Zaruda
ZARUDATechnology Solutions
Zaruda
ZARUDA
LEGAL·PRIVACY POLICY

What We Do With Your Data,
Explained Plainly.

EFFECTIVE: APRIL 27, 2026·UPDATED: APRIL 27, 2026GDPR COMPLIANTCCPA / CPRA COMPLIANT

This Privacy Policy explains how Zaruda Technology Solutions, LLC collects, uses, shares, and protects your personal information. We've written this in plain English on purpose — you deserve to understand what we're doing with your data, not just the legal framework around it.

[01]

Plain English Summary

This summary gives you the key points. Read the full policy below for complete detail.

We collect the information you give us (contact forms, product accounts, job applications) plus standard website usage data.
We use it to provide our services, communicate with you, and improve our products.
We do not sell your personal information. We do not share it for cross-context behavioral advertising.
You have rights to access, correct, delete, or move your data — regardless of where you live.
California residents have additional rights under CCPA/CPRA. EU/UK residents have additional rights under GDPR.
To exercise any right or ask a question: privacy@zaruda.com
[02]

1. About Zaruda and This Policy

Zaruda Technology Solutions, LLC ("Zaruda", "we", "us", "our") is a technology services company headquartered in Kirkland, Washington, USA.

This Privacy Policy explains how we collect, use, share, retain, and protect personal information in connection with:

The zaruda.com website and all subdomains
Our proprietary software products: Site Chat, Call Agent, Support Agent, DB-DaaS
Our consulting, staffing, staff augmentation, and managed services
Job applications and candidate relationships

We have written this policy in plain English because you deserve to understand what happens with your information, not just receive a document that protects us legally.

Effective date: April 27, 2026
Last updated: April 27, 2026
[03]

2. What Personal Information We Collect

2.1Information You Provide Directly

Contact and identity information: Name, email address, phone number, job title, company name — collected when you submit a contact form, register for a product, or correspond with us.

Professional information (staffing and talent network): Resume, work history, skills, certifications, references, employment preferences, compensation expectations, LinkedIn profile. Collected only from candidates who engage with our staffing or staff augmentation services.

Product account credentials: Username, password (stored in hashed form, never plain text), account preferences — collected when you create an account to use any Zaruda product.
Payment information: Billing address, card type and last four digits (full payment card data is processed by our third-party payment processor; we do not store complete card numbers).
Communications content: Anything you include in a message, support ticket, feedback form, or any other direct communication with us.
Sensitive personal information (CPRA category): We do not intentionally collect sensitive categories of personal information (health, racial origin, sexual orientation, biometric data, precise geolocation, financial account credentials, or government ID numbers) through our website or standard service interactions. If your staffing profile includes health-related employment restrictions, we treat that with heightened protection.
2.2Information Collected Automatically

When you visit our website or use our products, we and our service providers automatically collect:

Usage and interaction data: Pages visited, features used, buttons clicked, session duration, navigation paths, search queries within products.
Device and technical data: Browser type and version, operating system, screen resolution, device type (mobile/desktop), referring URL.
IP address: Used to infer approximate geographic location (city or region level only — we do not collect precise geolocation). Your IP address may be logged in server access logs for security purposes.
Cookies and similar technologies: See Section 7 for detailed information on our cookie practices. We use session cookies, persistent cookies, and analytics tools.
Product usage telemetry: For our software products, we collect aggregated usage metrics to improve product performance and reliability. This does not include the content of customer data stored in products.
2.3Information from Third Parties
Business partners and referral sources: When a partner or client refers you to us, we may receive your name and contact details.
Professional networks: If you interact with Zaruda via LinkedIn or other professional platforms, we may receive information about your public professional profile consistent with that platform's settings.
Publicly available sources: For our staffing and recruiting work, we may review publicly available professional information (LinkedIn, GitHub, professional publications) to identify and assess candidates.
Background check providers: For candidates in the hiring process, with your explicit consent, we may use third-party providers to conduct employment background verification consistent with applicable law.
2.4CCPA Categories of Personal Information

California law requires us to disclose the categories of personal information we collect. In the preceding 12 months, we have collected:

Category A — Identifiers: Real name, alias, email address, phone number, IP address, account name.

Category B — Personal information (Cal. Civ. Code § 1798.80): Name, address, employment history (candidates only).

Category C — Protected classifications: Age (for employment law compliance only), national origin (for staffing work authorization).

Category D — Commercial information: Product subscription records, transaction history.

Category F — Internet activity: Browsing history on our website, product interaction logs.

Category G — Geolocation: City/region-level location derived from IP address only.

Category H — Sensory data: Call recordings made through the Call Agent product (with consent).

Category I — Professional/employment information: Candidate resumes, work history, skills.

Category L — Sensitive personal information: Account login credentials (hashed), limited employment-related health restrictions (staffing only, with consent).

We do not collect Social Security numbers, driver's license numbers, financial account numbers, biometric identifiers, or precise geolocation data through our standard services.

[04]

3. How We Use Your Information

We use personal information only for purposes you would reasonably expect given the context in which it was collected, and where we have a valid legal basis to do so.

Service delivery: Matching staffing candidates with appropriate roles and client companies; delivering consulting projects, managed services, and AI product subscriptions; providing customer support; processing payments and managing accounts.
Communications: Responding to inquiries; sending service updates, security notifications, and account alerts; sending marketing communications about Zaruda products and services where you have consented or where we have a legitimate interest in contacting prior business contacts.
Product improvement: Understanding how our website and products are used; identifying bugs and performance issues; developing new features based on usage patterns. We use aggregated, de-identified data for this purpose.
Safety and security: Detecting, investigating, and preventing fraud, unauthorized access, and abuse; protecting the rights, property, and safety of Zaruda, our users, and the public.
Legal compliance: Meeting our obligations under applicable law; responding to lawful requests from government authorities; establishing, exercising, or defending legal claims.
Recruitment: Processing job applications, assessing candidate qualifications, conducting interviews, and fulfilling employment-related legal obligations.

We do not use personal information for automated individual decision-making that produces legal or similarly significant effects without human review. See Section 9 for more detail.

[05]

4. Legal Basis for Processing (GDPR — EEA, UK & Switzerland)GDPR

If you are located in the European Economic Area, United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or applicable national law requires us to identify the legal basis for each processing activity. We process your personal data on the following bases:

Contract performance (Art. 6(1)(b)): When processing is necessary to deliver a service you have requested or to enter into a contract at your request — such as providing product access, processing payments, or fulfilling a staffing placement.
Legitimate interests (Art. 6(1)(f)): Where our interests in operating and improving our business are not overridden by your interests or fundamental rights. Specific legitimate interests include: marketing to existing business contacts, preventing fraud and abuse, improving product quality, managing our corporate operations, and responding to unsolicited business inquiries. You have the right to object to this processing (see Section 10).
Consent (Art. 6(1)(a)): Where required by law — for example, sending marketing emails to new contacts in jurisdictions that require opt-in consent, placing non-essential cookies, or processing certain sensitive categories of data. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Legal obligation (Art. 6(1)(c)): Where processing is required to comply with a legal obligation to which we are subject, such as tax record-keeping, employment law obligations, or responding to lawful legal process.
Vital interests (Art. 6(1)(d)): In rare circumstances where processing is necessary to protect someone's life.
Special category data (Art. 9(2)): Where we process any special category data (e.g., health-related employment restrictions for candidates), we do so only with your explicit consent or as otherwise required by applicable employment law.
[06]

5. How We Share Your Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

Service providers and processors: We share personal information with third-party vendors who process it on our behalf to help us operate our business. These providers are contractually bound to process data only on our instructions and to implement appropriate security measures. Categories of service providers include: cloud hosting and infrastructure; CRM and marketing email platforms; payment processors; background check providers; analytics services; customer support tools.
Client companies (staffing and augmentation): If you are a candidate in our staffing network and we identify a relevant opportunity, your professional profile will be shared with the client company considering the role. We will always inform you before making such an introduction and will not proceed without your knowledge.
Professional referrals: Where you are referred to us by a partner, we may confirm the referral and relevant context with that partner.
Legal requirements: We may disclose personal information when required by applicable law, regulation, legal process, court order, or government request; or when necessary to protect the rights, property, or safety of Zaruda, our users, or others.
Business transfers: If Zaruda is involved in a merger, acquisition, restructuring, or sale of all or part of its assets, personal information may be included in the transferred assets. We will provide advance notice to affected individuals where legally required, and any successor entity will be bound by this policy or will provide comparable protections.
Professional advisors: We may share information with our lawyers, accountants, insurers, and other professional advisors where necessary for legitimate professional purposes, subject to confidentiality obligations.
Aggregated/de-identified data: We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you for any purpose, including industry research, product development, and business analytics.
[07]

6. International Data TransfersGDPR

Zaruda is headquartered in the United States. Our service providers may operate in other countries. If you are located outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries that may have different data protection laws than your country of residence.

For transfers of personal data from the EEA, United Kingdom, or Switzerland to countries without an adequacy decision, we rely on the following transfer mechanisms:

Standard Contractual Clauses (SCCs): We use the European Commission's approved Standard Contractual Clauses with our service providers and data processors. For UK transfers, we implement the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs as appropriate.
Adequacy decisions: Where the European Commission has issued an adequacy decision for the destination country, we rely on that decision.

We conduct Transfer Impact Assessments (TIAs) where required by applicable supervisory authority guidance to evaluate whether SCCs provide sufficient protection given the legal environment of the destination country.

To request a copy of the safeguards we have implemented for international transfers, contact privacy@zaruda.com.

[08]

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website for the purposes described below. You can control non-essential cookies through our cookie preference tool or your browser settings.

Essential cookies: Strictly necessary for the website and product interfaces to function. These enable core features such as account authentication, security, shopping cart functionality, and user preferences. They cannot be switched off without breaking site functionality. Legal basis: legitimate interests / necessity.
Analytics cookies: Help us understand how visitors use our website — including which pages are most popular, how long sessions last, and where users come from. We use this data in aggregate to improve content and user experience. We use analytics tools configured to anonymize IP addresses and with data retention limited to 14 months. Legal basis: legitimate interests (or consent, in jurisdictions that require it).
Marketing cookies: Track visits to zaruda.com for advertising purposes. These may be used to build profiles and serve relevant advertising on third-party platforms. We only deploy marketing cookies where we have obtained your prior consent. Legal basis: consent.
Functional cookies: Remember preferences you have set (such as language, region, or display options). Legal basis: legitimate interests / consent.
Managing your preferences: You may withdraw or modify your consent to non-essential cookies at any time by clicking the "Cookie Settings" link in our website footer, by adjusting your browser settings, or by opting out of analytics via the tool-specific opt-out mechanisms (e.g., Google Analytics opt-out browser add-on). Note that disabling certain cookies may affect website functionality.
Do Not Track: Our website currently does not respond to browser-level Do Not Track signals because there is no common industry standard for how such signals should be interpreted.
[09]

8. Data Retention

We retain personal information for no longer than necessary to fulfil the purposes for which it was collected, and in accordance with applicable legal requirements. Our retention practices are based on data minimization principles.

Candidate profiles (staffing network): Retained for 3 years from the date of your last interaction with us. You may request deletion at any time; we will confirm deletion within 30 days subject to any legal hold obligations.
Client and business contact information: Retained for the duration of the business relationship and for 7 years thereafter for legal, accounting, and tax purposes in accordance with US and applicable state law requirements.
Product and account data: Retained for the duration of the active subscription plus a 90-day post-termination window during which you may export your data. After 90 days, account data is deleted unless legally required to retain it.
Inquiry and communication records: Retained for 2 years from the date of the last communication.
Website analytics data: Retained for 14 months in identifiable form; thereafter retained in aggregate/anonymized form without time limit.
Legal hold: Where personal information is subject to a legal hold (e.g., in connection with litigation or a regulatory investigation), it is retained for the duration of that hold, notwithstanding the above schedules.

After the applicable retention period expires, data is securely deleted or anonymized using industry-standard methods. We do not archive or retain data "just in case."

[10]

9. Automated Decision-Making and ProfilingGDPR

Zaruda does not make decisions about you that produce legal effects or similarly significant consequences solely by automated means, without meaningful human review.

Our AI products (Site Chat, Call Agent, Support Agent) process end-user interactions to provide automated responses and scoring (such as lead intent scores). These scores are informational tools for our clients — not binding decisions. Final hiring, credit, or service eligibility decisions made by Zaruda clients using our products are the responsibility of those clients.

If you believe an automated decision has been made about you in the context of Zaruda's direct relationship with you, you have the right to request human review of that decision, express your point of view, and contest the decision. Contact privacy@zaruda.com to submit such a request.

GDPR note: Article 22 of the GDPR gives EEA/UK individuals the right not to be subject to a decision based solely on automated processing — including profiling — that produces legal or similarly significant effects. We comply with this requirement.
[11]

10. Your RightsGDPRCCPA

Depending on where you are located, you have the following rights over your personal information. We honor these rights for all users globally, not just those in jurisdictions where they are legally required.

Right of access: Request a copy of the personal information we hold about you, along with information about how we use it.
Right to rectification / correction: Request that we correct inaccurate or incomplete personal information about you.
Right to erasure / deletion: Request deletion of your personal information. We will comply unless retention is required by law or is necessary for us to establish, exercise, or defend legal claims.
Right to data portability: Receive personal information you have provided to us in a structured, commonly used, machine-readable format, and where technically feasible, have it transmitted to another controller.
Right to restriction of processing: In certain circumstances, request that we pause processing of your data — for example, while the accuracy of data is contested, or while an objection is under consideration.
Right to object: Object to processing of your personal information based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop immediately. If you object to legitimate interest processing, we will assess whether our interests override your objection.
Right to withdraw consent: Where we rely on consent as the legal basis, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

Right not to be subject to automated decision-making: See Section 9.

Right to lodge a complaint: If you are in the EEA or UK and believe we have violated your data protection rights, you have the right to lodge a complaint with your local supervisory authority. In the EU, you can find your supervisory authority at edpb.europa.eu. In the UK, the relevant authority is the Information Commissioner's Office (ico.org.uk). We always prefer to resolve concerns directly — please contact us first at privacy@zaruda.com.
How to exercise your rights: Contact us at privacy@zaruda.com. We will acknowledge your request within 72 hours and respond substantively within 30 days (or 45 days where permitted by applicable law if the request is complex). We do not charge a fee for exercising rights unless requests are manifestly unfounded or excessive. We may need to verify your identity before processing certain requests.
[12]

11. California Privacy Rights (CCPA / CPRA)CCPA

We do not sell or share California residents' personal information for cross-context behavioral advertising.

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you the following rights in addition to those described in Section 10:

Right to know — categories: Know the categories of personal information we collect, the sources of that information, the business or commercial purposes for collection, and the categories of third parties with whom we share it. See Section 2.4 for our CCPA category disclosures.
Right to know — specific pieces: Request the specific pieces of personal information we have collected about you in the preceding 12 months.
Right to delete: Request deletion of personal information we have collected from you, subject to certain exceptions (e.g., completing transactions, security, legal obligations, internal uses consistent with your expectations).
Right to correct: Request correction of inaccurate personal information we hold about you.
Right to opt out of sale or sharing: We do not sell personal information and do not share personal information for cross-context behavioral advertising. You are not required to opt out, but you may submit a confirmation request to privacy@zaruda.com.

Right to limit use of sensitive personal information: If we process any sensitive personal information as defined by CPRA (account login credentials, health data for staffing candidates), you have the right to direct us to limit use of that sensitive PI to purposes necessary to provide the services you requested.

Right to non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. You will not receive a lower quality of service or be denied goods/services for exercising these rights.
Authorized agent: You may designate an authorized agent to make a CCPA rights request on your behalf. To use an authorized agent, we require either: (a) written authorization signed by you and submitted with the agent's request; or (b) a valid power of attorney. We will verify the authorized agent's authority before fulfilling the request.
Submitting a California request: Email privacy@zaruda.com with subject line "CCPA Privacy Request" and describe the right you wish to exercise. We will acknowledge your request within 10 business days and respond within 45 calendar days (extendable by an additional 45 days with notice).
Financial incentives: Zaruda does not offer financial incentives or price differentials in exchange for retention or sale of personal information.
[13]

12. Other U.S. State Privacy RightsCCPA

Residents of additional U.S. states have rights under applicable state privacy laws. We honor these rights for residents of:

Virginia (VCDPA): Rights to access, correct, delete, portability, and opt out of targeted advertising, sale, and profiling for significant decisions.
Colorado (CPA): Same rights as Virginia VCDPA residents, plus a right to opt out of profiling.
Connecticut (CTDPA): Access, correction, deletion, portability, and opt-out rights consistent with Connecticut law.
Texas (TDPSA): Access, correction, deletion, portability, and opt-out rights consistent with Texas law.
Nevada: Nevada residents may submit opt-out requests regarding the exchange of covered information for monetary consideration. We do not sell covered information as defined under Nevada law.
Other states: We will honor rights requests from residents of any U.S. state consistent with applicable law as it evolves.
How to submit a state privacy request: Email privacy@zaruda.com with your state and the right you wish to exercise. We will respond within the timeframe required by the applicable law and will not charge a fee for reasonable requests.
[14]

13. Data Security

We implement technical and organizational measures appropriate to the risk level of the processing to protect personal information against unauthorized access, loss, destruction, alteration, or disclosure. Our security program includes:

Encryption: Personal data is encrypted in transit using TLS 1.2 or higher. Sensitive stored data (including account credentials, payment data references, and candidate sensitive information) is encrypted at rest.
Access controls: Role-based access controls limit who within Zaruda can access personal data. Access is granted on a least-privilege basis and reviewed regularly. Access to production systems requires multi-factor authentication.
Vendor security: We assess the security practices of third-party processors before engagement and require contractual security commitments through Data Processing Agreements.
Incident response: We maintain a documented data breach response plan. In the event of a breach that creates a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities within the timeframes required by applicable law (72 hours for GDPR; "expedient" notice under CCPA/applicable state laws).
Security assessments: We conduct periodic security assessments and vulnerability management processes. Our cloud infrastructure providers maintain SOC 2, ISO 27001, and other enterprise security certifications.

No security system is perfectly impenetrable. While we work hard to protect your data, no method of transmission or storage is 100% secure.

[15]

14. Children's Privacy

Our website and services are directed to business professionals and enterprises. We do not knowingly collect personal information from individuals under the age of 16 (or under 13 in the United States).

If we become aware that we have inadvertently collected personal information from someone under the applicable minimum age, we will delete it promptly. If you believe we have collected information from a minor, contact us immediately at privacy@zaruda.com.

Parents or guardians who believe their child has provided personal information to Zaruda may request deletion by contacting us at the same address.

[16]

15. EU/UK Data Protection RepresentativeGDPR

Zaruda Technology Solutions, LLC is a U.S.-based company. In accordance with Article 27 of the GDPR and the UK GDPR, organizations established outside the EEA/UK that offer goods or services to individuals in those regions, or that monitor their behavior, are required to designate a representative.

EU Representative: We are in the process of designating an EU representative. Until this designation is complete, EEA/UK residents may contact us directly:

Email: privacy@zaruda.com

Subject line: "GDPR / EU Data Subject Request"

We will respond to all EU/UK data subject requests and supervisory authority inquiries directed to this address within the timeframes required by the GDPR (72 hours for breach notifications; 30 days for data subject requests).

Data Protection Officer: Zaruda does not currently meet the thresholds that require mandatory appointment of a Data Protection Officer under GDPR Article 37. Privacy governance is managed by our Privacy function; contact privacy@zaruda.com for all privacy-related matters.
[17]

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, products, or applicable law. When we make changes, we will update the "Last Updated" date at the top of this page.

For material changes — those that significantly affect your rights or how we handle your personal information — we will provide advance notice by:

Posting a prominent notice on our website at least 30 days before the change takes effect
Sending an email notification to the address we have on file for you, where applicable

Your continued use of our website or services after the effective date of a material change constitutes your acceptance of the updated policy. If you do not agree to material changes, you should stop using our services and may request deletion of your information.

We encourage you to review this policy periodically. Older versions of this policy are available on request.

[18]

17. Contact Us

For privacy questions, concerns, rights requests, or to report a privacy issue:

Zaruda Technology Solutions, LLC

Email: privacy@zaruda.com

Subject: Privacy Inquiry / [Type of Request]

Mailing Address: 11335 NE 122nd Way, Suite 105, Kirkland, WA 98034, USA

For CCPA requests specifically, use subject line "CCPA Privacy Request."

For GDPR data subject requests, use subject line "GDPR / EU Data Subject Request."

We acknowledge all privacy inquiries within 72 hours and provide substantive responses within 30 days.

We take privacy seriously and will not dismiss or delay legitimate requests. Where we cannot fulfill a request (e.g., due to legal obligations), we will explain the reason clearly.

Cookie Preferences

We use essential cookies to run this site and optional analytics to improve it. Privacy Policy · Terms of Service