Privacy by Design

At Zip, we design and build our products with privacy and security in mind. We want our customers to feel reassured that their data is safe with us, so we strive to offer transparency about our processing of your personal data.

Privacy Assurance

We understand the impact and importance of stringent data-protection and privacy compliance regimes. Since the EU General Data Protection Regulation (GDPR) came into effect in May 2018, the global privacy landscape has continued to evolve with other jurisdictions implementing their own privacy regulations, such as the California Consumer Privacy Act (CCPA). Together, GDPR and CCPA are considered to be two of the most robust global privacy laws which many consider to set the gold standard for privacy compliance.

As a global company originally founded in California, we are committed to uphold GDPR and CCPA standards.

Zip’s customers can use the Zip solution in compliance with applicable data protection laws in the following ways:

  • Control and Transparency

    The Zip solution is a B2B platform designed to simplify the B2B procurement process for your organization. As a result the Zip solution, by its nature, only requires simple user information such as names and business contact information to manage purchasing decisions. Beyond that, customers are in control of the data that they choose to submit to the Zip solution as part of their workflows, approval requests and purchasing decisions. Customers can update, amend and delete data from the solution at any time - you are in control.
  • Data Processing Policy and Information Security Policy

    As standard the Zip MSA includes our Data Processing Agreement and comprehensive Information Security Policy designed to keep your data secure and comply with data protection laws.
  • Subprocessors

    Zip performs thorough due diligence on all service providers that support the delivery of our products and services. When we engage a subprocessor we ensure our contract with the subprocessor contains, in substance, at least the same level of data protection and information security protections as provided to you by Zip, so your data is always protected. You can find a list of our subprocessors here.
  • International Data Transfers

    Where a customer’s use of the Zip solution requires the transfer of personal information outside the European Economic Area or the United Kingdom to a third country, Zip uses the Standard Contractual Clauses (also commonly referred to as EU Model Clauses) and UK International Data Transfer Addendum as legally recognized data transfer mechanisms.
  • Government Requests for Data

    If Zip receives a request from a government or law enforcement entity to disclose customer data, we will respond in accordance with our Government Data Request Policy.

We will also publish transparency reports for any such government or law enforcement requests we receive.

Latest Transparency Report: To date, Zip has not received a request from a governmental entity.

Learn more about Zip’s commitment to trust:

Maximize the ROI of your business spend

See why hundreds of companies from startups to the Global 2000 use Zip from intake to pay.