Privacy Policy

Zeour Ltd ("Zeour", "we", "us", "our") is an enterprise engineering company registered in England and Wales under company number 14173485, with its registered office at 20 Wenlock Road, London N1 7TA, United Kingdom.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Zeour Ltd is the data controller responsible for the personal data collected through this website, www.zeour.co.uk. We are registered with the UK Information Commissioner's Office (ICO) under registration number ZC153409.

We also handle personal data in a manner consistent with the EU GDPR for visitors in the European Union, and with applicable Personal Data Protection Law (PDPL) requirements for visitors in the GCC region.

If you have any question about this policy or about how we handle your personal data, you can contact us at privacy@zeour.co.uk.

This Privacy Policy explains how we collect, use, share, and protect personal data when you:

• Visit and browse www.zeour.co.uk

• Submit one of our enquiry forms — the contact form, a careers application, or a free-access / demo-access request

• Interact with Rayan, our website AI assistant

This policy does not cover the processing of data inside the software products Zeour designs and deploys for its customers (such as GLARUS, GRAVIA, MediCare, and Smart Parking). Where Zeour processes data on behalf of a customer within a deployed product, that processing is governed by the separate contract and data processing agreement between Zeour and that customer.

Our website may link to third-party websites. We are not responsible for the privacy practices of those websites, and we encourage you to read their own privacy policies.

We practise data minimisation — we collect only what we need for the purpose described, and no more. We do not require you to create a public account, and we do not take payments on this website, so we never collect payment card details.

Information you give us directly. When you choose to contact us, we collect the information you submit in the relevant form:

• Contact form: your name, email address, company name, and the content of your message — plus a phone number if you choose to provide one.

• Careers application: your name, contact details, the role you are interested in, and any employment, education, or eligibility information and attachments (such as a CV) you choose to send.

• Free-access / demo-access request: your name, work email, company, and context about your organisation, such as country, languages, deployment scale, and intended use case.

• Rayan chat lead capture: if you ask Rayan to arrange a follow-up, the name, work email, and company you provide, together with a transcript of that conversation.

Information we collect automatically. If — and only if — you give consent to analytics cookies, we collect limited technical information so we can understand how the website is used:

• A truncated version of your IP address — the last octet of an IPv4 address, or the equivalent portion of an IPv6 address, is removed before storage. We do not store your full IP address.

• An approximate country, derived from that truncated address using a geo-IP database held locally on our own server. Your IP address is not sent to any third party for this purpose.

• Your browser type, operating system, and device category, derived from your browser's user-agent string.

• The website that referred you, the pages you view, and the dates and times of those visits.

• A randomly generated visitor and session identifier (see "Cookies & Local Storage" below).

Chat content. When you send a message to Rayan, the text of that message and a session identifier are processed so the assistant can respond — see "The Rayan AI Assistant" below.

Sensitive data. We do not ask for, and you should not send us, special-category personal data (such as health, religious, or biometric data) or government identity numbers through this website or the chat. Rayan is instructed never to request payment details, passwords, or identity numbers.

We use a small number of cookies and browser-storage entries. We do not use advertising cookies, and we do not track you across other websites.

Strictly necessary (always active, no consent required):

• A consent record stored in your browser's local storage, which remembers your cookie choices so we do not ask you again.

• Short-lived browser-storage entries used by the Rayan chat widget to keep your place in a conversation and to remember notices you have dismissed.

• A signed session cookie used only by authorised Zeour staff when they log in to the administrative area — this is not set for ordinary website visitors.

Analytics (set only with your consent):

• A visitor identifier cookie ("zeour_visitor"), valid for up to one year, used to recognise a returning visit so our in-house analytics are not inflated by repeat counting. It is set only after you accept analytics cookies.

• The analytics measurement described in "What Data We Collect" above runs only while analytics consent is active.

Managing your choices. When you first visit, a cookie banner lets you accept all cookies, reject all non-essential cookies, or set your preferences per category. You can change or withdraw your choice at any time using the "Cookie preferences" link in the website footer, which reopens this banner. Rejecting analytics cookies does not affect your ability to use the website.

Our analytics are operated in-house, on infrastructure we control. We do not use Google Analytics or any other third-party visitor-tracking service on this website.

Under the UK GDPR we must have a lawful basis for each use of your personal data. The list below sets out what we do and why.

• Responding to your enquiry, careers application, or demo request, and corresponding with you about it. Lawful basis: our legitimate interest in responding to people who contact us and, where you are asking about our services, taking steps at your request before entering into a contract.

• Operating the Rayan AI assistant so it can answer your questions. Lawful basis: your consent, given when you choose to send a message to the assistant, and our legitimate interest in providing helpful information about our services.

• Measuring how the website is used so we can improve it. Lawful basis: your consent, given through the cookie banner.

• Keeping our website and systems secure, preventing spam and abuse, and maintaining an audit log of administrative actions. Lawful basis: our legitimate interest in protecting our website, our visitors, and our business.

• Sending you information about our products or services where you have asked us to, or where you are an existing business contact and the message is relevant to you. Lawful basis: your consent, or our legitimate interest in business-to-business communication. You can opt out at any time.

• Complying with our legal obligations, and establishing, exercising, or defending legal claims. Lawful basis: compliance with a legal obligation, and our legitimate interest in protecting our legal position.

We do not use your personal data to make decisions about you by solely automated means that produce legal or similarly significant effects. Rayan provides information and routes enquiries to our team; it does not make such decisions.

We do not sell your personal data, and we never will.

Our website provides an AI assistant called Rayan that answers questions about Zeour and can connect you with our team.

Rayan is powered by a large language model provided by OpenAI. When you send a message, the text of that message and relevant context are transmitted to OpenAI's API so a response can be generated. OpenAI processes this data as our service provider. Under OpenAI's API terms, data submitted through the API is not used to train its models.

Conversation transcripts may be stored on our own servers for a limited period for quality, security, abuse-prevention, and audit purposes.

How Rayan handles your information:

• If you share your name, work email, or company with Rayan, those details are stored in your own browser's local storage so the assistant can greet you on a return visit. They stay on your device unless you ask us to follow up.

• When you ask Rayan to arrange a follow-up, the details you provided and a transcript of the conversation are sent to our sales inbox so a member of our team can reply — the same path as our standard contact form.

• You can clear any information Rayan has stored on your device at any time using the "Forget me" option in the chat menu.

• Rayan will never ask you for payment information, passwords, identity numbers, or other sensitive data. Please do not share such information with the assistant. If you do, it may appear in the stored conversation transcript — contact us at privacy@zeour.co.uk and we will delete it.

You can choose not to use Rayan at all — simply do not open or reply to the chat. Because OpenAI processes chat data outside the United Kingdom, please also read "International Data Transfers" below.

We do not sell or rent your personal data. We share it only with the service providers that help us operate this website, and only as far as each provider needs it to perform its function. Each is bound by a contract that requires it to protect your data and to use it only on our instructions.

Our service providers:

• OpenAI — processes Rayan chat messages to generate responses (see "The Rayan AI Assistant" above).

• A cloud hosting provider (Amazon Web Services) — hosts this website and its supporting database.

• An email delivery provider — delivers the notification and acknowledgement emails generated by our enquiry forms.

• Google reCAPTCHA — where enabled, helps protect our forms from automated spam and abuse by assessing form submissions. Where this is active it involves Google as a processor; see Google's privacy policy for details.

We may also disclose personal data:

• Where we are required to do so by law, by a court, or by a regulator.

• Where necessary to establish, exercise, or defend legal claims, or to protect the rights, property, or safety of Zeour, our visitors, or others.

• In connection with a merger, acquisition, or sale of business assets — in which case we will require the recipient to honour this Privacy Policy.

Some of our service providers are based outside the United Kingdom and the European Economic Area — in particular OpenAI, which processes Rayan chat data in the United States.

Whenever personal data is transferred outside the UK or the EEA, we make sure an appropriate safeguard recognised under the UK GDPR is in place — such as an adequacy decision, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses together with the UK Addendum — so that your data continues to receive an essentially equivalent level of protection.

If you would like more information about the safeguards we rely on, contact us at privacy@zeour.co.uk.

We keep personal data only for as long as we need it for the purpose we collected it for, and then delete it or irreversibly anonymise it.

• Website analytics data is retained for a limited period — by default around six months — after which visitor sessions and page-view records are automatically deleted.

• Enquiry, demo-request, and chat-lead records are kept for as long as needed to handle your request and to manage our business relationship with you, and are then deleted or anonymised when they are no longer needed.

• Careers applications are kept for the duration of the relevant recruitment process. We delete them afterwards, unless we have asked for — and you have given — your consent for us to keep your details on file for future opportunities.

• Administrative audit-log records are kept as a security and accountability measure for a limited period.

When we decide how long to keep data, we consider the amount and sensitivity of the data, the purpose for which we hold it, whether we can achieve that purpose by other means, and any legal, accounting, or reporting requirement.

We take the security of your personal data seriously and apply technical and organisational measures appropriate to the risk, including:

• Encryption of data in transit using HTTPS / TLS across the website.

• Storing account passwords only in hashed form — never in plain text.

• Role-based access controls, so staff can reach only the data they need, together with an append-only audit log of administrative actions.

• Data minimisation by design — for example, truncating IP addresses before storage and resolving geo-location locally rather than sending data to a third party.

• Operating our website analytics in-house, on infrastructure we control, rather than relying on third-party tracking services.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours where required, and will inform you without undue delay where the breach is likely to result in a high risk to you.

Under the UK GDPR and the Data Protection Act 2018 — and, where applicable, the EU GDPR and PDPL — you have the following rights in relation to your personal data:

• Right of access — to be told whether we hold personal data about you and to receive a copy of it.

• Right to rectification — to have inaccurate or incomplete data corrected.

• Right to erasure — to ask us to delete your personal data where there is no good reason for us to continue holding it.

• Right to restrict processing — to ask us to pause our use of your data in certain circumstances.

• Right to data portability — to receive certain data in a structured, commonly used, machine-readable format.

• Right to object — to object to processing based on our legitimate interests, and to object at any time to the use of your data for direct marketing.

• Right to withdraw consent — where we rely on your consent, you may withdraw it at any time; this does not affect processing carried out before the withdrawal.

To exercise any of these rights, email us at privacy@zeour.co.uk. We will respond within one month; if your request is complex we may extend this by a further two months and will tell you if we do. Exercising your rights is free of charge in normal circumstances. We may need to verify your identity before acting on a request.

This is a business-to-business website intended for professional and enterprise audiences. It is not directed at children.

We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data, please contact us at privacy@zeour.co.uk and we will take steps to delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or the law.

When we make changes, we will post the updated policy on this page and revise the "Last Updated" date shown at the top. Where the changes are significant, we will take reasonable steps to bring them to your attention. We encourage you to review this page periodically.

If you have any question about this Privacy Policy, or wish to exercise any of your rights, please contact us:

Zeour Ltd

Registered office: 20 Wenlock Road, London N1 7TA, United Kingdom

Email: privacy@zeour.co.uk

Website: www.zeour.co.uk

You also have the right to lodge a complaint with a data protection authority. In the United Kingdom this is the Information Commissioner's Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom — helpline 0303 123 1113, website ico.org.uk.

If you are in the European Union, you may contact the supervisory authority in your country. We would, however, appreciate the chance to address your concerns before you approach a regulator, so please consider contacting us first.