Privacy Notice

Last Updated: October 8, 2025

At Zasio Enterprises, Inc. (“Zasio,” “we,” “our”), we respect your privacy and are committed to protecting your personal data. This Privacy Notice explains how we collect, use, protect, share, store, and dispose of your information.

About Us. Zasio is a California corporation based in Boise, Idaho, USA. We provide businesses with records and information management (“RIM”) and Information Governance (“IG”) solutions, including SaaS and on-premises software, as well as consulting services. Learn more on the About Section of our website.

Scope of Notice. This notice outlines the categories of personal data we’ve collected and disclosed in the 12 months preceding the date shown above.

To print a copy of this Privacy Notice, click here.

What’s In This Privacy Notice? This notice explains the types of personal data we collect from:

Customers and their end users via our cloud services, on-premises software, consulting services, and related trainings;
website visitors;
webinar and event attendees;
prospective customers or individuals seeking information about our company and services; and
anyone who interacts with us, including through social media platforms where Zasio is active.

By engaging with Zasio in any of these ways, you acknowledge and accept the practices described in this notice. If you disagree with any part of it, please refrain from using the Zasio offerings covered here.

For customers, end users, and service providers, your organization’s agreement with Zasio may supplement or override this notice.

We update this Privacy Notice as our practices evolve. Please check this page regularly. Changes take effect on the date posted at the top of this notice.

For additional information regarding our privacy practices, click on the sections below:

What’s not Covered by this Privacy Notice?

Mobile App. This notice does not describe any personal data collected in conjunction with our mobile app. Please refer to the privacy terms included in the end user agreement when downloading or accessing the app. Your organization’s master agreement with Zasio may also apply.

Customer-Provided Data. If a Zasio customer provides data about you through our services (e.g., by uploading it to our cloud), they control that data. Zasio acts only as a “processor” or “service provider.” For questions or to exercise your rights regarding this data, contact the customer who provided it.

Employment Applicants. If you are a current, former, or prospective employee of Zasio, please refer to our HR Privacy Policy for details on how we handle your personal data.

Contacting Zasio. We welcome your feedback and strive to uphold strong privacy practices. For questions, email us at privacy@zasio.com or refer to the contact details at the end of this notice.

What is Personal Data?

When we say “personal data” in this notice, we mean any information that identifies, relates to, or could reasonably be linked to you. Definitions vary across U.S. and international privacy laws, but in this notice, “personal data” includes all information covered under any applicable legal definition.

What Personal Data We Collect and How We Collect It?

We collect and process personal data to deliver our RIM software and services. Here’s how and what we collect:

Zasio’s Website. When you use our website, we may collect data you enter into web forms—such as your name, work email, job title, phone number, employer, address, industry, and other details you choose to share. We also automatically collect data like your IP address, browser type, location, referral source, and usage patterns, including through cookies and tracking technologies. You can manage cookie settings via our website. For details, see our Zasio’s Cookie Notice.
Third Party Sites. Our website may link to or be accessed through other sites, including social media. We may receive data from these platforms, but we do not control their privacy practices. Please review their privacy policies for more information.
Cloud Services and SaaS subscribers. When you use our cloud services, we collect data such as your login credentials, usage activity, IP address, browser settings, system configuration, and device information—collectively referred to as “log information.” This helps us secure and improve our services.

Customers control the data that they upload to our cloud services. While Zasio has logical access, we do not monitor hosted content, which is stored by our third-party cloud provider. We share log data with our SIEM provider to fulfill our agreement and maintain security.

Customer Service Portal. End users may submit personal data—such as name, login credentials, IP address, and employer—through our portal. This data is used for verification, security, and service delivery. Some services may be unavailable if required data is not provided.
Business relationship data. If you or your company engage with Zasio, we collect business contact details (e.g., name, company, job title, email, phone) during interactions with our teams or when participating in training.

We may share this data with our CRM provider. Training sessions may be recorded and shared with third-party providers for customer access. Financial data provided for purchases is used solely for payment processing.

Other Interactions. We may collect personal data when you engage with Zasio in various ways—such as responding to surveys, registering for webinars or events, requesting information, subscribing to updates, commenting on blog posts, interacting on social media, or communicating with our team.

We may also collect data that is publicly available, provided by third-party businesses, or voluntarily shared through third-party platforms (e.g., webinar tools). During webinars or events, we may process your interactions (e.g., polls, surveys) to help organize and deliver the experience. If an event is recorded, we will notify you. We may also process feedback or other data you provide to improve future events and may share it with event cosponsors when necessary.

We collect, process, and share this data with your consent and for our legitimate interest in delivering and improving our RIM software and services.

On-premises software. For Zasio’s strictly on-premises software customers, any personal data stored in a customer’s database or generated through use of the software is not accessible to or controlled by Zasio. This data is not covered by this privacy notice. Please contact the applicable customer for questions or to exercise your privacy rights.
Non-Personal Data: We may create aggregated, de-identified, or anonymized data by removing personally identifiable information. This data may be shared with third parties for lawful business purposes, including product development and service improvement.

Other Processing and Sharing.

Zasio may process and share personal data in the following circumstances:

Legal Compliance: To comply with laws, court orders, or government regulations.
Business Operations and Legitimate Interests:
- To monitor, improve, personalize, and protect our offerings.
- To prevent, investigate, or report fraud, security incidents, or criminal activity.
- For market research and marketing purposes (you may opt out of marketing communications at any time).

Legal Rights and Safety: To exercise, establish, or defend legal claims, or to protect the safety of individuals or property.
Business Transfers: During the sale or transfer of a business unit or asset, including bankruptcy. Where possible, we will require the receiving party to handle your data in accordance with this notice.
Contests and Giveaways: If you choose to participate, we will use only the contact information you provide and only after you’ve agreed to participate.
With Your Consent: In limited cases, we may disclose your data in other ways if we ask and you agree.

Sale and Sharing of Personal Data.

Zasio does not sell your personal data in exchange for money. However, under laws like the California Consumer Privacy Act (CCPA), “sale” can include sharing data for value beyond monetary exchange.

In the past 12 months, we may have provided your data with our service providers—such as when you visited our website or registered for a webinar—in return for services like usage analytics or event support. These providers are bound by contracts that limit their use of your data to the specific services we’ve requested.

Zasio does not “sell” personal data as defined by the CCPA, nor do we share personal data for cross-context behavioral advertising.

Service Providers:

: Zasio uses third-party service providers to support the delivery of our RIM software and services. These providers are contractually bound to use personal data only to perform services for Zasio or comply with legal obligations. They are prohibited from using or disclosing the data for their own independent purposes.

Cookies:

Some cookies on our website are provided by third parties to help us analyze how users interact with our site. You can manage your cookie preferences using our website’s cookie settings. To opt out of third-party cookies, select only those necessary for “Basic Operations.”

Please note that disabling cookies may affect website functionality. You may also need to reset your preferences if you switch browsers, devices, or provider accounts.

How Long Does Zasio Store Your Personal Data?

We retain your personal data as long as we have a legitimate business need—such as providing requested services or meeting legal, tax, or accounting obligations. Once that need ends, we delete or anonymize the data.

In some cases, we may retain personal data longer if necessary to establish, exercise, or defend legal claims.

Opting Out of Marketing Communications.

Zasio only sends marketing communications that you have consented to receive. You can choose whether to continue to receive any marketing communication from us by using the opt-out methods described in that communication. You may also submit a request to opt-out by emailing it to marketing@zasio.com.

Please note that you may not be able to opt out from receiving service- or transaction-related communications for any of our offerings that you or your company have purchased.

Updating Personal Data.

To access, update, correct, or delete your personal data, contact us at privacy@zasio.com. We respond to requests in accordance with applicable data protection laws. To protect your privacy and ensure security, we may verify your identity before granting access.

Collecting Information From Children.

Zasio provides business-to-business software and services that are not directed at minors, and we do not knowingly collect personal data from anyone under 18. If you believe a child under 18 has provided us with personal data, please contact us at privacy@zasio.com.

Browser Do Not Track Settings.

Some browsers offer a “Do Not Track” (DNT) feature that requests websites to disable tracking. Zasio’s website does not currently respond to DNT signals. If this changes, we will update this privacy notice accordingly.

Security.

Zasio uses administrative, technical, and physical safeguards to protect the personal data we collect. All data under our control is governed by our comprehensive written information security management program. For more details, visit the security page on our website.

Personal Data Storage.

Zasio is based in the United States, and personal data collected through our website, hosted services, and business operations is stored on servers located in the U.S. These servers are governed by our security policies and procedures.

If you are located outside the United States, please note that your personal data will be transferred to U.S. servers. The United States does not currently have uniform data protection laws, and your data may be subject to different legal protections than in your home country.

California Consumer Privacy Act (CCPA) Notice

If you are a California resident and the CCPA applies to our processing of your personal information, you have specific legal rights. “Personal information” in this section is defined by the CCPA, as amended by the California Privacy Rights Act of 2020.

This section does not apply to personal information Zasio processes on behalf of our customers as a “service provider” under the CCPA.

Your rights include:

Right to Know: You may request details about the personal information we’ve collected, used, disclosed, or sold in the past 12 months, including:

Categories of personal information collected.
Sources of the information.
Business or commercial purposes for collection or sale.
Categories of third parties with whom we share the information.
Specific pieces of personal information we’ve collected.

Right to Delete: You may request that we delete your personal information, subject to legal exceptions. If applicable, we will also instruct our service providers to delete it.
Right to Correct: You may request correction of inaccurate personal information we maintain.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Right to Opt-Out of Sale or Sharing: You may request to opt out of the sale or sharing of your personal information. Zasio does not sell personal information as defined under the CCPA.

Broader Opt-Out of Sale Request: Beyond cookie preferences, you can submit a broader opt-out request by clicking this link and completing the form. If Zasio ever begins selling personal information, we will honor any previously submitted opt-out requests in accordance with applicable law. We do not knowingly sell personal information of minors under 16.

Exercising Your CCPA Rights:

To exercise your rights under the CCPA, submit a verifiable consumer request by:

Email: privacy@zasio.com

Mail:

Attn: Legal Department

Zasio Enterprises Inc.

401 W. Front St., Ste. 305

Boise, ID 83702

Your request must include enough detail for us to understand, evaluate, and respond appropriately. Under California law, you may submit up to two requests within a 12-month period. Zasio will not discriminate against you for exercising your rights.

Verifying Your Identity: To process your request, we must verify that you are the individual the request concerns. If we cannot confirm your identity using our records, we will not be able to fulfill your request.

Authorized Agent: You may designate an authorized agent to submit a request on your behalf. Zasio will respond to any verifiable request in accordance with applicable law.

Response Time: We aim to respond within 45 days of receiving a verifiable request. If more time is needed (up to 90 days), we will notify you in writing. If we deny or limit your request, we will explain the reason as permitted by law.

Sensitive Personal Information: Zasio does not use or disclose sensitive personal information (as defined by the CCPA) for purposes that California residents have the right to limit under the law.

Categories of Personal Information: In the past 12 months, Zasio has collected the following categories of personal information as defined in California Civil Code § 1798.140(o)(1). We may share this information with service providers to deliver our offerings:

Category	Examples
A: Identifiers	Name, postal address, unique personal identifier, online identifier, device ID, IP address, account name, email address or other similar identifiers.
B: Personal Information Listed in Cal. Civil Code § 1798.80(e)	A name, signature, address, telephone number, education, employment, billing and transactional details.
C: Protected Classification Characteristics	Age, ethnicity, race, languages spoken, gender, veteran or military status. (Not intentionally collected, but may be revealed through voluntary disclosure or other data.)
D: Commercial Information	Records of products or services purchased, obtained, or considered.
F: Internet or Other Electronic Network Activity Information	Interactions with Zasio’s website or web applications.
G: Geolocation Data	Approximate location derived from IP address.
H: Audio, electronic, visual, thermal, olfactory, or similar information	Recordings of phone or video conferences with Zasio.
I: Professional or Employment Information	Job title, company, industry.

Processing Subject to European Privacy Law.

If European Union, UK, or Swiss privacy law (“European Privacy law”) applies to your personal data, you may have the following rights:

Automated Decision Making: You may object to decisions based on profiling or automated decision-making that produce legal or similarly significant effects. However, we do not process personal data in this way.
Restrictions on Procession. You may request that we restrict or object to the processing of your personal data based on (i) our legitimate interests or (ii) the performance of a task in the public interest.
Withdrawal of Consent. You may withdraw your consent for any processing previously authorized. This does not affect the lawfulness of processing carried out before your withdrawal.

Data Portability: In certain cases, you may request a copy of your personal data in a machine-readable format.

Erasure: You may request that we delete or remove certain personal data, subject to applicable legal exceptions.

Exercising Your Rights Under European Privacy Law. Please email us at privacy@zasio.com. We may request additional information to verify your identity before processing your request. Zasio will respond in accordance with applicable law.

Supervisory Authority. If you are located in the EU, EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority regarding our handling of your personal data.

Cross-Border Transfers. If we transfer your personal data from the EU or UK to the United States and are required to apply additional safeguards under European privacy law, we will do so. This includes using the European Commission or UK ICO Standard Contractual Clauses, as appropriate. You may access a copy of the EU Standard Contractual Clauses here.

Additional Privacy Rights.

Zasio takes a global approach to privacy. In addition to the rights outlined in this notice, you may have other rights under the laws of your state, country, or region. We are committed to honoring all applicable data protection laws and securing any rights available to you.

Updates to Zasio’s Privacy Notice.

We regularly review and update this privacy notice. To stay informed about our privacy practices, we encourage you to check this page periodically.

Contact Zasio.

We welcome your questions, comments, and concerns about this notice and our privacy practices. You can reach us by:

Email: privacy@zasio.com

Phone: 800.513.1000

Mail: Attn: General Counsel