Back

Privacy Policy

Last updated: 25 March 2026

1. Who We Are

Zenith GmbH ("Zenith", "we", "us") operates the Zenith platform at gozenith.ai, an AI visibility tracking and analytics service. This Privacy Policy explains how we collect, use, and protect personal data when you use our website, platform, or communicate with us.

Controller

Zenith GmbH
Langenbergerstr. 3, 45525 Hattingen, Germany
Managing Director: Lukas Götzkes
Email: support@gozenith.ai

We have not appointed a Data Protection Officer. For all data protection inquiries, please contact us at the address above.

2. What Personal Data We Collect

Account and contact data

When you register or contact us, we collect your name, email address, company name, and any other information you voluntarily provide. This is necessary to create and manage your account and to respond to your enquiries.

Usage and platform data

While you use the platform, we collect data about your interactions — including features used, prompts submitted, workspaces created, and actions taken. We also collect technical logs, IP addresses, browser type, device information, and session data for security and operational purposes.

Payment data

Payments are processed by Stripe. We do not store your full card details. We receive transaction confirmations, invoice information, and billing-related metadata from Stripe.

Communication data

When you email us or we send you transactional emails (via Resend), we process the content of those communications and your email address. When you schedule a meeting with us via Cal.com or attend a call via Zoom, we process the associated contact and meeting data.

Analytics data

We use privacy-friendly analytics to understand how our website and platform are used in aggregate. This does not involve tracking you across other websites or building individual profiles. See Section 7 (Cookies) for details.

3. Why We Process Your Data (Legal Bases)

PurposeLegal basis (GDPR)Providing the Service, managing your account, billingArt. 6(1)(b) — performance of a contractResponding to support requests and enquiriesArt. 6(1)(b) — performance of a contract / pre-contractual measuresComplying with tax, accounting, and legal obligationsArt. 6(1)(c) — legal obligationSecurity, fraud prevention, platform integrityArt. 6(1)(f) — legitimate interestsProduct analytics and improvement (aggregated, non-identifying)Art. 6(1)(f) — legitimate interestsCookies and analytics (where consent is required)Art. 6(1)(a) — consent

4. Service Providers and Processors

We work with the following third-party service providers who may process personal data on our behalf. Each is bound by a data processing agreement and appropriate safeguards for any international transfers.

  • Stripe (USA) — payment processing and billing

  • Supabase (EU) — database and backend infrastructure

  • Bubble.io (USA) — platform hosting and application layer

  • Cloudflare (USA / global) — CDN, DDoS protection, and DNS

  • Resend (USA) — transactional email delivery

  • Cal.com (USA) — meeting and calendar scheduling

  • Zoom (USA) — video calls and customer meetings

  • Google Workspace (USA) — internal email, documents, and collaboration

  • Notion (USA) — internal documentation and knowledge base

  • Starto (Germany) — domain registration

We do not sell your personal data to any third party, and we do not share it with anyone except as described in this policy or as required by law.

5. International Data Transfers

Several of our service providers are based in or process data in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place — primarily the EU Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Art. 46(2)(c) GDPR.

You can request a copy of the applicable transfer mechanisms by contacting us at support@gozenith.ai.

6. How Long We Keep Your Data

ProviderPurposeLocationStripePayment processingUSASupabaseDatabase and backend infrastructureEUBubble.ioPlatform hosting and application layerUSACloudflareCDN, DDoS protection, DNSUSA / GlobalResendTransactional email deliveryUSACal.comMeeting and calendar schedulingUSAZoomVideo calls and customer meetingsUSAGoogle WorkspaceInternal email, documents, and collaborationUSANotionInternal documentation and knowledge baseUSAStartoDomain registrationGermany

7. Cookies and Analytics

We use a small number of cookies to make the platform work and to understand how it is used. We do not use advertising cookies or cross-site tracking.

Strictly necessary

These cookies are required for authentication, session management, and security. They cannot be switched off. No consent is required for these.

Analytics

We use privacy-friendly analytics (no fingerprinting, no cross-site tracking, data stored in the EU where possible). Analytics cookies are only set with your consent, which you can withdraw at any time via our cookie settings.

You can also configure your browser to block or delete cookies at any time. Note that disabling strictly necessary cookies will affect core platform functionality.

8. Your Rights

Under the GDPR, you have the following rights with respect to your personal data. To exercise any of them, contact us at support@gozenith.ai. We will respond within one month.


Access (Art. 15)Request a copy of the personal data we hold about you.

Rectification (Art. 16)Ask us to correct inaccurate or incomplete data.

Erasure (Art. 17)Request deletion of your data where there is no legal ground for continued processing.

Restriction (Art. 18)Ask us to restrict processing of your data in certain circumstances.

Portability (Art. 20)Receive your data in a structured, machine-readable format.

Objection (Art. 21)Object to processing based on legitimate interests or for direct marketing.

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority at any time. The supervisory authority responsible for Zenith GmbH is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestr. 2–4, 40213 Düsseldorf, Germany
www.ldi.nrw.de

You may also contact the supervisory authority in your country of residence or place of work.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice in the platform before the change takes effect. The date at the top of this page always reflects the most recent version.

11. Contact

For any questions about this Privacy Policy or to exercise your rights:

Zenith GmbH · Langenbergerstr. 3 · 45525 Hattingen · Germany
support@gozenith.ai

Zenith AI

@ 2026 Zenith. All rights reserved.

Privacy Policy

Terms of Service

Imprint

Zenith AI

@ 2026 Zenith. All rights reserved.

Privacy Policy

Terms of Service

Imprint

Zenith AI

@ 2026 Zenith. All rights reserved.

Privacy Policy

Terms of Service

Imprint