Privacy Policy

FranchiseZRM collects information in three main categories: information you provide directly, information generated through your use of the platform, and information received from integrated third-party systems. We collect only what is necessary to operate the service and fulfil our contractual obligations.

We use the information we collect for specific, legitimate purposes directly related to operating the ZRM platform and fulfilling our obligations to you as a customer. We do not use your franchise operational data, revenue data, or CRM data for purposes other than service delivery.

• Service delivery: operating the ZRM platform, processing royalty calculations, maintaining the franchise tree structure, and providing the Sales and FBC workspace, Royalty Automation engine, and Zee Portal
• Account management: creating and administering your account, authenticating users, and managing your subscription
• Communication: responding to your enquiries, sending service notifications, product updates, and (with your consent) information about ZRM features relevant to your use case
• Audit and compliance: maintaining the audit trail required for royalty calculation records, supporting any regulatory or contractual review of financial records you are subject to
• Platform improvement: using aggregated, de-identified usage data to understand how the platform is used and where improvements are needed — no individual franchise operational data is used for this purpose
• Security and fraud prevention: detecting and preventing unauthorized access, abuse, or anomalous platform activity
• Legal compliance: meeting obligations under applicable laws, including responding to lawful requests from regulatory authorities
• Business operations: billing, financial record-keeping, and enforcing our Terms of Use

We do not sell personal information. We do not share franchise operational data, revenue data, or CRM data with third parties for marketing, advertising, or commercial purposes. Sharing is limited to the following circumstances:

We implement technical and organisational measures designed to protect the information we hold against unauthorised access, disclosure, alteration, or loss. No system is entirely immune from risk, but we maintain a layered security posture appropriate to the sensitivity of franchise operational and financial data.

• Encryption in transit: all data transmitted between your browser, the ZRM application, and our infrastructure is encrypted using TLS
• Encryption at rest: data stored in ZRM databases and file storage is encrypted at rest
• Authentication controls: access to the ZRM platform requires authenticated login; administrative access to production systems is restricted to authorised personnel only and subject to multi-factor authentication
• API credential handling: credentials used to connect ZRM to revenue integration systems are encrypted at rest and never stored in plain text or exposed in application logs
• Role-based access: within your ZRM account, access to data is scoped by role — leadership, sales, FBC, and franchisee (Zee Portal) views are each restricted to appropriate data
• Audit logging: access to sensitive records — including royalty calculations, agreement data, and revenue records — is logged with timestamps and user references as part of the platform's built-in audit trail
• Incident response: we maintain procedures for detecting, investigating, and responding to security incidents, including notification to affected customers where required by law

Depending on your location and applicable law, you may have rights regarding the personal information we hold about you. We respect these rights and will respond to valid requests promptly. To exercise any of the rights below, contact us at [email protected].

If you are located in the European Economic Area, United Kingdom, or California, additional rights and specific response timeframes may apply under GDPR, UK GDPR, or the CCPA/CPRA respectively. We will identify and honour the applicable framework in responding to your request.

We retain personal information and franchise operational data for as long as necessary to fulfil the purposes for which it was collected, to provide the service, and to meet our legal and contractual obligations.

Active accounts: data is retained for the duration of your ZRM subscription and as necessary to support ongoing service delivery. You can request an export of your data at any time.

Royalty and financial records: audit records associated with royalty calculations — including the revenue source, agreement, fee schedule, and calculated output — may be subject to statutory retention obligations. The applicable retention period depends on the jurisdiction in which you operate and will be discussed during onboarding.

After contract termination: we will retain data for a reasonable period following contract end to allow for export requests and to meet any applicable legal obligations. After that period, data is deleted or de-identified according to our internal retention procedures. Specific timelines are confirmed in your service agreement.

Marketing and communication data: if you have not entered into a contract with us (for example, if you submitted a demo request but did not proceed), we retain your contact details for a reasonable period for follow-up purposes and delete them if you have not engaged further or have requested deletion.

We use cookies and similar tracking technologies on the FranchiseZRM website and platform. Cookies are small text files placed on your device that help us operate the site, understand how it is used, and improve the experience.

You can manage cookie preferences through your browser settings or via our cookie management tool. Note that disabling certain cookies may affect the functionality of the ZRM platform.

ZRM integrates with third-party platforms to retrieve revenue data for royalty calculation. These integrations are separate from ZRM's own data handling and are governed by the privacy policies of the respective platforms.

Revenue integration partners — including but not limited to Square, Toast, Lightspeed, Clover, QuickBooks, Xero, Stripe, and Mindbody — operate under their own privacy policies. When ZRM connects to these systems via read-only API access, the data retrieved (revenue totals, period identifiers, location references) is handled by ZRM as described in this policy. ZRM does not control or take responsibility for the privacy practices of these third-party platforms.

We recommend reviewing the privacy policies of any system your franchisees use that is connected to ZRM. If you have concerns about a specific integration's data handling, contact us at [email protected].

Analytics and monitoring: we use third-party analytics tools to understand platform usage. These tools process aggregated, de-identified data only — individual franchise operational records are not shared with analytics providers.

Payment processing: billing for ZRM subscriptions is handled by a third-party payment processor. We do not store full payment card details. The payment processor's own privacy policy governs how it handles billing information.

FranchiseZRM is primarily operated from the United States. If you access ZRM from outside the United States, your information will be transferred to and processed in the United States and potentially in other countries where our service providers operate.

Where we transfer personal information of individuals located in the European Economic Area or United Kingdom to countries that are not considered to provide an adequate level of data protection under applicable law, we implement appropriate safeguards — such as Standard Contractual Clauses — to protect that information in transit and at the destination.

If you have questions about the safeguards we apply to international transfers of your data, contact us at [email protected].

ZRM is a B2B SaaS platform intended exclusively for use by business professionals at franchise headquarters organisations and their franchisees. We do not knowingly collect personal information from individuals under the age of 18.

If you believe that personal information of a minor has been inadvertently collected, please contact us at [email protected] and we will take steps to delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, the platform, or applicable law. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes — those that meaningfully affect how we handle your personal information or your rights — we will provide notice by email to the primary account contact at least 30 days before the change takes effect, or as required by applicable law. We may also display a notice within the ZRM platform.

For non-material changes — such as corrections, clarifications, or changes to contact details — we will update the policy without advance notice beyond the updated date.

We encourage you to review this policy periodically. Continued use of ZRM after the effective date of any change constitutes your acceptance of the updated policy. If you do not agree with a material change, you may request to terminate your account in accordance with your service agreement.

If you have questions about this Privacy Policy, how we handle your data, or to exercise any of your rights, reach us through the following channels. We will respond within the timeframe required by applicable law — and typically much sooner.