Privacy Policy
Effective Date: July 1, 2026
| Company | Zipd, Inc., a Delaware corporation |
| Platform | Zipd.ai |
| Effective Date | July 1, 2026 |
| Governing Law | California & US Federal law |
| CCPA Compliant | Yes — see Section 9 |
| Contact | privacy@zipd.ai |
1. Scope and Who This Policy Applies To
This Privacy Policy applies to:
- Visitors to our website at zipd.ai
- Subscribers who create accounts and use the Zipd.ai platform
- Authorized users added to a Subscriber's account
- Individuals whose contact information is entered into the platform by Subscribers (e.g., financial advisors whose details are stored by wholesaler users)
This Policy does not apply to the practices of companies we do not own or control, or to individuals we do not employ or manage. Where we act as a data processor on behalf of a Subscriber, we process data in accordance with our Data Processing Agreement and the Subscriber's instructions.
2. Information We Collect
2.1 Information You Provide Directly
We collect information you provide when creating an account or using the Platform:
| Category | Examples | Purpose |
|---|---|---|
| Account Information | Name, email, phone, company name, job title | Account creation, authentication, support |
| Billing Information | Payment card details (processed by Stripe), billing address | Payment processing — we do not store raw card data |
| Platform Content | Advisor contacts, pipeline notes, task descriptions, follow-up drafts | Core platform functionality |
| Communications | Support tickets, chat messages, feedback submissions | Customer support and product improvement |
| Profile Preferences | Notification settings, AI preferences, team configuration | Personalization and feature delivery |
2.2 Information Collected Automatically
When you use the Platform, we automatically collect:
| Category | Examples | Purpose |
|---|---|---|
| Usage Data | Pages visited, features used, actions taken, timestamps | Analytics, product improvement, security |
| Device & Technical Data | IP address, browser type, operating system, device identifiers | Security, fraud prevention, performance |
| Log Data | Server logs, error reports, access logs | Debugging, security monitoring |
| Cookies & Similar | Session cookies, preference cookies, analytics cookies | Authentication, UX personalization, analytics |
2.3 Information We Do NOT Collect
- Consumer Social Security numbers or government-issued ID numbers
- Consumer financial account numbers, routing numbers, or investment account details
- Consumer medical, health, or biometric information
- Consumer credit scores or detailed credit information
- Non-public personal information (NPI) as defined under the Gramm-Leach-Bliley Act
If you inadvertently submit such data, please notify us immediately at privacy@zipd.ai and we will assist with its deletion.
3. How We Use Your Information
We use the information we collect for the following purposes, each grounded in a lawful basis under applicable law:
| Purpose | Information Used | Lawful Basis |
|---|---|---|
| Platform Delivery | Account, content, usage data | Contractual necessity |
| Authentication & Security | Account, device, log data | Legitimate interests (security) |
| Payment Processing | Billing information | Contractual necessity |
| Customer Support | Account, communication data | Contractual necessity |
| AI Feature Improvement | Anonymized usage patterns | Legitimate interests (product improvement) |
| Legal Compliance | Any data as required | Legal obligation |
| Product Analytics | Aggregated, de-identified usage data | Legitimate interests |
| Marketing (with consent) | Email, name — opted-in users only | Consent |
3.1 AI and Machine Learning
Our Platform uses AI to generate workflow suggestions, draft communications, and surface pipeline insights. To do this:
- We analyze your usage patterns at the individual, team, and organization level
- We use aggregated, de-identified behavioral signals to train and improve AI models
- Your specific Subscriber Data is not shared with or used to train AI models for other customers
- You may opt out of AI personalization features in your account settings without losing core platform functionality
3.2 No Sale of Personal Data
4. Information Sharing and Disclosure
4.1 Service Providers
We share information with trusted service providers who assist us in operating the Platform, subject to confidentiality obligations:
| Service Provider Category | Purpose |
|---|---|
| Cloud Infrastructure (AWS) | Hosting, storage, compute — US-based data centers |
| Payment Processing (Stripe) | Secure payment handling — PCI-DSS compliant |
| Email Delivery | Transactional and notification emails |
| Analytics | Product usage analytics — anonymized where possible |
| Customer Support Tools | Help desk and ticket management |
| Error Monitoring | Debugging and platform reliability |
4.2 Business Transfers
If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal process (e.g., subpoena, court order, regulatory inquiry). Where permitted, we will notify you of such requests.
4.4 Protection of Rights
We may disclose information to protect the rights, property, or safety of Zipd.ai, our users, or others — including sharing information with law enforcement in cases of suspected fraud or illegal activity.
4.5 With Your Consent
We will share your information with third parties when you explicitly direct us to do so or provide consent.
4.6 Aggregated Data
We may share aggregated, de-identified data that cannot reasonably identify you, for industry benchmarking, research, or marketing purposes.
5. Data Security
5.1 Security Measures
We implement a defense-in-depth security approach appropriate for a B2B SaaS platform handling business sales data:
| Control | Implementation |
|---|---|
| Encryption in Transit | TLS 1.2+ for all data transmitted between client and server |
| Encryption at Rest | AES-256 encryption for all stored data |
| Access Controls | Role-based access control (RBAC), least-privilege principle |
| Authentication | Multi-factor authentication (MFA) available for all accounts |
| Infrastructure | US-based AWS data centers with SOC 2 Type II certification |
| Vulnerability Management | Regular dependency audits and security patching |
| Incident Response | Documented procedures for detecting and responding to incidents |
| Employee Access | Internal data access limited to need-to-know basis |
5.2 Your Responsibilities
You are responsible for maintaining the security of your account credentials, managing authorized user access, and ensuring your team uses the Platform in compliance with these policies.
5.3 Breach Notification
In the event of a data breach that materially affects your personal information, we will notify you as required by applicable law, including California law (Cal. Civ. Code § 1798.82) and applicable federal regulations, without unreasonable delay.
5.4 Security Roadmap
We are actively working toward SOC 2 Type I compliance. Enterprise customers requiring formal compliance documentation should contact us to discuss our current security posture and available attestations.
6. Data Retention
We retain your information for as long as necessary to provide the Platform and as required by law:
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of subscription plus 90 days post-cancellation |
| Billing records | 7 years (tax and accounting requirements) |
| Audit and security logs | 12 months from creation |
| Support communications | 3 years from ticket closure |
| Anonymized analytics | Indefinitely (no personal identifiers) |
| Data subject requests | 3 years from request resolution |
Upon account termination, we will retain your Subscriber Data for 90 days to allow export. After that period, we will securely delete or anonymize it unless we are required to retain it by law.
7. Cookies and Tracking Technologies
7.1 Cookies We Use
| Cookie Type | Purpose | Can Opt Out? |
|---|---|---|
| Strictly Necessary | Authentication, session management, security | No (required) |
| Functional | User preferences, language settings, saved configurations | Yes |
| Analytics | Usage patterns, feature adoption, performance metrics | Yes |
| Marketing | Personalized advertising on third-party sites (only if opted in) | Yes |
7.2 Managing Cookies
You can manage cookie preferences through your browser settings or our in-platform cookie preference center. Note that disabling strictly necessary cookies will impair Platform functionality.
8. Your Rights and Choices
Regardless of your jurisdiction, we honor the following rights for all users:
| Right | What It Means |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Correction | Request correction of inaccurate or incomplete data |
| Deletion | Request deletion of your personal data, subject to legal retention requirements |
| Portability | Request your data in a structured, machine-readable format (CSV or JSON) |
| Restriction | Request we limit processing of your data in certain circumstances |
| Objection | Object to processing based on legitimate interests |
| Withdraw Consent | Where processing is based on consent, withdraw at any time |
| Opt Out of AI | Opt out of AI personalization features in account settings |
| Opt Out of Marketing | Unsubscribe from marketing communications at any time |
To exercise any of these rights, contact us at privacy@zipd.ai. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
9. California Privacy Rights (CCPA/CPRA)
9.1 Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information:
- Identifiers (name, email, IP address, account ID)
- Commercial information (subscription plan, billing history)
- Internet or electronic network activity (usage data, log data)
- Professional or employment-related information (job title, firm name)
- Inferences drawn from the above to create user profiles for product personalization
9.2 Sale or Sharing of Personal Information
We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising without consent.
9.3 California-Specific Rights
- Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties we share with
- Right to Delete: Request deletion of personal information we have collected, subject to exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt Out: Opt out of the sale or sharing of personal information (we don't sell, but you may still submit a request)
- Right to Limit Sensitive PI Use: Limit our use of sensitive personal information to what is necessary to provide the Platform
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
9.4 Submitting California Requests
Submit California privacy requests at privacy@zipd.ai or by writing to us at our address. You may designate an authorized agent to make a request on your behalf. We will verify your identity before responding.
9.5 Shine the Light
California Civil Code Section 1798.83 allows California residents to request information regarding disclosures of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
10. Children's Privacy
The Platform is intended for use by business professionals aged 18 and older. We do not knowingly collect personal information from individuals under 18. If we learn we have inadvertently collected information from a minor, we will delete it promptly. If you believe a minor has provided us with their information, contact us at privacy@zipd.ai.
11. International Data Transfers
Our Platform is operated from the United States and our servers are located in the United States. If you are accessing the Platform from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country of residence. By using the Platform, you consent to this transfer. We apply appropriate safeguards for cross-border data transfers as required by applicable law.
12. Third-Party Links and Integrations
The Platform may link to or integrate with third-party services (e.g., calendar apps, email clients). This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you connect to the Platform. We are not responsible for the privacy practices of third parties.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes by:
- Sending an email to your registered email address at least 30 days before the effective date
- Displaying a prominent notice on the Platform
- Updating the "Effective Date" at the top of this Policy
Your continued use of the Platform after the effective date of an updated Policy constitutes acceptance of the changes. If you do not agree with the updated Policy, you must discontinue use before the effective date.
14. Data Processing Agreement
For Subscribers using the Platform to process personal data on behalf of their business (including storing contact information for financial advisors), we act as a data processor. A Data Processing Agreement (DPA) is available upon request and governs our processing obligations, subprocessors, and security measures in detail. Enterprise and team subscribers may request our standard DPA at legal@zipd.ai.
15. Contact and Data Controller Information
| Privacy Inquiries | privacy@zipd.ai |
| Legal & Compliance | legal@zipd.ai |
| Data Controller | Zipd, Inc., Irvine, California, United States |
| Response Time | Within 30 days of verified request |