Skip to main content

Privacy Policy

Effective date: 10 May 2026 · Last updated: 10 May 2026

Scope

This Privacy Policy applies to your use of the Zapheron public website at zapheron.ai, including our online assessment tools, the AI Visibility Scorer, and any contact or waitlist forms. It does not cover personal data processed in the context of direct consulting engagements with Zapheron AS, which are governed by separate written agreements between Zapheron AS and the engaging client.

Data controller

The data controller for personal data collected through this website is:

  • Zapheron AS
  • Org. nr. 937 674 856
  • Email: hello@zapheron.ai
  • Postal address available on request via hello@zapheron.ai

What personal data we collect

When you use our website and tools, we may collect the following categories of personal data:

Information you provide directly

  • Email address, name, and (optional) company name — collected when you use an assessment tool, the AI Visibility Scorer, our contact form, or our waitlist signup.
  • Assessment responses — the answers you provide in our online assessment tools.
  • URL — when you submit a website address to the AI Visibility Scorer.
  • Free-text messages — anything you write in our contact form.
  • Scheduling information — name, email, and meeting time when you book a call through our scheduling tool.

Information collected automatically

  • Technical data — your IP address, browser type (user agent), and referring page. This is collected automatically by our hosting provider for security and operational purposes.

Why we collect it and our legal basis

Under the GDPR (Article 6), we process your personal data on the following legal bases:

  • Delivering the service you requested (legitimate interest) — when you submit an assessment or use the AI Visibility Scorer, we process your responses and email to generate and deliver your results.
  • Responding to your enquiry (legitimate interest) — when you contact us or book a call, we use your details to respond.
  • Marketing communications (consent) — we do not currently send marketing emails. If we begin sending them in the future, we will only do so with your explicit opt-in consent, which you can withdraw at any time.
  • Security and fraud prevention (legitimate interest) — we use technical data (IP address, user agent) to protect our systems from abuse.

Where data is stored and processed

Personal data submitted through this website is stored and processed within the European Economic Area and the United Kingdom. The United Kingdom is covered by an EU adequacy decision under GDPR Article 45, which means transfers to the UK are recognised as ensuring an equivalent level of data protection.

Who processes data on our behalf

We use a limited number of third-party service providers (“sub-processors”) to operate the website. Each is bound by a Data Processing Agreement and processes data solely on Zapheron’s instructions.

  • Database provider — Supabase. Stores assessment submissions, scores, and contact details. Hosted in the United Kingdom (covered by EU adequacy decision).
  • Transactional email provider — Resend. Sends notification emails when you submit an assessment or contact us. Email is processed within the EU (Ireland).
  • AI provider — Anthropic, PBC. Generates written assessment reports based on your responses. Operated in the United States (see International transfers below).
  • Hosting provider — Vercel. Serves the website and runs server-side functions. Serverless functions are configured to execute in the EU (Frankfurt). Vercel is a US company; any residual control-plane processing is governed by Standard Contractual Clauses.
  • Scheduling provider — Proton AG. Handles meeting bookings when you schedule a call. Operated in Switzerland, which the European Commission has recognised as providing an adequate level of data protection.

International transfers

Our AI provider is based in the United States, and our hosting provider is a US company (though runtime data processing occurs in the EU). For any processing that takes place outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission, together with supplementary technical and organisational safeguards as required under EU law, to ensure an adequate level of data protection.

How long we keep data

  • Assessment submissions — retained until you request deletion, or up to 24 months after submission, whichever is sooner.
  • Contact form messages — retained for up to 12 months to allow follow-up, then deleted unless a business relationship has been established.
  • Waitlist signups — retained until you unsubscribe or request deletion.
  • Legal obligations— where Norwegian law requires us to retain records (for example, accounting records under bokføringsloven), we keep those for the period required by law, even if you have requested deletion of other data.

Your rights under the GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your personal data (“right to be forgotten”).
  • Restriction — ask us to limit how we process your data in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.

To exercise any of these rights, email us at hello@zapheron.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.

Cookies and similar technologies

Zapheron does not use tracking cookies, analytics cookies, or third-party advertising cookies. The site uses only technical session storage required for the site to function. We do not track you across the web or share your data with advertisers.

If we introduce analytics or other cookie-based technologies in the future, we will update this policy and provide appropriate notice and controls.

Security

We take reasonable measures to protect your personal data. All data transmitted between your browser and our servers is encrypted using HTTPS (TLS). Data at rest is encrypted by our sub-processors. Access to personal data is restricted to authorised personnel only.

No system is completely secure. If you believe your data has been compromised, please contact us immediately at hello@zapheron.ai.

Updates to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a prominent notice on the website. The “last updated” date at the top of this page indicates when the policy was last revised.

Contact

For all data protection enquiries, requests, or complaints, contact us at: hello@zapheron.ai