30 days. We may need to verify your identity before processing your request.
11. Data Security
We implement industry-standard technical and organizational measures to protect your data against unauthorized access, loss, or disclosure:
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Access controls, internal data access is restricted to personnel who require it to perform their role
- Two-factor authentication enforced on all internal systems
- Regular security reviews of third-party subprocessors
- Incident response procedures documented and tested annually
No system is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.
12. International Data Transfers
Zensebot is based in Pakistan and serves clients internationally. Your data may be processed in countries where our subprocessors operate, including the United States. We ensure that all international transfers are covered by appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms, where applicable.
13. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, contact us immediately at hello@zensebot.com and we will delete it promptly.
14. Links to Third-Party Websites
Our website may contain links to external websites, including tools we recommend (such as GoHighLevel, Vapi, and Calendly). This Privacy Policy applies only to zensebot.com. We are not responsible for the privacy practices of third-party sites and encourage you to review their policies independently.
15. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our services, legal requirements, or industry practices. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify clients directly via email. Continued use of our services after any update constitutes acceptance of the revised policy.
16. Contact & Data Controller Information
For any privacy-related questions, requests, or complaints, contact us at:
- Email: hello@zensebot.com
- Website: Contact Page
- Company: Zensebot, AI Automation Agency
We aim to resolve all privacy inquiries within 5 business days and all formal data subject requests within 30 calendar days.