Privacy Policy

Privacy Policy – Zapla

Effective Date: 10th May 2025

Last Updated: 19 September 2025

Zapla respects your privacy and is committed to protecting personal information. This policy explains how we collect use disclose and safeguard information when you visit our websites or use our services.

Nothing in this policy limits your rights under the Australian Privacy Act and the Australian Privacy Principles. If you are located in the European Union the United Kingdom California or another jurisdiction with specific privacy rights we explain those rights below.

1. Scope and roles

This policy covers our websites apps and related services. For information we collect about you as a website visitor account user or billing contact we act as a controller. For information you import or generate inside your workspace including your customer contact lists messages call recordings and transcripts we act as a processor on your instructions.

2. Information we collect

We may collect the following categories

• Account and contact information name email phone company job title and similar details
• Billing information billing address tax identifiers and payment method details handled by our payments provider
• Workspace and configuration information team members roles settings templates and integrations
• Customer content contacts messages files call recordings and transcripts that you or your users upload or create
• Device and usage information IP address device identifiers browser and app versions pages viewed features used session times referral source and actions taken which we may collect through cookies and similar technologies
• Support and communications information help requests email and chat interactions feedback and survey responses
• Marketing preferences newsletter opt in and event registrations

We do not seek to collect sensitive information. Please do not submit health records payment card numbers outside our payments provider government identifiers biometric templates or information about children under thirteen.

3. How we use information

We use information to:

• Provide operate and support the services including provisioning accounts routing messages maintaining deliverability and offering customer support
• Secure the services including preventing misuse fraud and spam and enforcing policies
• Improve and develop the services including analytics quality assurance and product research
• Communicate with you about the services including onboarding updates billing and service announcements
• Send marketing communications where permitted and where you have not opted out
• Comply with law and respond to lawful requests and disputes

If you are in the EU or UK our legal bases include performance of a contract legitimate interests consent and compliance with legal obligations. We rely on consent for certain marketing and for optional cookies where required by law.

4. AI features

Our services may include AI features that process prompts inputs and outputs to provide the requested functionality. AI features can produce incorrect or incomplete content. You are responsible for reviewing outputs before use and for ensuring compliance with your own policies and laws. We do not use customer content to build public datasets. Where AI infrastructure providers assist in processing we require appropriate contractual safeguards.

5. Cookies and similar technologies

We use cookies and similar technologies to operate the site remember preferences authenticate users understand usage and measure marketing performance. You can control cookies through browser settings and where required by law through a consent banner. Disabling some cookies may affect site functionality.

6. Sharing information

We may share information with:

• Service providers to host store process and transmit data provide analytics communications customer support security and payments
• Professional advisers such as lawyers accountants and auditors
• Corporate events in connection with a merger acquisition financing or sale of all or part of our business
• Law enforcement or regulators where required by law or to protect rights safety or the services

We do not sell personal information. We do not allow service providers to use personal information for their own marketing.

7. International transfers

We may store and process information in Australia and in other countries. Where required we use lawful transfer mechanisms and take steps designed to protect your information consistent with this policy.

8. Messaging compliance and your responsibilities

You must have valid consent for each recipient identify the sender and provide a functional unsubscribe that is actioned within five business days in accordance with the Australian Spam Act and other applicable laws. You are solely responsible for the content and legality of your messages and contact lists including any call recording or transcription features where local consent rules apply.

9. Data retention

We keep personal information for as long as needed for the purposes described in this policy and to comply with legal and accounting obligations. After a subscription ends we retain workspace data for thirty days to enable export unless you request deletion earlier. We may retain minimal records such as invoices and logs as required by law and for legitimate business purposes. Backups are deleted on a rolling schedule.

10. Security

We maintain reasonable administrative technical and physical safeguards designed to protect information. No method of transmission or storage is perfectly secure. You are responsible for user access controls permissions device security and promptly revoking access for departing staff.

11. Your rights

Your rights will depend on your location

• Australia you can request access or correction and can complain to the Office of the Australian Information Commissioner
• European Union and United Kingdom you can request access correction deletion restriction portability and you can object to certain processing. You may withdraw consent at any time where we rely on consent
• California you can request access deletion correction and to opt out of certain sharing. We do not sell personal information or profile individuals for automated decisions that have legal or similarly significant effects

To exercise your rights contact us at [email protected]. We will verify your identity before acting on a request. You may authorise an agent where permitted by law.

12. Children

Our services are not directed to children under thirteen and we do not knowingly collect information from children. If you believe a child has provided personal information please contact us and we will take appropriate steps.

13. Third party links and integrations

The services may include links to other sites and integrations that you can enable. Their privacy practices are not governed by this policy. Review the privacy policies of those services.

14. Changes to this policy

We may update this policy from time to time. We will post the updated policy with a new date. Material changes will be notified through the service or by email where appropriate. Your continued use of the services after changes take effect constitutes acceptance of the updated policy.

15. Contact and complaints

You can contact us at [email protected] or [email protected]. If we do not resolve your concern you can contact the Office of the Australian Information Commissioner for guidance or to lodge a complaint.

Zapla subprocessors

Purpose hosting storage analytics communications customer support security and payments.
Location country where data is primarily processed.
Data categories types of personal information the provider may process when delivering its service.
Safeguards contractual and technical measures we require from each provider.

We may engage the following categories of providers:

• Cloud hosting and storage Location Data categories account and usage data and customer content Safeguards confidentiality obligations data at rest and in transit encryption access controls
• Analytics and product metrics Location Data categories device and usage data Safeguards aggregation and pseudonymisation
• Communications and engagement Location Data categories account contact and messaging metadata Safeguards opt out controls and anti spam measures
• Customer support and ticketing Location Data categories account and support data Safeguards role based access and audit
• Payments and billing Location Data categories billing details and tokens Safeguards PCI compliant processing and tokenisation
• Security monitoring and logging Location Data categories device and usage data Safeguards least privilege and logging

Subprocessor updates

We will update this page when we add or replace a subprocessor. You can subscribe to updates by emailing [email protected] with the subject Subscribe to subprocessor updates. If you object to a new subprocessor and have an active paid subscription contact us within thirty days of the update and we will work with you in good faith to find a reasonable alternative. If we cannot provide a reasonable alternative you may terminate the affected services and receive a pro rata account credit for the unused portion of your current term.