Login
Book a Demo
Products
The platform
Zapla CRM
Manage leads, clients, and sales in one place.
Zapla Automation
Automate tasks, follow-ups, and reminders.
Zapla Pipeline
Track and move deals.
Zapla AI
Smart insights and automation powered by AI.
Zapla Marketing
Run and manage marketing campaigns
Zapla Reputation
Monitor and improve your online reviews.
Services+
Zapla+ Ads
Targeted ad campaigns that drive leads.
Zapla+ PR
Build credibility with press and media coverage.
Tools
Solutions
Solutions
Instant Text Back 24/7
Miss a call, miss a sale. Instantly strike back and close the deal.
AI Receptionist
Fire your front desk. This AI never sleeps, forgets or fumbles a lead.
AI AIRBNB Guest Concierge
Give 5-star service without lifting a finger. Automate the whole guest experience.
Empty Seat Rescue
Don't let a table go cold. Blast VIPs and pack your venue in minutes
QR Events Manager
Streamline event check-ins, follow ups and attendee capture with QR powered automation
Thought Leader Accelerator
Stop being invisible. Dominate your niche with authority-driving AI content.
Plans & Pricing
Speak to Sales
Resources

Privacy Policy

Last updated 4th April 2026

Privacy Policy – Zapla

Effective Date: 10th May 2025

Last Updated: 4th April 2026

Zapla respects your privacy and is committed to protecting personal information. This policy explains how we collect, use, disclose and safeguard information when you visit our websites or use our services.

Nothing in this policy limits your rights under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) or any other non‑excludable law. If you are located in the European Union, the United Kingdom, California, or another jurisdiction with specific privacy rights, those rights are described below.

1. Scope and roles

This policy covers our websites, apps and related services (together, the Services).

For information we collect about you as a website visitor, account user or billing contact, Zapla acts as a controller (or “APP entity”).

For information you import or generate inside your workspace – including your customer contact lists, messages, call recordings and transcripts – Zapla acts as a processor/service provider on your instructions.

Where you use the Services on behalf of a business, you are responsible for ensuring your use of the Services, and your instructions to Zapla, comply with applicable privacy, spam and telecommunications laws.

2. Information we collect

We may collect the following categories of information:

Account and contact information – name, email, phone number, company, job title and similar details.

Billing information – billing address, tax identifiers and payment method details, which are processed by our payments provider; Zapla does not store full card numbers.

Workspace and configuration information – team members, roles, settings, templates and integrations inside your workspace.

Customer content – contacts, messages, files, call recordings and transcripts that you or your users upload or create in the Services.

Device and usage information – IP address, device identifiers, browser and app versions, pages viewed, features used, session times, referral source and actions taken, which we may collect through cookies and similar technologies.

Support and communications information – help requests, email and chat interactions, feedback and survey responses.

Marketing preferences – newsletter opt‑in status and event registrations.

We do not intentionally collect sensitive information such as health records, government identifiers, biometric templates or information about children under thirteen. Please do not submit this information into the Services.

3. How we use information

We use information to:

Provide, operate and support the Services, including provisioning accounts, routing messages, maintaining deliverability and providing customer support.

Secure the Services, including preventing misuse, fraud and spam, enforcing policies and protecting Zapla, users and third parties.

Improve and develop the Services, including analytics, quality assurance, testing and product research.

Communicate with you about the Services, including onboarding, updates, billing and service announcements.

Send marketing communications where permitted by law and where you have not opted out.

Comply with legal obligations and respond to lawful requests, disputes and enforcement demands.

If you are in the EU or UK, our legal bases may include performance of a contract, legitimate interests, consent and compliance with legal obligations. Where required by law, we rely on consent for certain marketing and optional cookies.

4. AI features

Our Services include AI features that process prompts, inputs and outputs to provide requested functionality, such as content drafting, summarisation or workflow automation. AI outputs may be incorrect or incomplete. You are responsible for reviewing outputs before use and ensuring they are appropriate for your context.

Zapla does not use customer content to train public AI models or create public datasets. Where AI infrastructure providers assist with processing, Zapla requires contractual safeguards that limit their use of personal information to providing services to Zapla.

5. Cookies and similar technologies

We use cookies and similar technologies to:

keep you signed in and secure your sessions

remember your preferences

understand how the Services are used

measure marketing performance.

Where required by law, you will see a consent banner that allows you to manage optional cookies. You can also control cookies through your browser settings, but disabling some cookies may affect site functionality.

6. Sharing information

We may share information with:

Service providers and subprocessors that host, store and process data or provide analytics, communications, customer support, security, payments and similar services to Zapla.

Professional advisers such as lawyers, accountants and auditors.

Corporate transaction counterparties in connection with a merger, acquisition, financing or sale of all or part of our business.

Regulators and law enforcement where required by law or reasonably necessary to protect rights, safety or the Services.

We do not sell personal information in the sense of transferring it to third parties for their independent marketing.

Service providers may only use personal information to provide services to Zapla and must handle it under appropriate confidentiality, security and data‑protection obligations.

7. International transfers

Zapla is based in Australia and supports customers in Australia and Singapore. Information may be stored and processed in Australia, Singapore and other countries where Zapla or its subprocessors operate, including the United States.

Where personal information is transferred internationally, Zapla uses contractual and organisational safeguards designed to protect it in line with this policy and applicable law, such as appropriate contractual clauses and risk assessments.

8. Messaging compliance and your responsibilities

You are solely responsible for the lawfulness of your contact lists, messages and communications when using the Services.

You must:

have a valid legal basis or consent for each recipient

identify the sender in each message

provide a functional unsubscribe or opt‑out and action it within a reasonable period (for example within five business days)

comply with applicable laws and platform rules, including the Australian Spam Act 2003 (Cth), the Privacy Act 1988 (Cth) and any local telecommunication or direct‑marketing rules.

If you use call recording, voicemail transcription or similar features, you are responsible for providing all required notices and obtaining any required consents before recording or monitoring communications.

Zapla may monitor high‑level metrics such as spam complaints, bounce rates and delivery errors and may suspend or restrict messaging where necessary to protect the Services and third‑party providers.

9. Data retention

Zapla keeps personal information for as long as needed for the purposes described in this policy and to comply with legal and accounting obligations.

After a subscription ends, Zapla generally retains workspace data for up to 60 days to enable export or reactivation, unless you request deletion earlier or law requires a different period.

After that period, data may be deleted or de‑identified from active systems, subject to legal archiving requirements.

Some minimal records – such as invoices, transaction records and security logs – may be retained for longer for tax, auditing, security or dispute‑resolution purposes.

Backups are overwritten on a rolling schedule. Residual copies may persist for up to 90 days after deletion from active systems, but are not used for day‑to‑day processing.

10. Security

Zapla maintains reasonable administrative, technical and physical safeguards designed to protect information against unauthorised access, use or disclosure.

You are responsible for:

managing user access and permissions within your account

keeping your devices and authentication credentials secure

promptly revoking access for staff or contractors who no longer require it.

No method of transmission or storage is completely secure, and you should consider this when deciding what information to store in the Services.

11. Your rights

Your rights depend on your location and the laws that apply to you.

Australia – you can request access to, and correction of, personal information that Zapla holds about you. You may also complain to the Office of the Australian Information Commissioner (OAIC).

European Union and United Kingdom – you may have rights to request access, correction, deletion, restriction, portability and to object to certain processing. Where Zapla relies on consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

California and similar jurisdictions – you may have rights to request access, deletion, correction and to opt out of certain disclosures.

To exercise your rights, contact us using the details below. We may need to verify your identity and may refuse or limit requests where permitted or required by law.

12. Children

The Services are not directed to children under thirteen, and Zapla does not knowingly collect personal information from children. If you believe a child has provided personal information to Zapla, please contact us so that appropriate steps can be taken, which may include deletion.

13. Third‑party links and integrations

The Services may contain links to third‑party sites and integrations you choose to enable. Their privacy practices are not governed by this policy. You should review the privacy policies of any third‑party services you use or connect to the Services.

14. Changes to this policy

Zapla may update this policy from time to time. Updated versions will be posted with a new “Last Updated” date. Where changes are material, Zapla will take reasonable steps to notify you, for example via in‑product notices or email.

Your continued use of the Services after an updated policy takes effect constitutes acceptance of the changes.

15. Contact and complaints

If you have questions about this policy or wish to exercise your rights, you can contact Zapla at:

Privacy: [email protected]

General: [email protected]

If you are not satisfied with how we handle your concern, you may contact the OAIC or another regulator with jurisdiction.

16. Subprocessors

Zapla uses certain third‑party service providers (“subprocessors”) to host, store and process personal information on Zapla’s behalf.

For each subprocessor, Zapla considers:

the purpose of processing

the processing location or locations

the categories of personal information involved

the security, confidentiality and privacy safeguards that apply, including contractual data‑protection obligations.

Zapla may engage the following categories of providers:

Cloud hosting and storage – data‑centre and infrastructure providers that host the Services.
Location: country where data is primarily processed.
Data categories: account and usage data and customer content.
Safeguards: confidentiality obligations, data‑at‑rest and in‑transit encryption, access controls.

Analytics and product metrics – tools used to understand product usage and performance.
Location: country where the analytics provider operates.
Data categories: device and usage data (for example, pages viewed, features used, performance metrics).
Safeguards: aggregation and pseudonymisation where appropriate.

Communications and engagement – email and in‑app messaging tools used for account notices and product updates.
Location: country where the provider operates.
Data categories: account, contact and messaging metadata.
Safeguards: unsubscribe and preference controls, anti‑spam measures.

Customer support and ticketing – platforms used to handle support requests and knowledge‑base content.
Location: country where the provider operates.
Data categories: account and support data.
Safeguards: role‑based access, audit logging and confidentiality obligations.

Payments and billing – payment gateways and billing platforms.
Location: country where the provider operates.
Data categories: billing details and payment tokens (Zapla does not store full card numbers).
Safeguards: PCI‑compliant processing, tokenisation and strong access controls.

Security monitoring and logging – tools used for security, logging and incident detection.
Location: country where the provider operates.
Data categories: device and usage data and limited account metadata.
Safeguards: least‑privilege access, logging and monitoring.

An up‑to‑date summary of Zapla’s main subprocessors, including their roles and processing locations, is available on request by emailing [email protected]. Zapla will update its records when it adds or replaces a material subprocessor. You can subscribe to subprocessor updates by emailing [email protected] with the subject “Subscribe to subprocessor updates”.

If Zapla materially adds or replaces a subprocessor in a way that significantly affects your personal information, Zapla will provide notice (for example, by email, in‑product notice or via an updated subprocessor page). If you reasonably object to a new subprocessor and have an active paid subscription, you must contact Zapla within thirty days of the notice and Zapla will work with you in good faith to find a reasonable alternative. If no reasonable alternative is available, you may terminate the affected services and receive a pro‑rata account credit for the unused portion of your current term, to the extent permitted by law.