Privacy Policy

1. Who we are

Zerde ("Zerde," "we," "our," or "us") is a technology company that provides AI-powered lead engagement and enrollment automation services for vocational and trade schools (collectively, "Services"). Our platform combines AI agents with human specialists to help schools capture, nurture, and convert prospective students.

In this policy, "Customer" means any school or organization that has a signed agreement to use the Zerde platform. "End User" means any prospective or current student who interacts with Zerde's AI agents on behalf of a Customer.

Contact us: privacy@zerde.io (or info@zerde.io until the privacy alias is active).

2. Information we collect

From Customers (schools)

• Account information: school name, authorized admin names, email addresses, billing contacts.
• Configuration data: agent settings, program information, scheduling rules, CRM credentials (encrypted).
• Usage data: logins, feature usage, API calls, dashboard activity.

From End Users (prospective students)

• Contact information provided during enrollment inquiries: name, phone number, email address.
• Conversation history: SMS and voice transcripts between the End User and the AI agent.
• Expressed preferences: program interests, availability, financial aid interest.
• Consent records: timestamp, source, and method of SMS opt-in consent.
• Appointment records: scheduled tours, confirmations, and attendance.

We do not collect student educational records. Zerde only handles lead/prospect contact information and conversation history for the purpose of enrollment engagement. Once a student is enrolled, data processing ends and is handed off to the school's own systems.

3. How we use information

• To operate and deliver the Services to Customers.
• To send SMS and voice communications to End Users who have provided consent.
• To train and improve AI agent performance (aggregated, de-identified signals only).
• To detect abuse, fraud, and policy violations.
• To comply with legal obligations.
• To communicate with Customer admins about service updates, renewals, and support.

We do not sell, rent, or trade personal information to third parties for marketing purposes.

4. TCPA compliance

Zerde is built with TCPA (Telephone Consumer Protection Act) compliance as a core requirement, not an afterthought.

• Explicit consent required: We only send marketing or enrollment SMS messages to End Users who have explicitly opted in. All opt-in forms use an unchecked checkbox by default — pre-checked consent is not permitted on any Zerde-connected form.
• Consent records: Every consent event is logged with timestamp, source URL or channel, and the exact disclosure language shown to the user.
• Keyword handling: STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, and QUIT immediately halt all outbound messages to that number. HELP and INFO return the required HELP response. These are processed automatically and cannot be overridden.
• No third-party lists: Zerde does not send messages to purchased or third-party contact lists.
• Quiet hours: Automated messages are restricted to 8am–9pm in the recipient's local timezone by default.

5. FERPA-adjacent practices

Zerde does not collect, process, or store "education records" as defined under FERPA (Family Educational Rights and Privacy Act). Our platform only handles:

• Prospective student contact information (pre-enrollment).
• Enrollment inquiry conversations.
• Appointment data for campus tours and information sessions.

Customers are solely responsible for ensuring FERPA compliance for enrolled students' educational records within their own systems. Zerde's role ends at enrollment.

6. Sub-processors

Zerde uses the following third-party sub-processors to deliver the Services. We will provide 30 days notice of material changes to this list.

7. Data retention

• Customer account data: Retained for the duration of the Customer agreement plus 90 days after termination, then deleted or anonymized.
• End User lead data and conversation history: Retained for the duration of the Customer agreement plus 90 days. Customers may request earlier deletion.
• Audit logs: Retained for 12 months from creation, then deleted.
• Consent records: Retained for a minimum of 4 years to comply with TCPA documentation requirements.
• Billing records: Retained for 7 years per standard accounting requirements.

8. California / CCPA-CPRA rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete: You may request deletion of personal information we hold about you, subject to certain exceptions.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt out of sale or sharing: We do not sell or share personal information for cross-context behavioral advertising. This right does not currently apply.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, email privacy@zerde.io. We will respond within 45 days as required.

9. Security

We implement industry-standard technical and organizational security measures including encryption in transit (TLS 1.2+), encryption at rest, access controls with least-privilege principles, and regular security reviews. Despite these measures, no system is completely secure. We will notify affected Customers of any data breach in accordance with applicable law.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will provide notice of material changes by email to Customer admins and by updating the "Last updated" date above. Continued use of the Services after the effective date constitutes acceptance.

11. Contact

For privacy questions, requests, or concerns: