Privacy policy

This Privacy Policy is effective as of 20 May 2026 and was last updated on 20 May 2026. We will update the effective date above whenever we revise this policy. A summary of material changes appears in the “Changes to this policy” section below.

Prior versions of this policy are available on request by writing to privacy@zinch.ai.

“Zinch,” “we,” “us,” and “our” refer to Tek Ninjas Solutions LLC, a limited liability company organized under the laws of Texas, doing business as “Zinch.” Our principal place of business is 400 Stonebrook Pkwy, Ste 1103, Frisco, TX 75036.

Zinch is a business-to-business consulting and engineering firm that designs, builds, and deploys production AI agents on the Gemini Enterprise Agent Platform for enterprise customers. We do not offer consumer products, we do not sell or rent personal information, and we do not run advertising on this website.

For privacy questions, requests to exercise data-subject rights, or formal correspondence under applicable privacy laws, contact us at privacy@zinch.ai or by post at the address above.

EU/UK representative. Zinch has not appointed an Article 27 representative under the European Union General Data Protection Regulation or the UK General Data Protection Regulation. Our processing of personal data of individuals located in the EU, the EEA, and the UK is not on a scale or of a nature that triggers the appointment requirement. Individuals in those jurisdictions may contact us directly using the methods listed below.

This policy describes how Zinch collects, uses, discloses, and protects personal information in connection with:

• the public marketing website at zinch.ai and any subdomain we operate (collectively, the “Site”);
• forms and interactions made available on the Site, including contact, discovery-call, newsletter, assessment intake, and event registration forms;
• business communications between Zinch and prospective customers, partners, vendors, candidates, and other commercial counterparties.

Engagement data is governed separately. When Zinch performs paid consulting or engineering work for a customer under a Master Services Agreement, Statement of Work, or comparable contract, the customer is the data controller for personal data we process on the customer’s behalf. Our processing of that data is governed by the executed agreement and any accompanying Data Processing Agreement. This Privacy Policy does not modify those contracts.

This policy does not cover the privacy practices of Google Cloud, third-party model providers, or other vendors that customers independently engage. Each provider operates under its own privacy terms.

We collect personal information from three sources: information you provide directly, information we collect automatically when you use the Site, and information we receive from third parties.

Information you provide

You may choose to provide information when you fill out a form, subscribe to our newsletter, register for an event, request an assessment, or otherwise contact us. The categories include:

• Identity and contact information: name, work email address, telephone number, company or organization, job title, and country.
• Inquiry content: the free-text message you submit, including any information you choose to include about your company, project, technical environment, or timeline.
• Assessment intake information: responses to the structured questions we ask when you complete the on-Site assessment, including organizational details and technical indicators.
• Communications history: copies of emails, meeting invitations, and notes from calls or meetings you participate in with us.
• Professional credentials: information you may share during commercial diligence, such as references, prior engagement examples, or organizational charts.

Information collected automatically

When you visit the Site, we and our service providers may automatically collect:

• Device and connection data: Internet Protocol address, browser type and version, operating system, device type, screen resolution, language preference, and time-zone setting.
• Usage data: pages viewed, links clicked, referring URL, time spent on pages, scroll depth, and aggregate engagement patterns.
• Log data: routine server logs that record the request method, response code, request timestamp, and similar technical metadata.
• Cookies and similar technologies: described in detail in our Cookie Policy. We use only first-party and Google Analytics 4 analytics cookies on the Site today, governed by Google Consent Mode v2 defaults that deny analytics storage until you grant consent. We do not run advertising cookies.

Information from third parties

We may receive limited information about you from:

• Business partners and referrers: Google Cloud personnel, channel partners, system integrators, and prior customers who introduce you to us in the ordinary course of business development.
• Publicly available sources: professional networking sites (such as LinkedIn), corporate websites, press coverage, and similar sources we may review during commercial diligence.
• Service providers: analytics, email infrastructure, and customer-relationship-management vendors that process information on our behalf as described in the “Sharing and disclosure” section.

Sensitive personal information. We do not request or knowingly collect sensitive personal information (such as government identifiers, financial account numbers, health data, precise geolocation, or biometric information) through the Site. If you submit such information unsolicited, we will delete it on identification.

We use personal information for the following purposes:

• Respond to inquiries: review, route, and respond to submissions received through the contact form, assessment intake, or other Site forms.
• Deliver commercial communications: send transactional confirmations, schedule discovery calls, and follow up on prior conversations.
• Send newsletters and product updates where you have consented to receive them, including a clear unsubscribe mechanism in every message.
• Operate, maintain, and improve the Site: measure aggregate engagement, diagnose performance issues, and inform content decisions.
• Provide and improve our services: prepare proposals, conduct commercial diligence, and tailor engagement scoping conversations.
• Security, fraud prevention, and abuse detection: detect, investigate, and prevent unauthorized access, malicious activity, and breaches of our Terms of Service.
• Legal and regulatory compliance: comply with applicable laws, respond to lawful requests from public authorities, enforce agreements, and protect our rights and the rights of others.
• Corporate transactions: evaluate, negotiate, and complete corporate transactions such as financings, mergers, acquisitions, and divestitures, subject to confidentiality protections.

We will not use personal information for materially different, unrelated, or incompatible purposes without providing notice or, where required, obtaining consent.

For visitors in the European Economic Area, the United Kingdom, and Switzerland, we rely on the following legal bases under Article 6 of the GDPR and the UK-GDPR:

• Performance of a contract (Article 6(1)(b)): to respond to your inquiry, prepare a proposal, and engage in pre-contractual steps you initiate.
• Legitimate interests (Article 6(1)(f)): to operate our business, maintain and secure the Site, perform commercial development, conduct internal analytics on aggregated data, and protect against fraud and abuse. We have assessed these interests against the rights and freedoms of data subjects and concluded the processing is proportionate. You have the right to object to processing based on legitimate interests as described in “Your rights.”
• Consent (Article 6(1)(a)): for non-essential cookies, for marketing email subscriptions, and for any other purpose where consent is the appropriate basis. You may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.
• Compliance with a legal obligation (Article 6(1)(c)): to meet record-keeping, tax, accounting, and other statutory obligations.
• Vital interests and public task (Articles 6(1)(d) and 6(1)(e)): only in exceptional circumstances where required.

We do not process special-category data (Article 9 GDPR) through the Site.

We do not sell personal information and we do not share personal information for cross-context behavioral advertising. We disclose personal information only in the categories below.

Service providers and processors

We engage vendors to perform functions on our behalf under written contracts that require them to safeguard the information and use it only to provide the contracted service. Current categories include:

• Cloud infrastructure: Google Cloud (hosting, storage, identity, and supporting services) and AWS Amplify (Site hosting).
• Analytics: Google Analytics 4, configured with Google Consent Mode v2 defaults that deny analytics storage until you grant consent.
• Email and collaboration: Google Workspace, transactional email infrastructure, and meeting-conferencing providers used for ordinary business communications.
• Customer relationship management: tools used to track commercial pipeline, opportunities, and correspondence.
• Professional advisors: lawyers, auditors, accountants, insurers, and other advisors bound by confidentiality obligations.

A current list of material subprocessors is available on request at privacy@zinch.ai.

Legal, regulatory, and safety disclosures

We may disclose personal information when we reasonably believe disclosure is necessary to:

• comply with applicable law, regulation, legal process, or governmental request, including subpoenas, court orders, and national-security requests;
• enforce our Terms of Service, our other agreements, or our policies;
• detect, prevent, or otherwise address fraud, security, or technical issues;
• protect the rights, property, life, health, security, and safety of Zinch, our users, customers, employees, or the public.

Corporate transactions

If Zinch (or any of its assets) is involved in a merger, acquisition, reorganization, financing, sale of assets, bankruptcy, or similar corporate transaction, personal information may be transferred to or shared with the counterparty, subject to standard confidentiality protections. We will notify affected individuals as required by law.

With your direction or consent

We may share personal information with other parties at your direction or with your consent, such as when you ask us to introduce you to a Zinch partner or vendor.

Zinch is headquartered in the United States and operates engineering and support teams in multiple countries, including the United States, the United Kingdom, Canada, and India (see the office list on our About page). The service providers we use may also process personal information in the United States and other countries.

When we transfer personal information out of the European Economic Area, the United Kingdom, or Switzerland, we rely on a valid transfer mechanism under applicable law, including, where appropriate:

• European Commission adequacy decisions where the destination country is recognized as providing an adequate level of protection;
• the Standard Contractual Clauses adopted by the European Commission (Commission Implementing Decision (EU) 2021/914) for transfers to recipients in third countries;
• the UK International Data Transfer Addendum to the Standard Contractual Clauses, or the UK International Data Transfer Agreement, for transfers from the United Kingdom;
• the Swiss Federal Data Protection and Information Commissioner’s recognition of the Standard Contractual Clauses for transfers from Switzerland.

Where required, we conduct transfer-impact assessments and apply supplementary technical, organizational, and contractual measures recommended by the European Data Protection Board. You may request a summary of the safeguards by writing to privacy@zinch.ai.

We retain personal information for as long as needed to fulfill the purposes described in this policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. The retention period depends on the category of information and the purpose for which it was collected. Indicative retention windows include:

• Contact form and inquiry submissions: up to 24 months from the last meaningful interaction, unless a commercial engagement begins, in which case the data is retained for the duration of the engagement plus the period required for tax, audit, and statute-of-limitations purposes (typically up to 7 years).
• Newsletter subscribers: for as long as you remain subscribed, and a limited record of unsubscribe events to honor your choice.
• Assessment intake submissions: up to 24 months, after which records are deleted or aggregated unless tied to an active engagement.
• Analytics data: subject to the Google Analytics default retention window (currently 14 months) for user-and-event data, and longer periods for aggregated reports that do not identify individuals.
• Server logs: routinely rotated within 90 days, longer where needed for security investigations.
• Records required by law: for the duration mandated by the applicable law (for example, tax records).

When personal information is no longer needed, we delete it, anonymize it, or otherwise make it inaccessible in a commercially reasonable time.

Depending on your location and the applicable law, you may have the following rights with respect to your personal information. Zinch honors verified requests regardless of jurisdiction where it is practical to do so.

Rights under the GDPR and UK-GDPR

• Access: confirm whether we process your personal information and obtain a copy.
• Rectification: correct inaccurate or incomplete personal information.
• Erasure (“right to be forgotten”): request deletion, subject to applicable legal exceptions.
• Restriction of processing: ask us to pause certain processing activities in defined circumstances.
• Data portability: receive your personal information in a structured, commonly used, and machine-readable format and transmit it to another controller.
• Objection: object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: where processing is based on consent, withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.
• No automated decision-making: not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (we do not engage in such processing through the Site).
• Lodge a complaint: file a complaint with the supervisory authority in your country of residence, place of work, or place of the alleged infringement.

Rights under California law (CCPA / CPRA)

• Right to know: the categories and specific pieces of personal information we collect, the sources, the business or commercial purposes, and the categories of third parties to whom we disclose the information.
• Right to delete: request deletion of personal information we have collected from you, subject to applicable exceptions.
• Right to correct: request that we correct inaccurate personal information we maintain about you.
• Right to opt out of sale or sharing: we do not sell personal information and we do not share personal information for cross-context behavioral advertising. Submitting this request therefore results in no operational change, but we honor the request and record it.
• Right to limit use of sensitive personal information: we do not collect sensitive personal information through the Site in a manner that triggers this right.
• Right to non-discrimination: we will not deny services, charge a different price, or provide a different level of quality because you exercised a privacy right.

Rights under other US state laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with similar privacy laws may have rights similar to those above. We honor verified requests from residents of those states in accordance with the applicable law.

How to exercise your rights

To exercise any of these rights, email privacy@zinch.ai with the subject line “Privacy Request” and tell us which right you wish to exercise. We will respond within the timeframe required by the applicable law (typically 30 to 45 days, extendable in defined circumstances).

Identity verification. To protect you, we will require enough information to reasonably verify your identity before fulfilling a request. We may ask you to confirm details we already hold or to provide additional information appropriate to the sensitivity of the request.

Authorized agents. Where the applicable law permits, you may designate an authorized agent to submit a request on your behalf. We will require proof of the agent’s authority and may contact you directly to verify the request.

Appeals. Where the applicable law provides an appeal right (for example, the VCDPA, CPA, and CTDPA), you may appeal a decision we make in response to your request by replying to our response email within 30 days. We will reconsider the decision and respond in writing.

Zinch does not use the personal information collected through the Site to make decisions about you based solely on automated processing, including profiling, that produce legal effects or similarly significant effects on you.

We may use ordinary, non-decisional automation to operate the Site, such as analytics aggregations and content personalization choices that do not produce legal or similarly significant effects.

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, and destruction. Our program includes:

• Encryption: TLS in transit for the Site and our APIs; encryption at rest for stored personal information held by our infrastructure providers.
• Access controls: role-based access, least-privilege provisioning, multi-factor authentication for staff with access to personal information, and periodic access reviews.
• Network and endpoint controls: managed devices, endpoint protection, and segmentation between development and production environments.
• Vendor management: contractual privacy and security commitments from service providers and ongoing review.
• Personnel: confidentiality agreements with staff, background checks where lawful, and privacy and security training.
• Incident response: a documented process to detect, contain, investigate, and remediate security incidents, including notice to affected parties as required by law.

Honest disclaimer. No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect personal information, we cannot guarantee absolute security. If you have a concern about a possible vulnerability or breach, contact privacy@zinch.ai immediately.

The Site is directed to business audiences and is not intended for use by children. We do not knowingly collect personal information from individuals under the age of 18 (or the applicable minimum age under local law). If we learn we have collected personal information from a child in violation of applicable law, we will delete it promptly.

If you believe a child has provided us with personal information, please contact us at privacy@zinch.ai.

The Site may include links to third-party websites, services, or resources that are not operated by Zinch. We do not control these third parties, and they are governed by their own privacy policies. We are not responsible for the content, privacy practices, or security of any third-party site or service.

Embedded content (for example, video players, social-media widgets, or analytics components served by third parties) may collect information about your interaction with that content. Where such embeds are present, we describe them in the Cookie Policy.

We use a limited set of first-party and analytics cookies on the Site. We do not run advertising cookies. Analytics storage is denied by default under Google Consent Mode v2 and is set to granted only if you opt in through the consent banner or the Cookie preferences modal accessible from the Site footer.

For a full inventory of cookies, retention periods, and instructions on how to manage your preferences, see our Cookie Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. When we make material changes, we will update the “Effective date” at the top of the policy and, where appropriate, provide a more prominent notice (for example, a banner on the Site or an email to known contacts).

We encourage you to review this policy periodically. Your continued use of the Site after a revised policy takes effect indicates your acknowledgment of the change, subject to any consent requirements under applicable law.

For questions about this Privacy Policy or our privacy practices, or to exercise a privacy right, contact us at:

• Email: privacy@zinch.ai
• Post: Tek Ninjas Solutions LLC d/b/a Zinch, 400 Stonebrook Pkwy, Ste 1103, Frisco, TX 75036, Attn: Privacy Office

For general inquiries, you can also reach us at hello@zinch.ai.

This section supplements the rest of this policy and applies to California residents. Terms used in this section have the meanings given in the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”).

Categories of personal information collected

In the preceding 12 months, Zinch has collected the following categories of personal information about California residents:

• Identifiers: name, alias, email address, telephone number, IP address, and similar identifiers.
• California Customer Records categories (Cal. Civ. Code § 1798.80(e)): contact information and employer.
• Commercial information: records of products or services considered or inquired about.
• Internet or other electronic network activity information: browsing history on the Site, referring URL, and information about interactions with the Site.
• Geolocation data: approximate location inferred from IP address. We do not collect precise geolocation.
• Professional or employment-related information: job title, company, and information about your role.
• Inferences: limited inferences drawn from the categories above (for example, business interest in a particular engagement type).

Sources, purposes, and retention

The sources from which we collect each category are described in “Information we collect.” The business and commercial purposes for which we collect and use each category are described in “How we use information.” The retention windows are described in “Data retention.”

Categories disclosed for a business purpose

We have disclosed the categories of personal information listed above to the categories of service providers described in “Sharing and disclosure.” We have not sold or shared personal information for cross-context behavioral advertising in the preceding 12 months and we have no plans to do so.

Sensitive personal information

We do not collect or process sensitive personal information for purposes that would trigger the right to limit use of sensitive personal information under the CCPA.

Financial incentives

We do not offer any financial incentive program that would constitute a financial incentive under the CCPA.

“Shine the Light”

California residents may request information regarding our disclosure of personal information to third parties for those third parties’ direct marketing purposes during the prior calendar year. We do not disclose personal information to third parties for their direct marketing purposes.

How to exercise rights

Submit a request as described in “Your privacy rights.” We will verify and respond consistent with the timelines required by the CCPA.

This section supplements the rest of this policy and applies to individuals in the European Economic Area, the United Kingdom, and Switzerland.

• Controller: Tek Ninjas Solutions LLC d/b/a Zinch, 400 Stonebrook Pkwy, Ste 1103, Frisco, TX 75036.
• EU/UK representative: not appointed. Our processing does not currently meet the Article 27 GDPR or UK GDPR threshold that requires appointment.
• Data Protection Officer: a DPO has not been appointed because the conditions under Article 37 GDPR are not currently met. Privacy questions are handled by our Privacy Office at privacy@zinch.ai.
• Lawful bases: described in “Legal bases for processing.”
• International transfers: described in “International data transfers.”
• Supervisory authority: you may lodge a complaint with the supervisory authority in your country of residence, place of work, or place of the alleged infringement. For the UK, the relevant authority is the Information Commissioner’s Office (ico.org.uk). For Switzerland, it is the Federal Data Protection and Information Commissioner (edoeb.admin.ch). A current list of EU member-state supervisory authorities is available at edpb.europa.eu.

Zinch processes personal information in accordance with the laws of the jurisdictions where we operate. The notes below are high-level. Where local law affords additional rights, we honor those rights on verified request.

• Brazil (LGPD): individuals in Brazil have rights comparable to those under the GDPR, including access, rectification, anonymization, portability, deletion, and information about sharing. Requests may be sent to privacy@zinch.ai.
• Canada (PIPEDA and provincial laws): we comply with the Personal Information Protection and Electronic Documents Act and applicable provincial privacy laws (including Quebec’s Law 25). Canadian residents may exercise rights as described above.
• Australia (Privacy Act 1988): we handle personal information consistent with the Australian Privacy Principles to the extent the Privacy Act applies.
• India (DPDP Act 2023): where the Digital Personal Data Protection Act, 2023 applies, we honor data principal rights consistent with the Act. Requests may be sent to privacy@zinch.ai.

If your jurisdiction is not listed and you have a privacy question, contact us at privacy@zinch.ai.