Privacy Policy

Effective date: 29 November 2025

This Privacy Policy explains how XGC LLP trading as RYZCOM (“RYZCOM”, “we”, “us” or “our”) collects, uses, discloses and protects personal data when you use our website, platform and related services (collectively, the “Service”), and describes the rights available to individuals under applicable data protection laws.

This Privacy Policy should be read together with our Terms of Service. Capitalised terms not defined here have the meaning given in the Terms of Service.

1. Who We Are

The Service is operated by XGC LLP, a limited liability partnership registered in England and Wales (registration number OC457401) with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

For certain types of personal data, RYZCOM acts as an independent data controller (for example, when we process billing, account, website and marketing data for our own business purposes). When we process personal data in Customer conversations and workspaces, we generally act as a data processor (or service provider) on behalf of our Customer, who is the data controller.

This Privacy Policy describes our activities as a controller. When we act as a processor, we process personal data in accordance with our agreements with Customers and their own privacy policies.

2. Scope of This Privacy Policy

2.1 When this Privacy Policy applies

This Privacy Policy applies to personal data that we process when you:

• visit or use our websites and web applications;
• create or use an account on the Service;
• communicate with us, for example by email or through support;
• receive marketing communications from us; or
• participate in demos, surveys, events or promotions organised by us.

2.2 When Customer policies apply

If you engage with a Customer through the Service (for example, as an end-customer of one of our Customers), the Customer’s privacy policy will govern how your personal data is used by that Customer. RYZCOM is not responsible for the privacy practices of our Customers or other third parties.

3. Personal Data We Collect

3.1 Information you provide to us

We may collect the following types of personal data directly from you:

• Account and profile data – such as your name, job title, organisation name, business email address, password, language preferences and profile details.
• Contact details – such as your email address, phone number and any other contact details you choose to share with us.
• Billing and payment data – such as billing contact details, billing address, tax/VAT information, payment method details (processed via our payment providers), transaction history and Subscription details.
• Support and communication records – such as information you provide when you contact us for support, feedback or other queries, including the content of your messages and any attachments.
• Marketing preferences – such as your preferences regarding marketing communications, and information you provide when you subscribe or unsubscribe.

3.2 Information collected through the Service

When you use the Service, we automatically collect certain technical and usage information, which may include:

• Log and usage data – such as IP address, device identifiers, browser type and settings, operating system, referring URLs, pages viewed, features used, click data, date and time stamps, and other activity logs.
• Service configuration and metadata – such as workspace and channel configuration, integrations you enable, user roles, and system settings.
• Diagnostic and performance data – such as error logs, crash data, and performance metrics that help us maintain and improve the Service.

3.3 Customer Data processed on behalf of Customers

Through the Service, Customers may upload or generate Customer Data, which can include personal data of their own customers, employees or other individuals (for example, messages, contact details, ticket information or conversation history). In these cases:

• the Customer determines the purpose and means of processing such personal data; and
• RYZCOM processes such personal data solely on behalf of the Customer and in accordance with our data processing agreement and the Customer’s instructions.

3.4 Information from third-party sources

We may receive personal data from third parties, such as:

• Third-Party Platforms and integrations that you connect to the Service (for example, email providers, CRM tools, messaging platforms or identity providers);
• Partners and service providers who help us with lead generation, analytics, payment processing, support or other services;
• Public sources – such as public websites, professional networks or public registers.

4. How We Use Personal Data

4.1 Providing and operating the Service

We use personal data to:

• create and manage user accounts and workspaces;
• provide, configure and maintain the Service and its features;
• process transactions and manage Subscriptions;
• provide customer support and respond to your requests;
• enable integrations with Third-Party Platforms that you choose to connect.

4.2 Improving and securing the Service

We process personal data to:

• monitor and analyse usage, performance and trends;
• fix bugs, troubleshoot issues and improve user experience;
• develop new features and enhancements;
• protect the security and integrity of the Service and our infrastructure;
• detect, prevent and investigate potential fraud, abuse or violations of the Terms of Service.

4.3 Communications

We may use personal data to:

• send you transactional and service-related messages, such as notices about changes, security alerts and technical updates;
• respond to your queries, requests and feedback;
• send you marketing communications about our products, features, events or offers, where permitted by law. You can opt out at any time (see Section 11).

4.4 Legal and compliance purposes

We may process personal data as necessary to comply with legal obligations, enforce our rights, respond to lawful requests from authorities, or protect our legitimate interests (for example, in connection with the establishment, exercise or defence of legal claims).

5. Legal Bases for Processing (EEA/UK)

If you are located in the United Kingdom or the European Economic Area, we process your personal data on the following legal bases:

• Performance of a contract – where processing is necessary to provide the Service and fulfil our contractual obligations (for example, to manage your Subscription).
• Legitimate interests – for purposes such as improving and securing the Service, managing our relationship with you, and promoting our services in a way that does not override your rights and freedoms.
• Consent – where required by law, for example for certain marketing communications or non-essential cookies. You can withdraw consent at any time.
• Legal obligations – where processing is necessary to comply with applicable laws, regulations or regulatory requirements.

6. How We Share Personal Data

6.1 Service providers

We may share personal data with carefully selected third-party service providers who help us operate, secure and support the Service, such as:

• hosting and cloud infrastructure providers;
• communication and messaging providers;
• payment processors and billing providers;
• analytics and monitoring tools;
• customer support and ticketing tools;
• professional advisors (for example, legal, accounting or audit firms).

These service providers may access personal data only to the extent necessary to perform their services for us and are bound by contractual obligations to protect personal data.

6.2 Customers and workspace administrators

If you use the Service under a Customer account, certain personal data may be visible to other users within the same workspace or organisation (for example, your name, role, profile and activity within the workspace). Workspace administrators may access and manage information associated with your account.

6.3 Third-Party Platforms

If you choose to connect the Service with Third-Party Platforms (such as messaging apps, email providers or CRMs), we may share personal data with those platforms as necessary to enable the integration. Those platforms are governed by their own terms and privacy policies.

6.4 Business transfers

We may share or transfer personal data in connection with a merger, acquisition, reorganisation, sale of assets or similar corporate transaction. In such cases, we will take reasonable steps to ensure that the recipient honours this Privacy Policy or provides substantially similar protections.

6.5 Legal requirements and protection of rights

We may disclose personal data if we believe in good faith that such disclosure is reasonably necessary to:

• comply with applicable laws, regulations or legal processes;
• respond to lawful requests from public authorities;
• enforce our agreements and policies, including the Terms of Service;
• protect the rights, property or safety of RYZCOM, our Customers, users or others.

6.6 No selling of personal data

We do not sell personal data in the sense of applicable data protection laws. We also do not share personal data with third parties for their own independent marketing purposes without your consent.

7. International Data Transfers

RYZCOM is based in the United Kingdom, and some of our service providers or infrastructure may be located in other countries. As a result, personal data may be transferred to and processed in countries outside of your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction.

Where required by law, we implement appropriate safeguards for such transfers, such as standard contractual clauses approved by relevant authorities, and we take steps to ensure that your personal data remains protected in accordance with this Privacy Policy.

8. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law (for example, for tax, accounting or legal reasons).

In general:

• account and billing data are retained for the duration of your relationship with us and for a reasonable period thereafter;
• logs and usage data are retained for operational and security purposes for a limited period, after which they may be anonymised or deleted;
• Customer Data is retained in accordance with our agreements with Customers and may be deleted or anonymised after termination of the Service, subject to applicable legal obligations.

9. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or destruction. These measures include access controls, encryption in transit where appropriate, secure development practices and regular monitoring of our systems.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect personal data, we cannot guarantee absolute security.

10. Your Rights

Depending on your location and subject to applicable law, you may have certain rights in relation to your personal data, including:

• Access – to obtain confirmation whether we process your personal data and receive a copy.
• Rectification – to request correction of inaccurate or incomplete personal data.
• Erasure – to request deletion of your personal data in certain circumstances.
• Restriction – to request that we restrict processing in certain circumstances.
• Portability – to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller where technically feasible.
• Objection – to object to processing based on legitimate interests, and to object at any time to processing for direct marketing.
• Withdrawal of consent – where processing is based on your consent, to withdraw that consent at any time.

To exercise your rights, please contact us using the details in Section 15. We may need to verify your identity before responding to your request. If we process your personal data on behalf of a Customer, we may redirect your request to that Customer.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO).

11. Marketing Communications

We may send you marketing communications about our products, features or events if you have signed up to receive them, or if you are a Customer or user and we are permitted to do so by law.

You can opt out of marketing communications at any time by:

• clicking the “unsubscribe” link in the relevant email; or
• contacting us using the details in Section 15.

Even if you opt out of marketing communications, we may still send you transactional or service-related messages where necessary.

12. Cookies and Similar Technologies

We use cookies and similar technologies on our websites and within the Service to enable core functionality, remember your preferences, analyse usage and improve our services.

Where required by law, we will ask for your consent before using non-essential cookies or similar technologies. You can manage your cookie preferences through your browser settings or via any cookie management tool we provide.

13. Children’s Privacy

The Service is intended for business users and is not directed to children. We do not knowingly collect personal data from children under 16 (or a lower age as permitted by local law) without appropriate consent. If you believe that a child has provided us with personal data in violation of this Privacy Policy, please contact us and we will take steps to delete such information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. When we make material changes, we will take reasonable steps to notify you (for example, by email or through the Service) and update the “Effective date” at the top of this document.

Your continued use of the Service after the updated Privacy Policy becomes effective constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you should stop using the Service.

15. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our processing of personal data, please contact us:

Email: contact@ryzcom.com
Post: XGC LLP, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

This Privacy Policy is provided for general information purposes only and does not constitute legal advice. You should seek independent legal advice to ensure that your use of the Service and your implementation of this policy complies with all applicable laws.