Privacy Policy

This privacy policy explains how KYZON Solutions collects, uses, shares and protects personal data when you use our website and related services.

It is designed to support GDPR transparency obligations, including Articles 13 and 14.

Topics

Who this policy applies to

This policy applies to both website visitors and signed-in account users.

  • Website visitors: people using public pages such as product, pricing and support content.

  • Account users: people who sign up and use KYZON services, including collaboration features, billing and integrations.

Not every processor applies to every user. Some processors are only used when specific account features are enabled.

What data we collect

Depending on how you use our services, we may collect:

  • Visitor data (such as IP address, browser/device metadata, pages viewed, timestamps and cookie preferences).

  • Account and contact data (such as name, email and account/team identifiers).

  • Service data for account users (such as file metadata, collaboration activity, recording/transcription metadata, and AI-related prompts where features are used).

  • Support and communication data (such as support requests and chat/email correspondence).

  • Billing and transaction metadata where paid features are used.

How we use your data

We process personal data to:

  • Provide and secure our services, including account authentication and fraud prevention.

  • Operate account features including collaboration workflows, integrations, notifications, transcription and AI-assisted functionality.

  • Operate customer support and respond to enquiries.

  • Understand website performance and improve product and content quality.

  • Comply with legal, accounting and security obligations.

Legal bases for processing

Where GDPR applies, we rely on one or more lawful bases under Article 6:

  • Article 6(1)(b): contract performance (for service delivery and account operations).

  • Article 6(1)(c): legal obligations (for mandatory compliance and record keeping).

  • Article 6(1)(f): legitimate interests (for service security, reliability and internal analytics that do not require consent).

  • Article 6(1)(a): consent (for optional analytics/replay cookies and similar technologies).

Cookies and analytics

We use strictly necessary cookies for core website functionality. We also use optional analytics tools, including PostHog, to understand site performance and usage.

Analytics cookies are disabled by default in our consent manager. If you do not consent, analytics tracking is disabled and known analytics cookies are cleared.

You can update your choices at any time through Cookie preferences.

For general information about cookies, visit allaboutcookies.org.

Sharing and processors

We share personal data with trusted processors only where needed to provide our services.

Processor use depends on context. Website-only visitors and signed-in account users may involve different processor flows.

  • Stripe for billing and subscription/payment operations.

  • PostHog for analytics and operational telemetry.

  • Discord webhooks for internal operational notifications.

  • Pingram for transactional notifications and notification preferences.

  • Google GenAI for AI generation tasks used by our services.

  • Google Vertex AI for embedding and retrieval-augmented AI workflows.

  • AssemblyAI for speech-to-text transcription workflows.

  • Tawk.to for live chat support and customer service. When you use our chat support, analytics data may be collected via Google Analytics to help us improve support quality.

We maintain a detailed processor register and review it on a regular schedule as part of our GDPR accountability controls.

You may also choose to connect third-party services to your account using OAuth authentication. When you do so, you authorise us to access data in those services on your behalf. These services are not our subprocessors; your use of them is governed by their respective privacy policies and terms of service. These services include:

  • Google Drive

  • Dropbox

  • OneDrive (Microsoft)

  • Cal.com

We access only the data you authorise and do not retain copies beyond what is necessary for the integration to function.

Data processing agreement

If you require a Data Processing Agreement (DPA) for GDPR compliance purposes, our standard DPA is available here. Enterprise customers may request a customised agreement by contacting privacy@kyzonsolutions.com.

International transfers

Some processors may handle data outside your country. Where GDPR applies and data is transferred outside the EEA/UK, we use appropriate safeguards such as standard contractual clauses or another valid transfer mechanism under Articles 44-49.

Retention and security

We retain personal data only for as long as necessary for the purposes described in this policy, and to meet legal, accounting and security requirements.

We use technical and organisational safeguards designed to protect personal data against unauthorised access, loss, misuse and alteration.

Your data protection rights

Subject to applicable law, you may have rights including access, rectification, erasure, restriction, objection and portability (Articles 15-21 GDPR).

Where processing is based on consent, you can withdraw consent at any time without affecting processing that already occurred before withdrawal.

We aim to respond to privacy requests within one month where GDPR timelines apply.

How to contact us

If you have questions about this policy, or want to exercise your privacy rights, contact us:

Email: privacy@kyzonsolutions.com

Address: Suite 77, 330 Wattle Street, Ultimo NSW 2007, Australia.

How to contact the appropriate authority

Should you wish to report a complaint or if you feel that KYZON Solutions has not addressed your concern in a satisfactory manner, you may contact the Australian Information Commissioner's Office whose website is www.oaic.gov.au.

Changes to this policy

We review this privacy policy regularly and publish updates on this page. Last updated: 25 February 2026.