Privacy by design

At Zip, we design and build our products with privacy and security in mind. We want our customers to feel reassured that their data is safe with us, so we strive to offer transparency about our processing of your personal data.

Privacy assurance

We understand the impact and importance of stringent data-protection and privacy compliance regimes. Since the EU General Data Protection Regulation (GDPR) came into effect in May 2018, the global privacy landscape has continued to evolve with other jurisdictions implementing their own privacy regulations, such as the California Consumer Privacy Act (CCPA). Together, GDPR and CCPA are considered to be two of the most robust global privacy laws which many consider to set the gold standard for privacy compliance.

As a global company originally founded in California, we are committed to uphold GDPR and CCPA standards.

Zip’s customers can use the Zip solution in compliance with applicable data protection laws in the following ways:

  • Control and transparency:
    The Zip solution is a B2B platform designed to simplify the B2B procurement process for your organization. As a result the Zip solution, by its nature, only requires simple user information such as names and business contact information to manage purchasing decisions. Beyond that, customers are in control of the data that they choose to submit to the Zip solution as part of their workflows, approval requests and purchasing decisions. Customers can update, amend and delete data from the solution at any time - you are in control.
  • Data processing policy and information security policy:
    As standard the Zip MSA includes our Data Processing Agreement and comprehensive Information Security Policy designed to keep your data secure and comply with data protection laws.
  • Subprocessors:
    Zip performs thorough due diligence on all service providers that support the delivery of our products and services. When we engage a subprocessor we ensure our contract with the subprocessor contains, in substance, at least the same level of data protection and information security protections as provided to you by Zip, so your data is always protected. You can find a list of our subprocessors here.
  • International data transfers:
    Where a customer’s use of the Zip solution requires the transfer of personal information outside the European Economic Area or the United Kingdom to a third country, Zip uses the Standard Contractual Clauses (also commonly referred to as EU Model Clauses) and UK International Data Transfer Addendum as legally recognized data transfer mechanisms.
  • Government requests for data:
    If Zip receives a request from a government or law enforcement entity to disclose customer data, we will respond in accordance with our Government Data Request Policy.

We will also publish transparency reports for any such government or law enforcement requests we receive.

Latest Transparency Report: To date, Zip has not received a request from a governmental entity.

Maximize the ROI of your business spend