Privacy Policy Draft

# Zadeo AI / MIM Depot Privacy Policy Draft v0.1

Status: `ATTORNEY_REVIEW_REQUIRED`
Use: Public-site draft for `zadeo.ai` / MIM Depot
Last updated: `2026-05-23`

## Important Notice

This is a draft privacy policy for review. It is not legal advice and should not be published for real customers until reviewed and approved by qualified counsel.

## Who We Are

Zadeo AI operates Manuscript Invention Miner and Invention Depot, tools that help organize source-backed invention research packets, candidate briefs, proof chamber materials, customer access receipts, and related delivery records.

Contact: `[email protected]`

## Information We Collect

We may collect:

- Account information, such as name, email address, login provider identifier, and account status.
- Payment transaction references, such as transaction ID, amount, product ID, invoice number, masked card information, and payment status.
- Packet access information, such as delivery ID, packet access ID, publication ID, entitlement status, and download access receipt.
- Customer support information, such as support messages, refund requests, issue history, and resolution notes.
- CRM information, such as contact, ticket, and deal records used to manage customer support and fulfillment.
- Technical information, such as local server request logs, timestamps, receipt IDs, and operational diagnostics.

We do not intentionally collect full payment card numbers, CVV codes, or raw payment card data inside MIM. Hosted card entry is handled by Authorize.net Accept Hosted.

## How We Use Information

We use information to:

- Create and manage customer accounts.
- Verify payment and entitlement status.
- Deliver purchased or authorized Depot packets.
- Send fulfillment emails and support notices.
- Create customer support and CRM records.
- Maintain audit receipts for access, delivery, payment, legal workflow, and support activity.
- Improve product reliability, security, and customer operations.

## Payment Data Boundary

MIM is designed to use Authorize.net Accept Hosted so payment card entry occurs through Authorize.net hosted payment pages. MIM stores payment receipts and transaction references, not full card data.

## Sharing Information

We may share information with service providers that help operate MIM Depot, including:

- Auth0 for identity and login.
- Authorize.net for hosted payment processing.
- Postmark for email delivery.
- Docusign for terms, packet, option, or license signing workflows.
- HubSpot for CRM and customer support tracking.

We do not sell MIM Depot customer packet access records as a standalone data product.

## Customer Rights and Requests

Depending on your location, you may have privacy rights to access, correct, delete, or limit certain uses of your personal information. California residents may have additional rights under California privacy law if the business meets applicable legal thresholds.

Send requests to: `[email protected]`

We may need to verify your identity before completing a request.

## Data Retention

We retain account, payment-reference, packet-access, fulfillment, legal workflow, and support records as needed to operate the service, prevent fraud, maintain audit history, resolve disputes, and meet legal or accounting obligations.

## Security

We use provider-based authentication, hosted payment pages, access receipts, and operational logs to reduce sensitive data exposure. No system can guarantee perfect security.

## Children's Privacy

MIM Depot is not intended for children under 13. We do not knowingly collect personal information from children under 13.

## Changes

We may update this policy. The updated version should show a new effective date.

## Review Sources

- FTC privacy and security business guidance: https://www.ftc.gov/business-guidance/privacy-security
- FTC consumer privacy guidance: https://www.ftc.gov/business-guidance/privacy-security/consumer-privacy
- California CCPA overview: https://oag.ca.gov/privacy/ccpa
- Authorize.net Accept Hosted documentation: https://developer.authorize.net/api/reference/features/accept_hosted.html

## Truth Boundary

Draft privacy policy only. This document does not prove legal compliance, CCPA applicability, PCI compliance, security certification, or attorney approval.