This Privacy Policy explains how CopilotZone collects, uses, discloses, and protects personal information in connection with the CopilotZone website, training platform, and related services (collectively, the "Service"). By using the Service, you acknowledge the practices described in this Privacy Policy.

1. Information we collect

Depending on how the Service is used, CopilotZone may collect:

• Contact and account information, such as name, work email, company, role, and login credentials.
• Training and platform usage data, such as assigned courses, module completion, quiz responses, quiz results, progress updates, timestamps, and user activity needed to deliver the Service.
• Communications data, including information you provide in contact forms, trial requests, support requests, and emails.
• Device and technical data, such as IP address, browser type, approximate device information, request metadata, authentication events, and security logs.
• Cookie and session data, including strictly necessary session and CSRF protection cookies used to authenticate users and secure the Service.

2. How we use information

CopilotZone may use personal information to:

• provide, operate, maintain, and secure the Service;
• authenticate users and manage access controls;
• assign and deliver training content;
• track completion, reporting, and administrative workflows;
• respond to inquiries, demo requests, and support requests;
• monitor performance, troubleshoot issues, detect abuse, and improve the Service; and
• comply with legal obligations and enforce our agreements.

3. Legal bases and organizational roles

Where applicable law requires a legal basis, CopilotZone processes information based on one or more of the following: performance of a contract, legitimate interests in operating and securing the Service, compliance with legal obligations, and consent where required.

When an organization uses CopilotZone for workforce or internal training, that organization may act as the controller or business responsible for user data submitted to the Service, and CopilotZone may act as a processor or service provider on its behalf.

4. Cookies and similar technologies

CopilotZone uses cookies and similar technologies primarily for security and session management. This includes cookies used to maintain authenticated sessions and defend against cross-site request forgery. If you disable essential cookies, parts of the Service may not function correctly.

5. How we share information

CopilotZone does not sell personal information for money. We may share information:

• with hosting, infrastructure, security, delivery, and support providers that help us operate the Service;
• with the organization that administers your account or training program;
• when required to comply with law, regulation, court order, or lawful request;
• to investigate, prevent, or respond to suspected fraud, abuse, security incidents, or legal claims; or
• as part of a business transaction such as a merger, financing, acquisition, or asset sale, subject to applicable confidentiality protections.

6. Data retention

CopilotZone retains personal information for as long as reasonably necessary to provide the Service, maintain security and audit records, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary depending on account status, organizational requirements, and legal or operational needs.

7. Security

CopilotZone uses reasonable administrative, technical, and organizational measures designed to protect personal information, including authentication controls, transport security, request protection measures, and security logging. No method of transmission, storage, or security control is completely foolproof, and we cannot guarantee absolute security.

8. International data handling

Your information may be stored or processed in jurisdictions other than your own, depending on hosting or service provider arrangements. Where required, CopilotZone will take reasonable steps intended to provide appropriate safeguards for cross-border transfers.

9. Your choices and rights

Depending on applicable law, you may have rights to access, correct, delete, restrict, object to, or request portability of your personal information. Where your account is provided through an employer or organization, requests relating to training records or managed account data may need to be directed to that organization first.

10. Children's privacy

The Service is intended for business, workplace, and adult educational use and is not directed to children.

11. Third-party sites and services

The Service may contain links to third-party sites or rely on third-party services not controlled by CopilotZone. This Privacy Policy does not apply to third-party services, and you should review their policies separately.

12. Changes to this Privacy Policy

CopilotZone may update this Privacy Policy from time to time. Changes become effective when posted unless a later effective date is stated.

13. Contact

For privacy questions or requests, contact hello@copilotzone.com.

---

Important: this Privacy Policy is a practical baseline and should be reviewed by qualified counsel if you need company-specific disclosures, regulatory mapping, or customer-contract language for GDPR, CCPA/CPRA, HIPAA, SOC 2, or sector-specific compliance.