Privacy Policy

Last updated: May 7, 2026

Zenning AI is a trading name of AllTheTables Limited, a company registered in England and Wales. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

1. Introduction and Company Details

Welcome to Zenning AI. We are committed to protecting your personal information and your right to privacy. This Privacy Policy applies to all information collected through our website, mobile applications, and any related services, sales, marketing, or events (collectively, the "Services").

Data Controller:
AllTheTables Limited (trading as Zenning AI)
Company registered in England and Wales
Email: contact@zenning.ai

PLEASE READ THIS PRIVACY POLICY CAREFULLY. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy, including all disclaimers, limitations of liability, and indemnification provisions contained herein. If you do not agree with any part of this Privacy Policy, you must immediately discontinue your use of the Services.

Assumption of Risk: You acknowledge and agree that your use of the Services and any information you provide to us is at your sole risk. You are solely responsible for evaluating the accuracy, completeness, and usefulness of any information provided through the Services.

This Privacy Policy is a legally binding agreement between you and AllTheTables Limited. Your continued use of the Services following any changes to this Privacy Policy constitutes your acceptance of those changes.

2. Google API Services

Zenning AI uses Google API Services to access your Google account data when you connect Google applications through our platform. This section describes which Google data we access, how we use it, and the protections that apply to it.

2.1 Google API Scopes We Request

When you connect your Google account, we may request access to the following Google API scopes depending on which integrations you enable:

Gmail

Full mail access (mail.google.com) — To read, compose, send, and organise your email messages within Zenning AI
Read-only access (gmail.readonly) — To display your email messages and metadata
Compose (gmail.compose) — To draft and create email messages on your behalf
Send (gmail.send) — To send email messages on your behalf
Modify (gmail.modify) — To read, organise, and modify (but not delete) your email
Labels (gmail.labels) — To create, read, update, and delete labels in your mailbox
Basic settings (gmail.settings.basic) — To manage your basic mail settings such as filters and forwarding

Google Contacts

Read-only access (contacts.readonly) — To display your contacts within Zenning AI
Full access (contacts) — To read and manage your contacts

Google Drive

Full access (drive) — To read, create, and manage your Google Drive files
Read-only access (drive.readonly) — To display your Google Drive files and their content
Metadata read-only (drive.metadata.readonly) — To view file names, types, and folder structure
Calendar events (calendar.events, calendar.events.readonly, calendar.readonly) — Where the Drive integration is also used to attach Drive files to calendar events you create

Google Calendar

Events (calendar.events) — To read and manage your calendar events
Events read-only (calendar.events.readonly) — To display your calendar events
Calendar read-only (calendar.readonly) — To view your calendars
Calendar list (calendar.calendarlist) — To manage your list of calendars
Calendar list read-only (calendar.calendarlist.readonly) — To view your list of calendars
Free/busy (calendar.freebusy) — To check availability for scheduling

Google Workspace Productivity

Google Sheets (spreadsheets) — To read, create, and modify your spreadsheets
Google Docs (documents, drive, spreadsheets.readonly) — To read, create, and modify your Google Docs documents. The Drive scope is required so the Docs integration can locate documents you ask it to edit and export them as PDFs; spreadsheets.readonly is required to embed charts from a source Sheet into a Doc
Google Slides (presentations) — To read, create, and modify your presentations
Google Forms (forms, forms.body) — To read and manage your forms
Google Forms responses (forms.responses.readonly) — To view form responses

Google Analytics and Advertising

Analytics (analytics, analytics.edit, analytics.readonly) — To read and manage your Google Analytics data and reports
Google Ads (adwords) — To read and manage your Google Ads campaigns and reporting data

Google Play

Android Publisher (androidpublisher) — To access your Google Play Developer account data
Play Developer Reporting (playdeveloperreporting) — To view your app performance reports and statistics

User Profile

Profile information (userinfo.profile) — To identify you and display your name and profile picture
Email address (userinfo.email) — To identify your account and communicate with you

2.2 How We Use Google API Data

Data obtained through Google API Services is used solely to provide and improve user-facing features of Zenning AI that are prominent in the application's user interface. Each access of Google API data is triggered in real time by an explicit user action (for example, you asking the assistant to schedule a meeting, summarise an email thread, or create a document) and is scoped to that single request. Specifically, we use Google API data to:

Display your Google data (emails, files, calendar events, contacts, etc.) within the Zenning AI interface in response to your actions
Pass the specific items you reference (for example, an email thread you ask to summarise, or a meeting transcript you ask to draft a follow-up for) to large language model (LLM) providers such as OpenAI and Anthropic so they can produce the response you requested. These LLM providers are bound by Data Processing Agreements that prohibit them from retaining or training on data sent through their APIs
Execute automated workflows you explicitly initiate (e.g., sending an email, creating a calendar event, updating a spreadsheet)
Enable enterprise search across your connected Google services in response to queries you initiate

Google API data is not used to develop, improve, or train any generalised or non-personalised AI/ML model, whether ours or any third party's. It is not aggregated across users for any purpose other than internal operations on properly de-identified data, and is not used for advertising, profiling, or any feature outside the request that triggered the data access.

2.3 Data Storage and Security

We protect Google API data with the following technical and organisational safeguards:

Encryption at rest: All Google API data (including OAuth tokens, cached metadata, and any synced content) is stored in cloud databases that are encrypted at rest using industry-standard AES-256 encryption
Encryption in transit: All data transmitted between Zenning AI, Google APIs, and any sub-processors is protected with TLS 1.2 or higher
OAuth token protection: Refresh and access tokens are stored using application-layer encryption with keys managed in a dedicated secrets manager, separate from the application database
Access controls: Production systems require multi-factor authentication. Access to Google API data is restricted on a least-privilege, role-based basis and is logged and audited
Network controls: Production databases sit behind private networks and are not directly exposed to the public internet
Vulnerability management: We perform regular dependency scanning, security assessments, and patching of our infrastructure
Incident response: We maintain an incident response process and will notify affected users of any confirmed security incident affecting their Google API data within the timeframe required by applicable law

We retain Google API data only for as long as necessary to provide the Services. When you disconnect a Google integration or delete your account, we delete the associated Google API data from our systems within 30 days, except where retention is required by applicable law.

Only our automated systems process your Google API data. Our staff does not read your Google data unless (a) you give explicit, affirmative consent for us to view a specific item (e.g., when requesting support assistance for a particular email or file), (b) it is necessary for security purposes such as investigating abuse or a security incident, (c) it is required to comply with applicable law, or (d) the data has been aggregated and anonymised such that it can no longer be linked to an individual user (and only for internal operations).

2.4 Limited Use Disclosure

Zenning AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In accordance with the Limited Use requirements, we will never use, sell, transfer, or share Google API data — and we do not permit any sub-processor to use, sell, transfer, or share Google API data — for any of the following purposes:

Serving advertisements of any kind, including targeted, retargeted, personalised, or interest-based advertising
Selling Google API data to data brokers, information resellers, or any other third party
Determining credit-worthiness or for lending purposes
Creating, supplementing, or contributing to any database, profile, or dataset other than the data strictly required to operate the user-facing features you actively use within Zenning AI
Developing, improving, or training generalised or non-personalised AI or machine-learning models, whether ours or any third party's
Any purpose other than providing or improving user-facing features that are prominent in Zenning AI's user interface

Google API data may only be transferred to third parties in the following narrow, permitted circumstances:

To provide user-facing features: The specific items you reference (e.g., the email you ask us to summarise) are passed to large language model (LLM) providers (such as OpenAI and Anthropic) bound by Data Processing Agreements that contractually prohibit them from retaining the data beyond the time required to generate a response and prohibit them from using the data to train any model
To essential infrastructure providers: Cloud hosting and database providers (such as Cloudflare, Google Cloud, and our managed database vendors) that process Google API data only to host and operate the Services on our behalf, under contractual obligations of confidentiality and limited use
For security purposes: To investigate, prevent, or take action regarding abuse, fraud, or security incidents
For legal compliance: To comply with applicable law, regulation, valid legal process, or governmental request

Notwithstanding any other provision of this Privacy Policy, the restrictions in this Section 2 take precedence with respect to all data obtained through Google API Services. In the event of any conflict between this Section 2 and any other provision of this Privacy Policy, this Section 2 controls for Google API data.

2.5 Revoking Access and Deleting Data

You can revoke Zenning AI's access to your Google account at any time by either:

Disconnecting the integration from within Zenning AI (Settings → Connectors → Disconnect), or
Visiting https://myaccount.google.com/permissions and removing Zenning AI from the list of third-party apps with access to your account

On revocation we delete the associated OAuth tokens immediately, and delete any cached Google API data (including synced metadata, calendar events, and document references) within 30 days, except where retention is required by law. To request earlier deletion or to obtain a copy of the Google API data we hold about you, contact us at contact@zenning.ai.

2.6 Notification of Changes to Google Data Handling

If we materially change how Zenning AI accesses, uses, stores, or shares data obtained through Google API Services, we will (a) update this Section 2 and the "Last updated" date at the top of this Privacy Policy, and (b) notify affected users in advance — by email to the address associated with the connected Google account, by an in-product notice the next time you sign in, or both. Where the change introduces new processing of your Google API data that requires consent, we will obtain that consent before the change takes effect. You can review the current Google API scopes Zenning AI has access to at any time at https://myaccount.google.com/permissions.

3. Information We Collect

3.1 Personal Information You Provide

We collect personal information that you voluntarily provide when you:

Register for an account
Express interest in obtaining information about us or our products
Participate in activities on the Services
Contact us directly

This information may include:

Name and contact details (email address, phone number, postal address)
Account credentials (username, password)
Billing and payment information
Company name and job title
Communications and correspondence with us
Any other information you choose to provide

3.2 Information Automatically Collected

When you access our Services, we automatically collect certain information, including:

Device Information: Device type, operating system, unique device identifiers, browser type
Log Data: IP address, access times, pages viewed, referring URLs
Usage Data: Features used, actions taken, time spent on pages
Location Data: General location derived from IP address

3.3 Information from Third Parties

We may receive information about you from:

Third-party services you connect to your account (e.g., integrations)
Business partners and marketing partners
Publicly available sources

4. How We Use Your Information

We use the information we collect or receive to:

Provide and maintain our Services: Create and manage your account, process transactions, deliver the Services you request
Improve our Services: Understand how users interact with our Services, develop new features, conduct analytics
Communicate with you: Send administrative information, respond to enquiries, provide customer support
Marketing and promotional purposes: Send promotional communications (with your consent where required)
Personalisation: Tailor content and recommendations to your preferences
Security and fraud prevention: Protect our Services, detect and prevent fraudulent activity
Legal compliance: Comply with applicable laws, regulations, and legal processes
Business operations: Conduct business planning, reporting, and forecasting

Google API Data: Notwithstanding the foregoing, data obtained through Google API Services is used solely to provide and improve user-facing features of Zenning AI and is not used for marketing, advertising, or any purpose unrelated to the features you interact with in the application. See Section 2 (Google API Services) for details.

5. Legal Basis for Processing

Under UK and EU data protection law, we must have a lawful basis for processing your personal data. We rely on the following legal bases:

Contract Performance: Processing necessary to perform our contract with you or take steps at your request before entering a contract (e.g., providing our Services, processing payments)
Legitimate Interests: Processing necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests (e.g., improving our Services, fraud prevention, marketing to existing customers)
Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications, certain cookies)
Legal Obligation: Processing necessary to comply with a legal obligation (e.g., tax reporting, responding to lawful requests from authorities)

7. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States and other countries where our service providers operate.

When we transfer personal data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

Adequacy Decisions: Transfers to countries deemed to provide adequate protection by the UK Government or European Commission
Standard Contractual Clauses: Using UK or EU-approved standard contractual clauses
Binding Corporate Rules: Where applicable, relying on approved binding corporate rules
Other Safeguards: Additional measures as required to ensure equivalent protection

You may request a copy of the appropriate safeguards by contacting us at contact@zenning.ai.

8. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider:

The nature and sensitivity of the data
The potential risk of harm from unauthorised use or disclosure
The purposes for which we process the data
Applicable legal requirements

When personal data is no longer required, we securely delete or anonymise it. If deletion is not immediately possible (e.g., because data is stored in backup archives), we will securely store and isolate the data until deletion is possible.

9. Your Rights Under UK GDPR

If you are a resident of the United Kingdom, you have the following rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:

Right of Access: You have the right to request a copy of the personal data we hold about you (commonly known as a "subject access request")
Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data
Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (the "right to be forgotten")
Right to Restrict Processing: You have the right to request that we restrict processing of your personal data in certain circumstances
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format
Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes
Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time

To exercise these rights, please contact us at contact@zenning.ai. We will respond to your request within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Your Rights Under EU GDPR

If you are a resident of the European Economic Area (EEA), you have similar rights under the EU General Data Protection Regulation (GDPR):

Right of Access (Article 15)
Right to Rectification (Article 16)
Right to Erasure (Article 17)
Right to Restriction of Processing (Article 18)
Right to Data Portability (Article 20)
Right to Object (Article 21)
Rights Related to Automated Decision-Making (Article 22)
Right to Withdraw Consent (Article 7)

To exercise these rights, contact us at contact@zenning.ai. We will respond within one month. You have the right to lodge a complaint with your local data protection supervisory authority.

11. Your Rights Under US Law

11.1 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights:

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
Right to Delete: Request deletion of your personal information, subject to certain exceptions
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing: Opt out of the "sale" or "sharing" of personal information for cross-context behavioural advertising
Right to Limit Use of Sensitive Personal Information: Limit the use and disclosure of sensitive personal information
Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

We do not sell your personal information. To exercise your rights, contact us at contact@zenning.ai.

11.2 Virginia Residents (VCDPA)

Virginia residents have rights under the Virginia Consumer Data Protection Act (VCDPA), including rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising, sale of personal data, and profiling.

11.3 Colorado Residents (CPA)

Colorado residents have rights under the Colorado Privacy Act (CPA), including rights to access, correct, delete, and obtain a portable copy of personal data, and to opt out of targeted advertising, sale of personal data, and profiling.

11.4 Connecticut Residents (CTDPA)

Connecticut residents have rights under the Connecticut Data Privacy Act (CTDPA), including rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising, sale of personal data, and profiling.

11.5 Utah Residents (UCPA)

Utah residents have rights under the Utah Consumer Privacy Act (UCPA), including rights to access, delete, and obtain a portable copy of personal data, and to opt out of targeted advertising and sale of personal data.

11.6 Other US States

Additional US states may have enacted privacy legislation. We are committed to honouring privacy rights under applicable state laws. Contact us at contact@zenning.ai to exercise your rights or for more information.

12. Children's Privacy

Our Services are not directed to children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at contact@zenning.ai. If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete that information.

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons, pixels, and local storage) to collect and store information when you visit our Services.

Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function properly. These cannot be disabled.
Performance/Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous information.
Functionality Cookies: Remember your preferences and settings to enhance your experience.
Marketing/Targeting Cookies: Track your browsing activity to deliver relevant advertisements. These are only placed with your consent and do not use or rely on data obtained through Google API Services.

Google API Data: Cookies and tracking technologies described in this section are used only on our website and marketing pages. Data obtained through Google API Services is never used for advertising, tracking, or marketing cookie purposes. See Section 2 (Google API Services) for details.

Managing Cookies

You can manage your cookie preferences through our cookie consent tool or through your browser settings. Please note that blocking certain cookies may impact the functionality of our Services.

For more information about how we use cookies, please refer to our Cookie Policy (available on our website).

14. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Access controls and authentication mechanisms
Regular security assessments and audits
Employee training on data protection
Incident response procedures

IMPORTANT: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot and do not guarantee its absolute security. You acknowledge that you provide your personal information at your own risk.

We shall not be held liable for any unauthorised access to, or alteration, theft, or destruction of, data that arises from circumstances beyond our reasonable control, including but not limited to: cyberattacks, hacking, malware, or actions of malicious third parties.

15. Disclaimers and Limitation of Liability

15.1 No Warranty

THE SERVICES AND ALL INFORMATION, CONTENT, AND MATERIALS MADE AVAILABLE THROUGH THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, WE DISCLAIM ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

Any implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement
Any warranty that the Services will be uninterrupted, secure, or error-free
Any warranty regarding the accuracy, reliability, or completeness of any information provided
Any warranty that defects will be corrected or that the Services are free of viruses or other harmful components

15.2 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL ALLTHETABLES LIMITED (TRADING AS ZENNING AI), ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, AFFILIATES, SUCCESSORS, OR ASSIGNS BE LIABLE FOR:

Any indirect, incidental, special, consequential, punitive, or exemplary damages
Any loss of profits, revenue, data, use, goodwill, or other intangible losses
Any damages arising from unauthorised access to or use of our servers or any personal information stored therein
Any damages arising from interruption or cessation of transmission to or from the Services
Any damages arising from bugs, viruses, trojan horses, or the like that may be transmitted through the Services
Any damages arising from the conduct of any third party on or related to the Services
Any damages arising from any content or materials obtained through the Services

WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN ANY EVENT, OUR TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY OR YOUR USE OF THE SERVICES SHALL NOT EXCEED THE GREATER OF: (A) THE AMOUNTS YOU HAVE PAID TO US IN THE TWELVE (12) MONTHS PRIOR TO THE CLAIM; OR (B) ONE HUNDRED POUNDS STERLING (£100).

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN WARRANTIES OR LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. ACCORDINGLY, SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. IN SUCH JURISDICTIONS, OUR LIABILITY IS LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

16. Indemnification

To the fullest extent permitted by applicable law, you agree to indemnify, defend, and hold harmless AllTheTables Limited (trading as Zenning AI), its parent companies, subsidiaries, affiliates, officers, directors, employees, agents, licensors, service providers, and successors and assigns from and against any and all claims, demands, actions, liabilities, damages, losses, costs, and expenses (including reasonable legal fees and court costs) arising out of or relating to:

Your access to or use of the Services
Your breach or alleged breach of this Privacy Policy or any applicable terms of service
Your violation of any applicable law, regulation, or third-party right
Any content or information you provide to us or through the Services
Any misrepresentation made by you
Your negligent or wrongful conduct
Any dispute between you and any third party arising from your use of the Services

We reserve the right, at your expense, to assume the exclusive defence and control of any matter for which you are required to indemnify us, and you agree to cooperate with our defence of such claims. You agree not to settle any such matter without our prior written consent.

This indemnification obligation will survive the termination of your relationship with us and your use of the Services.

17. Third-Party Services and Links

Our Services may contain links to third-party websites, services, or applications that are not owned or controlled by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

You expressly acknowledge and agree that:

We shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any third-party content, goods, or services available on or through any such websites or services
Your interactions with third-party services, including payment and delivery of goods or services, and any other terms, conditions, warranties, or representations associated with such dealings, are solely between you and such third party
We are not responsible for examining or evaluating, and we do not warrant the offerings of, any third parties or the content of their websites
You should review the applicable terms and privacy policies of any third-party website or service before using them or providing any personal information

Your use of third-party services is at your own risk and subject to the terms and conditions of those third parties. We strongly advise you to read the terms and conditions and privacy policies of any third-party services that you visit or use.

18. AI and Automated Systems Disclaimer

Our Services utilise artificial intelligence, machine learning, and other automated systems. You expressly acknowledge and agree to the following:

18.1 No Guarantee of Accuracy

AI-GENERATED CONTENT, RECOMMENDATIONS, OUTPUTS, AND DECISIONS ARE PROVIDED "AS IS" WITHOUT ANY WARRANTY OF ACCURACY, COMPLETENESS, RELIABILITY, OR FITNESS FOR ANY PURPOSE. We do not guarantee that any AI output will be accurate, error-free, appropriate, or suitable for your intended use.

18.2 No Liability for AI Outputs

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE FOR ANY DECISIONS, ACTIONS, OR OUTCOMES BASED ON AI-GENERATED CONTENT OR RECOMMENDATIONS, INCLUDING BUT NOT LIMITED TO:

Any errors, inaccuracies, or omissions in AI-generated content
Any business, financial, legal, medical, or personal decisions made based on AI outputs
Any harm, loss, or damage resulting from reliance on AI recommendations
Any unintended, unexpected, or harmful AI behaviours or outputs
Any content generated that may be offensive, inappropriate, or unlawful
Any intellectual property issues arising from AI-generated content

18.3 User Responsibility

You are solely responsible for reviewing, verifying, and validating any AI-generated content before use. You agree to use independent judgment and, where appropriate, seek professional advice before acting on any AI recommendations or outputs.

18.4 AI Training and Improvement

You acknowledge and agree that we may use data, including your inputs and interactions with the Services, to train, improve, and develop our AI systems. Such use shall be in accordance with applicable data protection laws and this Privacy Policy.

Google API Data: Notwithstanding the foregoing, data obtained through Google API Services is never used to develop, improve, or train generalized or non-personalized AI/ML models, whether ours or any third party's. Google API data is only processed (a) by our automated systems to provide user-facing features within Zenning AI in direct response to your actions, and (b) by third-party LLM providers (e.g., OpenAI, Anthropic) that are contractually prohibited from retaining or training on data sent through their APIs. Our staff does not read your Google data unless you provide explicit, affirmative consent for a specific item, or it is necessary for security or legal compliance purposes. See Section 2 (Google API Services) for the full Limited Use restrictions.

19. Force Majeure

We shall not be liable for any failure or delay in performing our obligations under this Privacy Policy where such failure or delay results from circumstances beyond our reasonable control, including but not limited to:

Acts of God, natural disasters, earthquakes, floods, fires, storms, or extreme weather events
Epidemics, pandemics, or public health emergencies
War, terrorism, civil unrest, riots, or armed conflict
Cyberattacks, hacking, distributed denial of service attacks, malware, or other malicious activities
Government actions, laws, regulations, embargoes, or sanctions
Power outages, telecommunications failures, or internet service disruptions
Failures of third-party service providers, cloud infrastructure, or hosting services
Labour disputes, strikes, or workforce shortages
Supply chain disruptions or shortages of materials
Any other events beyond our reasonable control

In such circumstances, our obligations shall be suspended for the duration of the force majeure event, and we shall have no liability for any resulting failure or delay. We shall use reasonable efforts to mitigate the effects of any force majeure event and resume performance as soon as reasonably practicable.

DATA BREACHES: Without limiting the foregoing, you acknowledge that data security incidents, including breaches caused by sophisticated cyberattacks, zero-day exploits, or advanced persistent threats, may constitute force majeure events for which we shall not be liable, provided we have implemented reasonable security measures.

20. User Responsibilities and Obligations

By using our Services, you agree to the following responsibilities and obligations:

20.1 Accuracy of Information

You are solely responsible for the accuracy, completeness, and legality of all information you provide to us. We shall not be liable for any consequences arising from inaccurate, incomplete, or misleading information provided by you.

20.2 Security of Your Account

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to immediately notify us of any unauthorised use of your account. We shall not be liable for any loss or damage arising from your failure to protect your account credentials.

20.3 Compliance with Laws

You are solely responsible for ensuring that your use of the Services complies with all applicable laws, regulations, and third-party rights in your jurisdiction. We make no representation that the Services are appropriate or available for use in any particular jurisdiction.

20.4 Backup of Data

You are solely responsible for maintaining backups of any data you store or process through the Services. We shall not be liable for any loss of data, regardless of the cause.

20.5 Third-Party Content

You are solely responsible for any content you upload, transmit, or share through the Services, including ensuring you have all necessary rights and permissions. You shall indemnify us against any claims arising from your content.

21. Mandatory Arbitration and Dispute Resolution

21.1 Informal Resolution

Before initiating any formal dispute resolution proceedings, you agree to first contact us at contact@zenning.ai and attempt to resolve the dispute informally for a period of at least sixty (60) days. Most disputes can be resolved through informal negotiation.

21.2 Binding Arbitration

IF WE CANNOT RESOLVE A DISPUTE INFORMALLY, YOU AND ALLTHETABLES LIMITED AGREE THAT ANY DISPUTE, CLAIM, OR CONTROVERSY ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY OR THE SERVICES SHALL BE RESOLVED EXCLUSIVELY THROUGH BINDING ARBITRATION, RATHER THAN IN COURT.

Arbitration shall be conducted in London, England, in the English language, by a single arbitrator in accordance with the rules of the London Court of International Arbitration (LCIA). The arbitrator's decision shall be final and binding, and judgment on the award may be entered in any court of competent jurisdiction.

21.3 Class Action Waiver

YOU AGREE THAT ANY ARBITRATION OR LEGAL PROCEEDING SHALL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT AS A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. You expressly waive any right to participate in a class action lawsuit or class-wide arbitration.

21.4 Jury Trial Waiver

TO THE FULLEST EXTENT PERMITTED BY LAW, YOU WAIVE ANY RIGHT TO A JURY TRIAL IN ANY LEGAL PROCEEDING ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY OR THE SERVICES.

21.5 Exceptions

Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement of intellectual property rights. Nothing in this section shall prevent us from seeking remedies in small claims court for disputes within its jurisdiction.

22. Time Limitations on Claims

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY CLAIM OR CAUSE OF ACTION ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY OR YOUR USE OF THE SERVICES MUST BE FILED WITHIN ONE (1) YEAR AFTER SUCH CLAIM OR CAUSE OF ACTION AROSE. FAILURE TO FILE WITHIN THIS TIME PERIOD SHALL RESULT IN THE PERMANENT BARRING OF SUCH CLAIM.

You acknowledge that this limitation period is reasonable and that you have had the opportunity to seek independent legal advice regarding this provision.

This limitation period applies regardless of the legal theory upon which the claim is based, including but not limited to breach of contract, tort (including negligence), strict liability, or any statutory cause of action.

23. Releases and Waivers

23.1 General Release

To the maximum extent permitted by applicable law, you hereby release, discharge, and hold harmless AllTheTables Limited, its officers, directors, employees, agents, affiliates, successors, and assigns from any and all claims, demands, damages, losses, costs, and expenses (including legal fees) arising out of or relating to:

Your use of or inability to use the Services
Any data processing activities conducted in accordance with this Privacy Policy
Any security incidents or data breaches, except to the extent caused by our gross negligence or wilful misconduct
Any third-party conduct or content
Any disputes between you and other users or third parties

23.2 California Civil Code Section 1542 Waiver

If you are a California resident, you expressly waive California Civil Code Section 1542, which states: "A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her, would have materially affected his or her settlement with the debtor or released party."

23.3 Waiver of Unknown Claims

You expressly waive and relinquish any and all claims you may have against us that you do not know or suspect to exist at the time of agreeing to this Privacy Policy, and you expressly waive any rights under any statute or common law principle that would otherwise limit this release to known claims.

24. Exclusive Remedies

24.1 Limitation on Remedies

YOUR SOLE AND EXCLUSIVE REMEDY FOR ANY CLAIM ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY OR THE SERVICES SHALL BE LIMITED TO: (A) DISCONTINUATION OF YOUR USE OF THE SERVICES; AND (B) A REFUND OF AMOUNTS PAID BY YOU TO US IN THE THREE (3) MONTHS PRECEDING THE CLAIM, IF ANY.

24.2 No Injunctive Relief

To the fullest extent permitted by law, you agree that you will not seek, and hereby waive any right to seek, injunctive or other equitable relief against us, including but not limited to any order that would restrain, enjoin, or otherwise limit our operations, services, or business activities.

24.3 Monetary Damages Only

You agree that monetary damages as limited herein shall be your sole remedy and that you shall not seek any other form of relief, including but not limited to specific performance, declaratory relief, or reformation.

24.4 Legal Fees

If we prevail in any dispute or legal proceeding arising out of or relating to this Privacy Policy, you shall reimburse us for all reasonable legal fees, costs, and expenses incurred in connection with such dispute or proceeding.

25. Governing Law

This Privacy Policy and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.

Subject to the arbitration provisions above, the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Privacy Policy.

This choice of governing law shall not deprive consumers of any mandatory consumer protection rights under the laws of their country of residence.

26. Changes to This Policy

We reserve the right to modify, amend, or update this Privacy Policy at any time and for any reason, in our sole discretion. When we make changes, we will:

Update the "Last updated" date at the top of this policy
Where required by law or where we deem appropriate, notify you via email or through a prominent notice on our Services

Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of such changes. If you do not agree to the modified Privacy Policy, you must discontinue your use of the Services.

We encourage you to review this Privacy Policy periodically. It is your responsibility to check this Privacy Policy for updates. We are not obligated to notify you of every change to this Privacy Policy.

27. Severability, Survival, and Entire Agreement

27.1 Severability

If any provision of this Privacy Policy is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction or arbitrator, such invalidity, illegality, or unenforceability shall not affect any other provision of this Privacy Policy. The remaining provisions shall continue in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent and economic effect to the maximum extent possible.

27.2 Survival

The following provisions shall survive termination or expiration of this Privacy Policy or your use of the Services, and shall continue to bind you and us:

Disclaimers and Limitation of Liability (Section 15)
Indemnification (Section 16)
AI and Automated Systems Disclaimer (Section 18)
Force Majeure (Section 19)
Mandatory Arbitration and Dispute Resolution (Section 21)
Time Limitations on Claims (Section 22)
Releases and Waivers (Section 23)
Exclusive Remedies (Section 24)
Governing Law (Section 25)
This Section 27
Any other provisions that by their nature should survive

27.3 Entire Agreement

This Privacy Policy, together with our Terms of Service and any other legal notices or agreements published by us on the Services, constitutes the entire agreement between you and AllTheTables Limited concerning your use of the Services and the processing of your personal information. This Privacy Policy supersedes all prior or contemporaneous communications, proposals, and representations, whether electronic, oral, or written, between you and us with respect to the subject matter hereof.

27.4 No Waiver

Our failure to enforce any right or provision of this Privacy Policy shall not constitute a waiver of such right or provision. Any waiver of any provision of this Privacy Policy will be effective only if in writing and signed by an authorised representative of AllTheTables Limited. No waiver shall constitute a continuing waiver or waiver of any other provision.

27.5 Assignment

You may not assign, transfer, or sublicense any or all of your rights or obligations under this Privacy Policy without our prior written consent. We may assign, transfer, or sublicense any or all of our rights or obligations under this Privacy Policy without restriction and without notice to you, including in connection with any merger, acquisition, reorganisation, or sale of assets.

27.6 No Third-Party Beneficiaries

Except as expressly provided herein, this Privacy Policy does not create any third-party beneficiary rights in any individual or entity that is not a party to this Privacy Policy.

27.7 Interpretation

The section headings in this Privacy Policy are for convenience only and shall not affect the interpretation of any provision. The word "including" shall be interpreted as "including without limitation." Any ambiguities in this Privacy Policy shall not be construed against the drafter.

28. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

AllTheTables Limited (trading as Zenning AI)

Company registered in England and Wales

Email: contact@zenning.ai

For data protection enquiries, including to exercise your rights under applicable data protection laws, please email us at the address above with "Data Protection" in the subject line.

UK Supervisory Authority:
Information Commissioner's Office (ICO)
https://ico.org.uk