Legal · Privacy

Privacy Policy.

Effective · 2026-05-21 EU GDPR · Estonian law

This Privacy Policy explains how Zoniax Innovations LLC ("Zoniax", "we", "us") processes personal data when you use our website, our SaaS platform, and any mobile applications we offer (together, the "Services"). It is written to align with the EU General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus).

Controller

Zoniax Innovations LLC is the controller of the personal data described in this policy, except where this policy states that we act as a processor (see Our two roles below). Zoniax Innovations LLC is a private limited company registered in Estonia, with its registered office in Tallinn, Estonia.

For any question about this policy, or to exercise your rights, you can reach us through our contact form. Please mark privacy-related requests clearly so they can be routed appropriately.

Our two roles

Zoniax processes personal data in two distinct capacities, and your rights depend on which applies:

  • As a controller — where we decide why and how personal data is processed. This covers account and identity data, website and product usage data, support communications, and our own business records. This policy governs that processing.
  • As a processor — where we process data only on the documented instructions of a customer organization. This covers industrial telemetry and any personal data it may contain. There, the customer organization is the controller; its own privacy notice and our data processing agreement with it govern that processing. Requests about such data should be directed to the customer organization.

Personal data we process

Depending on how your organization deploys and uses the Services, we may process the following categories of personal data:

CategoryExamplesOur role
Account identifiersName, work email, role, SSO identifierController
Usage dataPages and views, features used, interaction logsController
Device & diagnosticsApp version, operating system, crash logs, performance dataController
Support communicationsMessages, tickets, and logs you share with supportController
Website & enquiry dataContact-form submissions, and limited technical data needed to serve and secure the siteController
Industrial telemetrySensor measurements, events, alerts, and asset metadata, which may incidentally include personal dataProcessor

We do not intentionally collect special categories of personal data (such as health or biometric data). Most personal data is provided directly by you or generated as you use the Services. Some account data — such as your name, work email, and role — may be provided by your organization's administrator when your account is created.

Purposes and legal bases

Where we act as a controller, we process personal data for the purposes below, each on the legal basis identified under Article 6 of the GDPR:

PurposeLegal basis
Provide, operate, and maintain the Services — accounts, access, dashboards, alertsPerformance of a contract — Art. 6(1)(b)
Respond to enquiries submitted through the websiteLegitimate interests, or steps prior to a contract — Art. 6(1)(f) / (b)
Secure the Services, prevent abuse, and maintain audit logsLegitimate interests — Art. 6(1)(f)
Improve reliability and quality through diagnostics and aggregated analysisLegitimate interests — Art. 6(1)(f)
Provide customer support and troubleshootingPerformance of a contract — Art. 6(1)(b)
Comply with legal obligations, including accounting and lawful requestsLegal obligation — Art. 6(1)(c)
Send optional communications, where offeredConsent — Art. 6(1)(a)

Where we rely on legitimate interests, those interests are operating, securing, and improving the Services and running our business responsibly. We weigh them against your rights and freedoms, and you may object to this processing at any time (see Your rights). Where we rely on consent, you may withdraw it at any time without affecting processing carried out before withdrawal.

Recipients and disclosure

We do not sell personal data and we do not use it for advertising. We may disclose personal data to:

  • Processors and sub-processors that host, operate, or support the Services on our behalf — for example cloud hosting, monitoring, and analytics providers — each bound by a data processing agreement with confidentiality and security obligations.
  • Integrations a customer organization chooses to enable, such as single sign-on, ERP / MES / CMMS systems, and data lakes. Those data flows are controlled by the customer organization.
  • Professional advisers and authorities where disclosure is required by law, or is necessary to establish, exercise, or defend legal claims, or to protect the rights, safety, and integrity of the Services.

International transfers

We aim to process personal data within the European Economic Area (EEA). Where a processor is located outside the EEA, we transfer personal data only when an appropriate safeguard is in place — a European Commission adequacy decision, or the Standard Contractual Clauses approved by the European Commission, together with additional measures where these are needed. You may request information about the safeguards that apply.

Data retention

We keep personal data only for as long as it is needed for the purposes set out above:

  • Account and identity data is kept for the life of the account, then for the period needed to meet our legal obligations and to defend legal claims.
  • Diagnostic, usage, and security logs are kept for a limited period appropriate to their purpose, then deleted or anonymized.
  • Enquiry and support communications are kept for as long as needed to handle the matter and for a reasonable period afterwards.
  • Data we process as a processor is retained in line with the customer organization's configuration and our agreement with that organization.

Security

We apply administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit and at rest, role-based access controls, and audit logging. No method of transmission or storage is completely secure, and we continuously work to improve our protections. Where the law requires it, we will notify the competent supervisory authority, and affected individuals, of a personal data breach within the applicable time limits.

Your rights

Subject to the conditions and exceptions in the GDPR, you have the right to:

  • Access — obtain confirmation of whether we process your personal data, and a copy of it.
  • Rectification — have inaccurate or incomplete data corrected.
  • Erasure — have your data deleted where one of the grounds in the GDPR applies.
  • Restriction — have processing restricted in certain circumstances.
  • Data portability — receive data you provided in a structured, commonly used, machine-readable format.
  • Object — object to processing based on legitimate interests, and to any direct marketing.
  • Withdraw consent — at any time, where processing is based on consent.
  • Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

To exercise any of these rights, contact us through our contact form. We may need to verify your identity. We will respond without undue delay and within one month, as the GDPR requires; that period may be extended for complex or numerous requests, in which case we will tell you. Exercising your rights is free of charge unless a request is manifestly unfounded or excessive. Where we act as a processor, please direct your request to the relevant customer organization, and we will assist that organization as required.

Automated decision-making

We do not make decisions producing legal or similarly significant effects on individuals based solely on automated processing. The analytical and machine-learning models in the platform operate on industrial and equipment data — sensor readings, events, and asset metadata — to support the decisions of plant operators and engineers; they are not used to profile individuals.

Complaints and supervisory authority

If you believe we have not handled your personal data lawfully, we would welcome the chance to address your concern first — please contact us through the contact form.

You also have the right to lodge a complaint with a data protection supervisory authority. In Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), www.aki.ee. You may also contact the supervisory authority in the EEA country where you live or work, or where the alleged infringement took place.

Children's privacy

The Services are intended for professional and industrial use and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can address it.

Cookies and website analytics

This website uses Google Analytics (GA4) to understand, in aggregate, how visitors use our pages so we can improve them. It sets analytics cookies and processes limited usage data such as pages viewed, approximate location derived from IP address, and device and browser type. We use Google's Consent Mode: analytics cookies stay disabled until you accept them via the banner shown on your first visit. The legal basis is your consent (GDPR Art. 6(1)(a)). You can decline, and you can withdraw a prior acceptance at any time by clearing this site's cookies and site data in your browser. Google acts as our processor for this analytics data, and no advertising or cross-site tracking features are enabled.

Third-party services

Depending on deployment, the Services may rely on third-party providers, and customer organizations may enable integrations of their choosing. Those third parties process data under their own privacy terms. We select processors that offer sufficient guarantees of GDPR-compliant processing and bind them by a data processing agreement.

Changes to this policy

We may update this policy from time to time. Where a change is material, we will update the "Effective" date above and, where the law requires it, provide additional notice. Please review this page periodically.

Contact

Questions, requests, and rights enquiries — including access, correction, and deletion — can be submitted through our contact form. Please mark privacy-related requests clearly so they reach the right people.