top of page

Privacy Policy

Last updated: 10 June 2026

ZenGem BV ("ZenGem") provides a B2B Marketing and Sales application and website at zengem.ai (the "Service"). This policy explains how ZenGem handles personal data. Questions? Email us at: [email protected].

 

1. Data ZenGem processes

ZenGem does not sell personal data and does not use it for advertising.

Any personal data the User processes through the platform is governed by ZenGem's Data Processing Agreement (provided as part of the User's customer agreement), under which ZenGem acts as the User's processor.

 

2. Connected email accounts (Gmail and Outlook)

If the User connects their Google or Microsoft account to send email through the Service, ZenGem requests only the permissions needed to send on the User's behalf:

  • Google — https://www.googleapis.com/auth/gmail.send (send email on the User's behalf). ZenGem requests no read scopes.

  • Microsoft — Mail.Send (send email on the User's behalf), plus basic profile (the User's name and email address) used only to identify the connected account.
     

What this means (for both):

  • ZenGem uses this access only to send the specific emails the User composes, reviews, and approves inside the Service.

  • ZenGem cannot and does not read, download, search, or store the contents of the User's mailbox or received messages. The send permissions grant no read access.

  • To send on the User's behalf, ZenGem securely stores the access and refresh tokens. They are encrypted at rest and never shared.

  • The User can revoke access at any time
    — Google: myaccount.google.com/permissions; Microsoft: myaccount.microsoft.com (My Sign-Ins)
    — or by disconnecting the account in the Service. This immediately stops ZenGem from sending on the User's behalf.

 

Limited Use. ZenGem's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. Sharing

ZenGem shares personal data only with service providers (sub-processors) that help ZenGem run the Service — such as cloud hosting, infrastructure, and AI processing providers — under agreements that limit them to acting on ZenGem's instructions. Some may process data outside the EEA under appropriate safeguards. A current list of ZenGem's sub-processors is available on request at [email protected]. ZenGem may also disclose data where required by law.

4. Retention

ZenGem keeps personal data only as long as needed to provide the Service. When the User deletes their account or disconnects a connected account, ZenGem deletes the associated data and tokens, except where the law requires ZenGem to keep it longer.

5. Security

ZenGem protects data with encryption in transit and at rest, access controls, and audit logging. OAuth tokens for connected accounts are stored encrypted in a dedicated secrets vault.

6. The User's rights

The User can access, correct, or delete their personal data in their account settings or by emailing [email protected].

7. Changes

ZenGem may update this policy. Material changes will be notified in the Service or by email, and the date above will change.

Connected email
account data

Usage data

See Section 2

Log data, feature usage, device/browser info

Only to send email on the User's behalf

To operate and improve the Service

To create and secure the User's account

The User's name and
email address

Account data

Category
Examples
Why
bottom of page