Last update : January 2026
The purpose of this Privacy Policy is to explain to you how Zylio processes your personal data as data controller in connection with the use of the Site and the Services, with whom Zylio shares it and what rights you have.
Zylio reserves the right to unilaterally modify the Privacy Policy at any time. Consequently, you are invited to consult the Privacy Policy regularly in order to be kept informed of the latest changes made to it.
- Definitions
“Customer”: any legal entity that has entered into a contract with Zylio for the provision of the Services and on whose behalf you are acting, where applicable.
“Contract”: the contract concluded between Zylio and the Customer for the provision of the Services.
“Personal Data”: personal data processed in connection with the use of the Site, the Platform and the Services, including cookies where applicable.
“Data Protection Act”: Act no. 78-17 of January 6, 1978 (known as the “Data Protection Act”) as amended.
“Platform”: the Zylio web platform for analyzing and optimizing purchases powered by artificial intelligence, accessible at app.zylio.io.
“Applicable Data Protection Regulations”: the RGPD, the Loi Informatique et Libertés and any other applicable personal data protection regulations.
“RGPD”: Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“Services”: all services provided by Zylio to the Customer, including access to the Platform as well as professional services such as, in particular, integration within the Customer’s information system, training of Users, configuration of the Platform and support by a data analyst.
“Site”: website accessible at www.zylio.io.
“User” or “you”: any individual acting on behalf of a Customer and using the Platform or benefiting from the Services.
“Visitor” or “you”: any person visiting the Site.
“Zylio” : Zylio SAS, a simplified joint stock company with a capital of 10,000 euros, registered with the Nanterre Trade and Companies Register under number 931 791 016, having its registered office at 32 rue de Paris, 92100 Boulogne-Billancourt, France.
- Who is the data controller?
When you use the Site, the Services and as part of the management of its contractual and commercial relationship with the Customer, Zylio processes Personal Data concerning you for which it determines, in its capacity as data controller, the means and objectives of the processing.
As part of the performance of the Services requested by the Customer, Zylio also processes Personal Data concerning you. In this context, Zylio acts on the Customer’s instructions as a processor and the Customer acts as the data controller. To find out more about this processing, please contact the Customer directly.
Zylio undertakes to limit the collection of Personal Data to what is necessary, in compliance with the principle of minimization of Personal Data and to comply with the provisions of the RGPD and the French Data Protection Act (Loi Informatique et Libertés).
Zylio has appointed a Data Protection Officer (DPO) whom you may contact for any questions relating to your Personal Data at the following address: privacy@zylio.fr or Zylio – DPO, 32 rue de Paris, 92100 Boulogne-Billancourt, France.
- How is Personal Data collected?
Personal Data is collected :
- When you browse the Site and interact with it (contact form, newsletter registration, demo request);
- When you register on the Platform at the Customer’s request and when you use it;
- As part of the provision of Services by Zylio to the Customer on whose behalf you are acting.
- What Personal Data is processed by Zylio as data controller? For what purpose, for what reason and for how long?
Zylio processes your Personal Data for the purposes detailed in the tables below. For each purpose, the Personal Data processed, the reason (legal basis) for processing the Personal Data and the retention period are specified.
When you are a Visitor :
| Purposes | Personal Data | Reasons | Retention period |
| To send you information about Zylio’s newsletter and news. | – Your e-mail address | Your consent to receive information about Zylio’s activities. | Until you withdraw your consent. |
| To respond to your contact requests. | – First and last name
– Company name – E-mail address – Message content – File attachment (optional) |
Legitimate interest in responding to contact requests. | 3 years from collection or last contact from you. |
| To organize demonstrations of the Platform at your request. | – Your name
– Company name – E-mail address of Visitor and guests, provided by you – Additional notes (optional) |
Legitimate interest in managing and administering relations with prospects. | 3 years from collection or last contact with you. |
| To produce reports on Platform demonstration meetings and staff training. | – Your name
– First name – Video (image and voice) |
Your consent to the recording of demonstration videos. | Until consent is withdrawn, or 12 months after collection. |
If you are a User or Customer representative:
| Objectives | Personal data | Purpose | Retention periods |
| To manage Zylio’s contractual and commercial relationship with its Customer. | – First and last name
– Position – E-mail address – Telephone number |
Legitimate interest in managing the contractual and commercial relationship with the Customer. | Up to 5 years after the end of the contractual relationship with the Customer. |
| To evaluate, improve and develop the Services. | – Usage data | Legitimate interest in continually improving the Services. | Pseudonymized usage data: 24 months. Aggregated non-identifying data: retention beyond statistical purposes |
| To identify individuals who have used the Services | – Connection data | Legal obligations | 1 year from collection. |
| To ensure the security of the Platform, and to investigate fraud, infringements and abuse. | – Account data (email and password)
– Connection data – Other activity-related Personal Data where applicable |
Zylio’s legitimate interest in defending and preserving its rights and protecting the Platform. | 13 months from collection. |
| To protect the rights and interests of Zylio and third parties in the event of litigation or pre-litigation with the User or Customer. | – All Personal Data collected under the Policy | Legitimate interest in defending and preserving Zylio’s rights. | For as long as necessary to defend and assert our rights and the applicable statute of limitations. |
| To meet legal and regulatory obligations (in particular tax regulations and requests from the authorities). | – All Personal Data necessary to comply with the relevant obligation. | Legal obligations. | Personal Data declared to the tax authorities in accordance with regulations are kept for 10 years in order to meet our legal obligations. For other Personal Data, for the duration required by the applicable legal obligation. |
Zylio does not make any automated decisions or carry out any profiling in connection with the processing of Personal Data.
We also collect browsing data when you visit our Site and Platform. On this occasion, certain information may be collected, in particular by means of cookies (see section below).
- Cookie management
What are cookies?
A cookie is a small file stored by a server on a user’s terminal and associated with a web domain for various purposes, in particular :
- to enable sites to function optimally and securely,
- to analyze site traffic in order to improve performance,
- to personalize users’ experience and memorize their preferences,
They enable us to collect and use information about the users of websites, mobile applications, etc., to improve the user experience.
Cookies are deposited/read when you visit the Site or Platform.
Session cookies are automatically deleted when you close your browser, while persistent cookies remain on your device after you close your browser, allowing the website to remember your settings and preferences on subsequent visits.
Zylio may also use other technologies similar to cookies for analysis purposes or to track your interaction with the Site or Platform or in order to share information collected when you browse the Site or use the Platform.
Web beacons, web beacons and embedded scripts:
A web beacon is an electronic graphic image on a website or in an e-mail that identifies cookies when you browse the website or read the e-mail.
Web beacons make it possible to send readable e-mails to users and find out whether they have opened the e-mail. For example, if you receive an e-mail from Zylio, the e-mail may contain a connection URL that links to our Site. If you click on the link, Zylio will keep a record of your visit in order to learn more about your preferences.
Embedded scripts are programming code on some of our web pages that examine how you use them: for example, the links you select.
Proprietary and third-party cookies
Proprietary cookies are those implemented by Zylio, used to interact with you when you browse the Site or use the Platform.
The Site and Platform also allow third parties to set their own cookies (third-party cookies). These third parties may set their own cookies when you visit the Site or use the Platform and may receive information about your behavior. Zylio cannot be held responsible for the placement or use of these cookies.
You should therefore consult the websites of these third parties to find out more about their use of cookies. For more information on the third-party cookies that are used on the Site or Platform, please consult the table provided at the end of this Cookie Policy in the paragraph “List of cookies used”.
How can I control cookies and similar technologies?
Zylio uses the tarteaucitron solution to facilitate the management of proprietary and third-party cookies. When you first visit the Site, a banner informs you: ” This site uses cookies and gives you control over which ones you wish to activate “. You can then :
- Click on ” Accept all ” to authorize all cookies
- Click on ” Refuse all ” to refuse all optional cookies
- Click on ” Customize ” to choose service by service (Google Tag Manager, Google Analytics, Hotjar)
You can change your preferences at any time by clicking on the Tarteaucitron icon at the bottom right of any page on the Site. The cookie management panel allows you to: ” Allow ” or ” Deny” each type of cookie individually.
If you choose to refuse cookies that require your prior consent, Zylio will not use these cookies. If you decide to withdraw your consent to the use of these cookies, Zylio will no longer use these cookies and will delete the relevant cookies. However, please note that if you refuse and/or remove audience measurement cookies, Zylio will no longer be able to understand how you use the Site or Platform and improve them.
If you have deactivated one or more cookies, we can still use the information collected via the cookies installed before deactivation. However, we will no longer use deactivated cookies to collect other information.
Unless you change your mind, Zylio will retain your choice of cookies for a period of 6 months.
Manage cookie settings in your browser
You can set your browser options to automatically refuse the installation of cookies or delete all cookies installed on your computer or mobile device.
The procedure varies according to the browser you use. Below are links to support pages for the main browsers:
Always bear in mind that disabling and/or deleting technical cookies may lead to malfunctions when browsing the Site or Platform.
Cookie categories
There are different types of cookies, each with a specific function that helps improve your browsing experience, if you use the same device and browser as when you first visited the Site or Platform.
Strictly necessarycookies – activated by default
This type of cookie is required to use the Site or Platform and to provide basic technical functionality. Without these cookies, it would not be possible to use the Site or Platform and your consent is therefore not required for their use. These cookies cannot be deactivated.
They include session cookies, security cookies and cookies used to remember your choice of cookies (Tarteaucitron cookie).
Preference cookies – optional activation
These are used to recognize you when you return to our website. This enables us to personalize the content offered to you, to welcome you in an individualized way and to memorize your preferences. These cookies are deposited only with your prior consent.
Beacon management cookies – optional activation
A beacon management tool simplifies the collection of traffic data on the Site and Platform. These cookies are deposited only after obtaining your prior consent.
Audience measurement cookies – optional activation
This type of cookie collects information about the way you interact with the Site or Platform, allowing Zylio, for example, to have an overview of the pages you visit, the time you spend there and the operating system from which you are connected. These cookies allow Zylio to evaluate, improve and develop the Site or Platform to offer you a better user experience.
For optional cookies, you can choose to disable/activate them at any time via the Tarteaucitron cookie management panel, following the procedure described in the section “How to control cookies and similar technologies”.
Information collected via cookies
The information we collect via cookies is only used in an aggregated and anonymized form.
LIST OF COOKIES USED
The following is a list of cookies used by the Site and Platform with a description of how they work in particular:
| Cookie name | Solution | Purpose | Type | Duration | Optional or mandatory activation |
| _ga | Analyzes site traffic and performance | HTTP | 13 months | Optional | |
| _ga_0ECVNMPZ5E | Audience measurement and statistical tracking of interactions | HTTP | 13 months | Optional | |
| _hjSession_64594 | Hotjar | User behavior analysis (user experience improvement) | HTTP | Session | Optional |
| _hjSessionUser_64594 | Hotjar | Analysis of user behavior over multiple sessions | HTTP | 12 months | Optional |
| pll_language | Meta | Navigation language memory | HTTP | 12 months | Optional |
| tarteaucitron | Lemon tart | Storage of the user’s choice of cookies | HTTP | 6 months | Mandatory |
- Recipients and transfers outside the EU
The Personal Data collected is intended solely for the use of Zylio and will only be accessible to Zylio personnel with a need to know. Nevertheless, Personal Data may also be accessible to third-party service providers acting as subcontractors in charge of the aforementioned purposes and/or in charge of the functional and/or technical management of Zylio’s activities. In this case, Zylio ensures that the recipient companies also protect your Personal Data and that the Personal Data is transmitted with an adequate level of security. Where applicable, clauses complying with Article 28 RGPD frame these relationships.
This Personal Data is transmitted to the following categories of recipients:
- Service providers: for example, payment service provider Stripe (see: [https://stripe.com/fr/privacy]); hosting service providers: Infomaniak for the Site [https://www.infomaniak.com/fr/cgv/politique-de-confidentialite] and AWS for the Platform [https://aws.amazon.com/fr/privacy/?nc1=f_pr]; the service provider in charge of making appointments and the videoconferencing service (a full list of recipients is available on request) ;
- Lawyers to defend our interests;
- Third parties subject to confidentiality obligations for the purposes of reorganizing our activities or internal investigations;
- Judicial and administrative authorities (e.g. police, courts) to protect the rights and interests of Zylio and third parties or to meet our legal and regulatory obligations.
In all cases, only when necessary and justified for a specific purpose.
Your Personal Data may possibly be transferred outside the European Economic Area, to a country that is not considered to provide adequate protection of personal data according to the European Commission. In this case, Zylio provides for the implementation of appropriate sufficient safeguards (standard contractual clauses or Data Privacy Framework, impact assessment on transfers and, if necessary, additional measures). Information on these guarantees and, where applicable, a copy, can be obtained from our DPO. under Article 46 of the RGPD. You can request information on the appropriate safeguards in place by contacting our DPO.
The Site may contain links to third-party websites. When you visit these sites, the processing of your Personal Data may be subject to their own data protection policies, which Zylio recommends that you consult. Zylio is not responsible for the processing of Personal Data by these third parties.
- Security
Zylio implements appropriate security measures (encryption in transit and at rest, access control, logging, regular security tests).
Passwords are stored in hashed form and are never stored in clear text.
- What are your rights and how can you exercise them?
Data subjects may exercise their right of access, rectification, modification, erasure, limitation of processing, data portability, opposition, as well as the right to define general and specific directives on how they wish their rights to be exercised after their death (if applicable).
Data subjects may exercise their rights by contacting Zylio’s DPO.
You also have the right to withdraw your consent at any time where processing is founded on this basis, without this affecting the lawfulness of the processing carried out prior to such withdrawal.
You can unsubscribe from our communications at any time by using the unsubscribe link in each e-mail. Where prospecting is based on our legitimate interests, you may object at any time.
Please note that conditions and limitations, as provided by the GDPR and applicable laws and regulations, may apply to the exercise of the above rights.
We will respond within one month, extendable if necessary due to the complexity or number of requests. In the event of reasonable doubt as to your identity, further information may be requested.
Data subjects may also lodge a complaint with the supervisory authority. For information, the CNIL contact details are as follows:
Commission nationale de l’informatique et des libertés
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
www.cnil.fr