Zip Privacy Notice

Introduction

This privacy notice (“Privacy Notice”) describes how ZipHQ, Inc. and its affiliates (“Zip”, “we,” “us” or “our”) collect, use, and disclose personal information, and the choices you have related to this.

Please review this Privacy Notice carefully to understand our practices regarding your personal information. If you have any comments or questions about this Privacy Notice, please Contact Us.

About us

Zip provides a software-as-a-service platform designed to offer one place for employees of our enterprise customers to initiate a purchase or vendor request, and for our enterprise customers to manage and oversee internal purchases. 

Our websites, products, and services are primarily designed for enterprise organizations and their representatives. We do not offer products or services for use by individuals for their personal, family, or household purposes. Accordingly, we treat all personal information we collect as pertaining to individuals in their capacities as enterprise organization representatives and not their individual capacities. 

We may provide additional or supplemental privacy notices for specific products or services that we offer at the time we collect personal information or as otherwise notified to you.

Zip privacy notice applicability

Some data protection laws in various jurisdictions distinguish between a ‘Data Controller’ or ‘Business’ and ‘Data Processors’ or ‘Service Providers’ of personal information. While other jurisdictions may use different terminology, the concept typically remains the same. A Data Controller / Business decides why and how to process personal information. A Data Processor / Service Provider only processes information on behalf of a Data Controller based on the Data Controller’s instruction - the Data Processor does not make decisions about personal information.

This Privacy Notice applies when Zip is the Data Controller of your personal information (unless a different Zip privacy notice is displayed when we collect your personal information) collected through: 
  • ziphq.com and any other websites managed by Zip that refer to this Privacy Notice (collectively, the “Websites”);
  • our software products and the provision of our services (the “Solution”);
  • any interactions or communications you have with us via email, telephone, in person and online, and any other interactive features that you use to communicate with us; and
  • third party sources,
This Privacy Notice does not apply to:
  • any third party websites, applications or businesses to which we link or who may link to us. You should review the privacy notices of those third parties to understand how they may collect and use your personal information; and
  • data imported to the Solution by our enterprise customers (“Customer Data”) which we process in the role of a Data Processor on behalf of our enterprise customers while providing the Solution to them. Our use of such information is governed by our Master Subscription Agreement (“MSA”) with those enterprise customers. If you have any questions or concerns, or would like to access, correct or delete personal information processed by us on behalf of our enterprise customers, you should direct your questions to the relevant enterprise customer, who is the Data Controller. We use and disclose this personal information as permitted by our customer agreements and as required by law.
If you are applying to work with Zip, please read our Applicant Privacy Notice for additional information on how we handle your personal information during and after the application process.

How we collect your personal information

The ways that we may collect personal information about you when you interact with us broadly falls into the following categories:

Personal information you may provide directly to us

We collect personal information that you provide voluntarily when you:
  • use our Websites or Solution;
  • interact with us by communicating through the Solution, Websites, by email, by social media, by telephone, by any other interactive feature we may provide and in person;
  • participate in our online communities, blogs or other forums;
  • subscribe to newsletters and updates; or
  • register for or attend an online or in person event hosted or sponsored by us.

Automatic data collection

We may collect certain personal information automatically from your device when you:
  • visit our Websites; or
  • use the Solution.

Third party sources

We may also collect your personal information from the following third party sources:
  • publicly available data – government agencies, public records, social media platforms, and other publicly available sources;
  • data providers - information services and data licensors;
  • our affiliate partners - our affiliate network provider and publishers, influencers, and promoters who participate in our paid affiliate programs; and
  • marketing partners - joint marketing partners, event co-sponsors and business-to-business intelligence platforms.

What personal information we collect

The types of personal information we collect from you differ depending on how you interact with us:

Personal information you may provide to us

  • Contact data - your first and last name, email address, billing and mailing addresses, professional title and company name, and phone number.
  • Demographic Information - your city, state, country of residence, and postal code.
  • Profile data - the username and password that you may set to establish an online account with us and any other information that you add to your account profile.
  • Communications data - that we exchange with you, including when you contact us with questions or feedback, through the Solution, email, social media, or otherwise. When you contact us, we may also keep a record of your communication to better support you in the future.
  • Transactional data – information relating to or needed to complete your orders on or through the Solution, including order numbers and transaction history.
  • Marketing data – your preferences for receiving our marketing communications and details about your engagement with them.
  • User-generated content – comments, questions, messages, works of authorship, and other content or information that you generate, transmit or otherwise make available on our Websites.
  • Information to verify your identity – documents and information necessary to verify your identity. If we need to verify your identity, we will inform you of what information we need to collect to verify your identity.
  • Financial information - such as your back account number needed to complete transactions.
  • Other data - not specifically listed here, which we will use as described in this Privacy Notice or as otherwise disclosed at the time of collection.

Third-party sources

We may combine personal information we receive from you with personal information we obtain from the third-party sources referred to in the ‘How We Collect Your Personal Information’ section above. Information we receive from these third-party sources includes business contact information, social media profile information and market lead information.

Automatic data collection

We may automatically log information about you, your computer or mobile device, and your interaction over time with the Solution, the Websites, our communications, and other online services, such as:
  • Device data - your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
  • Online activity data - pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Solution, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our marketing emails or clicked links within them. If we use online activity data for any purposes other than those described in this Privacy Notice, it is anonymized of personal information in accordance with applicable law.
  • User metrics – when you use the Solution we may automatically collect and analyze data about your usage of the Solution. This data includes technical logs, frequency of logins and number of requests raised. We may also collect user interaction and navigation data, including clickstream and mouse tracking. If we use User metrics for any purposes other than those described in this Privacy Notice, it is anonymized of personal information in accordance with applicable law.
  • Metadata – when you use the Solution we may automatically collect and analyze data that describes data input to the Solution. Metadata includes information on how, when, where, and by whom a piece of content was collected and how that content has been formatted or edited.

Cookies and similar technologies.

Like many online services, we use automatic data collection tools, such as cookies, embedded web links, and web beacons. These tools collect certain standard information that your browser sends to us (such as Internet Protocol (IP) address, MAC address, clickstream behavior, and telemetry).
  • improve our Websites, the Solution, and our communications with you to provide greater service and value;
  • better understand your potential interest in our Solution; and
  • provide you with more relevant content.
These tools help make your visit to our Websites and Solution easier, more efficient, and personalized. We also use the information to:
For more information, or if you would like to opt out of interest-based advertising please see our Cookie Notice.

Declining to provide information

We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Data about others

Users of the Solution and our Websites may have the opportunity to refer other contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have their permission to do so.

How we use your data and legal basis for processing

How we use your personal information depends on how you interact with us. The specific purposes for which we use the data we collect about you are listed below. 

In some jurisdictions, including those subject to the EU General Data Protection Regulation (GDPR) or UK General Data Protection Regulation (UK GDPR), we may only process your personal information when we have a legal basis to do so. Our legal basis for processing your personal information is listed with each purpose for processing below.
  • To provide and support the Solution and Websites. We use your personal information to provide and support the Solution and Websites. As part of doing so, we may send you service announcements, technical notices, security alerts, billing and support-related messages related to your account or transactions with us, through the Solution or by email. You may not opt out of these messages, as they are considered part of the Solution.

    Legal Basis for Processing: We may have a contractual obligation to you, or to your company, to provide you with access to and support for the Solution, which requires the processing of your personal contact data. Otherwise, we have a legitimate interest in providing you access to and support for our Websites.
  • To provide an individualized experience on the Solution and Websites. We use the information we collect to personalize content and experiences on our Solution and Websites, to better understand your interests and make personalized recommendations based on your interests, and tailor your experience with us to your preferences.

    Legal Basis for Processing: We have a legitimate interest in processing your personal information to improve your experience with us.
  • To understand and manage our relationship with you. We use your personal information to understand your use of the Solution and Websites so that we can monitor the health of our relationship with you, and for our enterprise users, identify usage trends and suggest new services or features based on your company’s usage of the Solution. We also report this data back to our enterprise customers, so that you can maximize your company’s use of our Solution.

    Legal Basis for Processing: We have a legitimate interest in making sure that you are getting the full value out of your use of the Solution and Websites, identifying product champions, and making suggestions to optimize your usage or subscriptions.
  • To communicate with you. We will send you emails or otherwise communicate with you in response to your questions, feedback or comments. For example, we will respond to comments on applicable community boards, and answer questions sent to us through the Websites. We may also contact you with personalized messages via email, telephone, or on social media if we identify that because of your experience or background that our Solution might be of particular interest to you. You can also opt into receiving emails about new product features and services. You can always opt out of these communications by following the opt out instructions in the message or by contacting us.

    Legal Basis for Processing: We have a legitimate interest in corresponding with you when you have contacted us, or when we have identified you may have a particular interest in the Solution (when not prohibited by law). Otherwise, when processing your personal information for marketing communications, we rely on your consent.
  • To create anonymous data for use in product development. We may remove personal identifiers from data containing personal information so that it cannot be traced back to an individual, and aggregate it by combining it with the data from multiple sources and/or individuals. We may use this data to understand feature adoption and feature gaps, make product depreciation decisions, and make product development decisions. When using collected data for product development, we will always remove all personal information and Customer Data.

    Legal Basis for Processing: We have a legitimate interest in creating anonymized data so that we can use that data to improve the Solution.
  • For security, compliance, fraud prevention and safety. We may use your personal information as we believe appropriate to:
    - detect, investigate and prevent violation of the law or our MSA;
    - secure the Solution;
    - protect our, your or others’ rights, privacy, safety or property;
    - and protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. 

    Legal Basis for Processing: We have a legitimate interest in protecting ourselves and our users against unauthorized use of our Solution and Websites to ensure the security of the data processed within them. We are also obligated to process certain personal information to monitor compliance with our MSA and performance of other agreements we may have with you.
  • For compliance with law or to investigate legal claims. We may use your personal information to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities. We may also use your personal information where permitted by law in connection with any legal investigation and to prosecute or defend legal claims.

    Legal Basis for Processing: In certain rare circumstances, we may rely on compliance with a legal obligation or protection of vital interests in the event of a legal investigation or request from a law enforcement or governmental entity. As a global company, there are a wide variety of laws that might compel processing of your data under this legal basis, but they may include the following types of laws: civil and commercial laws, criminal laws, consumer laws, and corporate and taxation laws.
  • With your consent. In some cases we may ask for your consent to collect, use or share your personal information in ways we have not described here. When we do that, we will always record your consent and you may change your mind and opt out by contacting us via the methods listed in the Contact Us section.

How we share your data

Except for as mentioned below, we do not share your personal information with any other third parties. 

We may share your personal information as follows:
  • With Affiliates. We may share your personal information with our subsidiaries, joint ventures, or other companies under common control, in which case we will require those entities to honor this Privacy Notice. As a global company, we have employees employed by subsidiary companies across the world. We may share any of the data listed above with any of these affiliated companies.
  • With Business Partners. We may share your personal information with our business partners with whom we develop product integrations for our users, or partners who help us host our events. For our event partners, we will only share your contact data, and only if you have consented to it at the time of registration. If you would like to withdraw your consent you can contact us as provided in the Contact Us section.
  • With Third Party Agents and Service Providers. We have third party agents and service providers that perform functions on our behalf, such as hosting, billing, push notifications, storage, bandwidth, content management tools, analytics, customer service, fraud protection, etc. These entities may have access to your personal information to the extent needed to perform their services. All such third parties are contractually obligated to maintain the confidentiality and security of your personal information, and are prohibited from using your personal information for any purposes other than to provide their services.
  • Third parties that provide cookies on our Websites. Please see our Cookie Notice for information about how we use cookies on our Websites, and information about how to manage the use of cookies.
  • By Linking to Third Party Sites. Our Websites may link to other websites or services operated by third parties, whose privacy practices may differ from ours and are governed by their own privacy policies, not this Privacy Notice. We do not control or endorse any of these third party websites or services, and we encourage you to carefully review the privacy notice and cookies notice of any website you visit.
  • With Law Enforcement, Government Entities, and Other Companies and Organizations. In rare circumstances, we may share your personal information with law enforcement or governmental entities for compliance with the law or to investigate legal claims. In the event of confirmed fraudulent activity, we may also exchange information with other companies and organizations for fraud protection.
  • Through Business Transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization, sale of assets or in the event of bankruptcy.
  • Other users and the public. Your profile and other user-generated content may be visible to other users of the Websites and the public if you participate in our online communities, blogs or other forums or networks. For example, other users or the public may have access to your information if you choose to make your profile or other personal information available to them such as when you provide comments, reviews, survey responses, or share other content. This information can be seen, collected, and used by others, including being cached, copied, screen captured, or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of information.

Anonymized, aggregated, or de-identified data

Anonymization is a data processing technique that modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Notice apply to anonymized, aggregated (i.e., information about our customers that we combine so that it no longer identifies or references an individual customer) or de-identified data. We may use this anonymized, aggregated, or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Solution and promote our business.

Data retention

Our goal is to keep your personal information for as short period as possible to achieve the purpose for which your personal information is collected. We will retain your personal information as needed to fulfill the purposes for which it was collected. We may retain your personal information as needed to provide you services, comply with our business requirements and legal obligations, resolve disputes and enforce our rights and agreements.

We consider the following criteria when we are making decisions on how long we will retain your personal information:
  • whether the personal information is necessary to operate or provide our services. For example, account information may be retained for a longer period of time based on the MSA that governs use of the Solution;
  • how long we need to retain the personal information to comply with our legal obligations and any audit requirements;
  • our legitimate interests or legal purposes, such as improving our products and services, fraud prevention, record-keeping, promoting safety, security and integrity, or enforcing our legal rights; and
  • whether the personal information is typically deleted based on specific schedules, such as marketing information.
When the purpose for which your personal information was collected no longer exists and there is not a business or legal reason to retain your personal information, Zip will securely delete or anonymize your data. 

To request deletion of your personal information before the expiry of our retention period Contact Us.

Data security

We take security very seriously. We take appropriate measures, including organizational, technical, and physical precautions to help protect against unauthorized access to, alteration of, or destruction of your personal information.

While we follow industry standards and best practices to protect your data, no transmission of data over the Internet or any public network can be guaranteed to be 100% secure.

Children’s data

The Solution and Websites are not directed to anyone under the age of 16. A parent or guardian who becomes aware that his or her child under the age of 16 has provided us with personal information may Contact Us and we will delete the child’s data.

Exercise your data rights

We respect your control over your personal information and, upon request, we will confirm whether we hold or are processing personal information that we have collected from you. You also have the right to:
  • amend or update inaccurate or incomplete personal information about you;
  • request deletion of your personal information;
  • request that we no longer use your personal information; and
  • opt out of receiving direct marketing from us.
These rights are not absolute and not all jurisdictions provide these rights to their residents. Therefore, we may decline your request in certain circumstances as permitted by law. 

Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or fulfillment involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe (and in accordance with applicable laws) and provide you an explanation.

You can always Contact Us to exercise these rights. You may also be able to take action yourself through the methods listed below:
  • View, correct and delete your account information. If you use the Solution or have an account through our Websites, you can view, update and delete certain information directly through your account.
  • Opt out of communications. You can opt out of receiving future marketing communications from us by:
    - clicking the unsubscribe link within a marketing email;
    - responding to our emails with the subject line “Opt Out”; 
    - submitting the unsubscribe form available at: https://lp.ziphq.com/UnsubscribePage.html;
    - or contacting us.

    Please note that you generally can’t opt out of service related communications.
  • Personalize cookies. You can personalize which cookies you would like to allow on our Websites by visiting our Cookie Management Tool You can find more information about how we use cookies in our Cookie Notice.
  • Deactivate your account. If you would like to stop using our Solution or any account you may have with us, you or your administrator may be able to deactivate your account. Please be aware that depending on how you use our Solution and Websites, this may not delete all your information.

Eea, swiss and uk residents

The information below supplements the information provided in the generally applicable portion of this Privacy Notice and applies solely to individuals that are in the EEA, Switzerland or UK and where EU-US Data Privacy Framework (EU-US DPF), EU General Data Protection Regulation (GDPR) or UK General Data Protection Regulation (UK GDPR) apply.

Your additional EEA, Swiss and UK Privacy Rights

If you are located in the European Economic Area, Switzerland, or United Kingdom, you have additional data privacy rights that include the right to:
  • access, correct update or request deletion of your personal information;
  • object to the processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information;
  • opt out of marketing communications we send you at any time;
  • withdraw your consent for processing, if we are processing your personal information based on consent. Note that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal; and
  • make a complaint to a data protection authority about our collection and use of your personal information.
Our legal basis for processing your personal information is listed with each purpose for processing in the How We Use Your Data and Legal Basis for Processing section of this Privacy Notice.

International transfers of data

Where we transfer your personal information outside the EU/EEA or the UK, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a few different ways, including:
  • the country to which we send the personal information may be approved by the European Commission; or
  • the recipient may have signed a contract based on the “standard contractual clauses” approved by the European Commission (“SCCs”), or the “international data transfer agreement” or SCC addendum approved by the UK Information Commissioner’s Office (“UK IDTA / UK Addendum”), obligating them to protect your personal information. Depending on the circumstances of the transfer, we may use the SCCs: Controller – Controller, Controller – Processor, or Processor – Processor, and/or the UK Addendum to the same European Commission Standard Contractual Clauses or the UK IDTA.
  • the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the European Commission's adequacy decisions about certain countries, as applicable.
Zip complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”), as set forth by the U.S. Department of Commerce regarding the processing of personal information transferred from the European Union, the European Economic Area, the United Kingdom, and Switzerland to the United States (“DPF Principles”). Zip has certified to the U.S. Department of Commerce that Zip adheres to the DPF Principles with respect to such personal information. If there is any conflict between this Privacy Notice, Zip People Handbook, Applicant Privacy Notice, and the Data Privacy Framework principles, the DPF Principles shall govern. In accordance with the DPF Principles, Zip shall remain liable for onward transfers if a processor processes personal information in a manner inconsistent with the DPF Principles. To learn more about the Data Privacy Framework, and to view our certification, visit https://www.dataprivacyframework.gov/
In other circumstances, the law may permit us to otherwise transfer your personal information outside the UK or the EU/EEA or outside another relevant location (e.g. the location in which your personal information was collected). In all cases, any transfer of your personal information will be compliant with applicable data protection law.

You can obtain more details of the protection given to your personal information when it is transferred outside the UK or the EU/EEA (including a sample copy of the European Commission SCCs or UK IDTA or UK Addendum) by contacting us.

Exercise Your EEA, Swiss and UK Privacy Rights

To exercise these rights you can use any of the methods described in the ‘Exercise Your Data Rights’ section of this Privacy Notice or you can Contact Us. Please submit a written request to exercise your rights or choices to the contact information provided in this Privacy Notice. Zip may request specific information from you to confirm your identity in an effort to respond to your request.
Please note that in some situations, Zip may act as a processor on behalf of its enterprise customers. In such situations, Zip kindly asks you to first contact the relevant enterprise customer or indicate the relevant enterprise customer in your request so that Zip can redirect and respond to the request.
Zip is subject to oversight by the U.S. Federal Trade Commission. Zip has also appointed an alternative dispute resolution provider, JAMS, which is the US-based independent organization responsible for reviewing and resolving complaints about our Data Privacy Framework compliance—free of charge to you. We ask that you first submit any such complaints directly to us via [email protected] or please write to the following address:
ZipHQ, Inc.
One Sansome St
Suite 3000
San Francisco 
CA 94104

Attn: Legal Department
If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/DPF-Dispute-Resolution to open an EU-U.S. DPF and, as applicable, UK Extension to the EU-U.S. DPF, and/or Swiss-U.S. DPF Dispute Resolution case In the event your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration as set forth in Annex I of the DPF Principles.

California residents

The information below supplements the information provided in the generally applicable portion of this Privacy Notice and applies solely to individuals that are residents of California and qualify as a “Consumer” under the California Consumer Privacy Act of 2018 (including as amended by the California Privacy Act of 2020) (“CCPA”). 

This section of our Privacy Notice provides additional information about how we collect, use, disclose, and otherwise process the personal information of California Consumers within the scope of the CCPA.

Categories of CCPA Personal Information

The below table summarizes:
  • the categories of personal information collected by Zip in the past 12 months, by reference to the categories of information defined in the CCPA;
  • the sources of collection of the personal information;
  • how we use your personal information; and
  • the categories of personal information disclosed for business purposes by Zip (including to third parties) in the past 12 months.
Please see the generally applicable section of this Privacy Notice for additional information on Zip’s information practices, including more detail on how we use and disclose your personal information.
Category of personal information 
Categories of sources
Business purpose
How we disclose your personal information
Identifiers
Commercial information
Internet or other electronic network activity information
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information
Professional or employment-related information
Inferences from any of the above information
Identifiers
Commercial information
Internet or other electronic network activity information
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information
Professional or employment-related information
Inferences from any of the above information


International Transfers of Data

Zip may collect the following categories of ‘sensitive personal information’ as defined by CCPA. The categories of sensitive personal information Zip may collect are described below, by reference to the categories set out in the CCPA, along with details of what we use the information for and whether the information is sold or shared. 

Zip does not sell or share this sensitive information.
Category of sensitive personal information
Source of information
Use / Purpose
A consumer’s social security, driver’s license, state identification card, or passport number
A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
A consumer’s social security, driver’s license, state identification card, or passport number
A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account


Your additional California Privacy Rights

If you are a California resident, you may have additional rights under CCPA that include the right to:
  • request access, correction and deletion of your personal information;
  • know what personal information is being collected, for what purpose and the sources from which personal information is collected and the categories of recipients of your personal information;
  • know what personal information is being "sold" or "shared", for what purpose and the categories of recipients of your personal information;
  • opt out of the sale or sharing of your personal information;
  • limit the use of your sensitive personal information; and
  • not be discriminated against for exercising one of your CCPA privacy rights.

Sale and sharing of personal information

While Zip does not ‘sell’ personal information in exchange for money, we may share personal information with the third parties that provide cookies on our Websites for the purpose of displaying advertisements that are selected based on personal information obtained or inferred over time from your activities across businesses or distinctly-branded websites, applications or other services (otherwise known as ‘targeted advertising’ or ‘cross-context behavioral advertising’), for personalization features, for tracking and analytics. The categories of personal information impacted in the preceding 12 months may include:
  • Identifiers;
  • Internet or other electronic network activity information; and
  • Inferences
The Solution and Websites are not directed to anyone under the age of 16 and Zip has no actual knowledge that the ‘sales’ or ‘sharing’ described above include the personal information of individuals under 16 years of age.

Exercise your california privacy rights

To exercise your California privacy rights you can use any of the methods described in the Exercise Your Data Rights section of this Privacy Notice or you can Contact Us.
We will need to verify your identity to process your requests and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities, which may require submission of government identification. Your agent must also provide valid power of attorney or other proof of authority acceptable to us in our sole discretion. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be permitted by law to deny your request.
You can exercise your right to opt out of the sale or sharing of your personal information at your web browser level by:
  • using our “Cookie Preferences / Do Not Sell or Share My Personal Information” tool. 

    Clearing your cookies at any time will undo your saved preferences. To re-save preferences, please return to our “Cookie Preferences / Do Not Sell or Share My Personal Information” tool after clearing your cookies. Also, your preferences may not be saved if you are using a private mode in your web browser.

    Further information on how Zip uses cookies, analytics and personalized advertising can be found in our Cookie Notice; or
  • turning on and using the Global Privacy Control (GPC) in a browser or browser extension that supports such a signal. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use. To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs.

    Further information on valid Global Privacy Controls can be found on the California Privacy Protection Agency’s website at https://oag.ca.gov/privacy/ccpa.
You will not be discriminated against for exercising your privacy rights under the CCPA. To protect your personal information from unauthorized access or deletion, we may require you to provide additional information for verification. If we can’t verify your identity, we will not provide or delete your data.

Changes to this zip privacy notice

We reserve the right to modify this Privacy Notice at any time. If we make material changes to this Privacy Notice, we will notify you by updating the date of this Privacy Notice and posting it on the Websites. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Solution or Websites. Any modifications to this Privacy Notice will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Solution or Websites after the effective date of any modified Privacy Notice indicates your acceptance of the modified Privacy Notice.

Contact us

If you have any questions about this Privacy Notice, or to exercise any of your data privacy rights, please email us at [email protected], fill out this form, call us at: 888-559-2433, or write to us at:

ZipHQ, Inc.
One Sansome St
Suite 3000
San Francisco
CA 94104

Attn: Legal

Cookie Management Tool Access

Maximize the ROI of your business spend