Privacy Policy
Last updated: June 23, 2026
1. Information we collect
Depending on how you use the Service, CopilotZone may collect:
- Account and contact information — such as name, work email, company name, job title, phone number, and login credentials when you create an account, request a demo, or contact us about building a training platform.
- Training and learning data — such as assigned courses, module completion, slide progress, quiz responses, quiz scores, checkpoints passed, certificates issued, session timestamps, and activity needed to deliver and track employee training on the customer's branded portal.
- Organization and team data — such as employee lists uploaded by administrators, team names, course assignments, due dates, and administrative actions taken within the training portal.
- Customer platform configuration data — branding assets (logos, color preferences, custom domain configuration), email template customizations, and other settings you provide so we can build and operate your branded training platform.
- Custom training content data — documents, policies, procedures, scripts, checklists, or other source material you submit for conversion into custom training courses. See Section 3 for important restrictions on sensitive data.
- Billing and subscription data — such as billing contact name and email, plan tier (Launch, Scale, or Enterprise), seat count, subscription start and renewal dates, and whether you have elected monthly billing or annual prepay (which affects whether custom-course setup fees apply).
- Communications and inquiries — information you provide in contact forms, demo requests, support requests, billing inquiries, or email correspondence.
- Technical and security data — such as IP address, browser type, approximate device information, request metadata, authentication events, session cookies, and security logs used to operate and protect the Service.
2. How we use information
CopilotZone uses personal information to:
- provide, operate, maintain, and secure the Service, including the customer's branded training portal;
- configure white-label branding (logos, colors, custom domain) requested by the customer;
- authenticate users and manage role-based access controls for learners, administrators, billing contacts, and organization owners;
- produce custom training courses from customer-provided source material, including writing slide scripts, generating audio narration, and building quizzes and completion tracking;
- assign, deliver, and track training content, including ready-made courses and customer-specific custom courses;
- record completion, quiz results, certificates, and administrative activity for audit and compliance reporting;
- process subscription billing, manage plan tiers (Launch, Scale, Enterprise), and administer custom-course setup fees;
- respond to inquiries, demo requests, sales conversations, billing questions, and support requests;
- monitor Service performance, detect abuse, troubleshoot issues, and improve functionality; and
- comply with legal obligations and enforce these Terms.
3. Restrictions on sensitive data and customer content
When you or your organization uploads documents, policies, procedures, scripts, or other source material for conversion into custom training courses ("Customer Content"), your organization remains the controller of that content and is responsible for ensuring it does not include PHI, sensitive personal data, or data you are not authorized to submit. CopilotZone processes Customer Content solely to deliver the requested custom course production service (typically scoped as a Custom Course Add-On up to 25 slides per standard course; longer courses or custom scopes are negotiated separately).
If you or your organization has specific data handling, security, or compliance requirements — including for regulated industries such as healthcare, finance, legal, or education — contact us before uploading sensitive content. We will work with you to determine whether a Data Processing Agreement, BAA, or other appropriate agreement is needed.
4. Legal bases and organizational roles
Where applicable law requires a stated legal basis, CopilotZone processes personal information based on one or more of: performance of a contract with you or your organization; legitimate interests in operating and securing the Service; compliance with legal obligations; and consent where required and obtained.
When an organization uses CopilotZone to train employees, contractors, or other personnel ("Workforce Training"), that organization typically acts as the data controller or responsible business for the personal information of its users submitted to the Service. CopilotZone acts as a processor or service provider on behalf of your organization in connection with Workforce Training.
5. Cookies and similar technologies
CopilotZone uses cookies and similar technologies for security, session management, and essential Service functionality. This includes cookies used to maintain authenticated sessions, defend against cross-site request forgery, and enable secure portal access. If you disable essential cookies, parts of the Service may not function correctly.
We do not use advertising or non-essential tracking cookies.
6. How we share information
CopilotZone does not sell personal information for money. We may share information:
- with hosting, infrastructure, security, content delivery, email delivery, payment processing, and support providers that help us operate the Service;
- with the organization that administers your account or training program — including managers, administrators, billing contacts, and organization owners who assign and track training on the customer's branded portal;
- when required to comply with law, regulation, court order, subpoena, or lawful governmental request;
- to investigate, prevent, or respond to suspected fraud, abuse, security incidents, or legal claims; or
- as part of a business transaction such as a merger, financing, acquisition, or asset sale, subject to applicable confidentiality protections and continued privacy commitments.
7. Data retention
CopilotZone retains personal information for as long as reasonably necessary to provide the Service, maintain security and audit records, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary depending on account status, organizational requirements, and legal or operational needs.
Upon account or organization termination, CopilotZone may delete or anonymize personal information within a reasonable period, subject to legal holds, security logs, or contractual retention requirements that may apply.
8. Security
CopilotZone uses reasonable administrative, technical, and organizational measures designed to protect personal information, including:
- Encrypted transport (HTTPS) and signed session cookies;
- Role-based access controls and least-privilege principles;
- Security logging, abuse detection, and rate limiting;
- Regular backups and incident response procedures;
- Secure hosting infrastructure with controlled access.
No method of transmission or storage is completely foolproof, and we cannot guarantee absolute security. If you become aware of a security vulnerability or incident affecting CopilotZone, contact us at hello@copilotzone.com.
9. Geographic availability and data residency
CopilotZone currently provides the Service to customers in the United States only and does not currently offer the Service to customers located in the European Union, European Economic Area, or United Kingdom. Customer data is stored and processed on servers in the United States.
If you are located outside the United States, or if your organization requires EU/UK data protection terms, do not submit personal information to the Service unless CopilotZone has confirmed in writing that we can support your requirements.
10. Your choices and rights
Depending on applicable law in your jurisdiction, you may have rights to:
- access, review, or receive a copy of your personal information;
- correct inaccurate or incomplete personal information;
- request deletion of your personal information, subject to legal retention requirements;
- restrict or object to certain processing activities;
- request portability of your personal information in a machine-readable format; or
- withdraw consent where processing is based on consent.
Where your account is provided through an employer or organization, requests relating to training records or managed account data may need to be directed to your organization's administrator first, as they control the underlying user data. Contact us at hello@copilotzone.com for privacy questions or to exercise your rights.
11. Children's privacy
The Service is intended for business, workplace, and adult educational use and is not directed to children under the age of 16.
12. Third-party sites and services
The Service may contain links to third-party websites or rely on third-party services not controlled by CopilotZone. This Privacy Policy does not apply to third-party services. You should review the privacy policies of any third-party services you access or use in connection with the Service.
13. Changes to this Privacy Policy
CopilotZone may update this Privacy Policy from time to time. Changes become effective when posted to the Service unless a later effective date is stated. We encourage you to review this policy periodically.
14. Contact
For privacy questions, requests, or concerns, contact us at:
Email: hello@copilotzone.com
We aim to respond to privacy inquiries within a reasonable timeframe.
This Privacy Policy is a practical baseline for CopilotZone's custom training platform service and should be reviewed by qualified legal counsel if you need company-specific disclosures, regulatory mapping for CCPA/CPRA, HIPAA, state privacy laws, or sector-specific requirements, or customer-contract language.