Privacy Policy

This Privacy Policy applies to the Zetapad website, applications, APIs, and related support services. It describes how we handle personal data when you browse our public pages, create an account, invite teammates, connect integrations, or contact support through any official Zetapad channel.

When an organization provides your account, that organization usually acts as the data controller for workspace content, and Zetapad acts as a processor under our customer agreement. For account administration, security, billing, and product operations, Zetapad may also act as an independent controller.

If there is a conflict between this Privacy Policy and a signed data processing addendum with your organization, the contractual terms for processor activities control. This policy still applies to direct relationships with Zetapad, including marketing preferences, service notices, and support interactions.

We collect information you provide when you register, configure your profile, create workspaces, or submit forms. This may include your name, work email, phone number, company name, job role, profile image, timezone, and communication preferences for product announcements or support updates.

If you purchase a paid plan, we collect billing contact details, invoice metadata, tax identifiers, and payment status information from our payment partners. Zetapad does not store full payment card numbers in our core product database and relies on certified processors for card handling.

When you contact us, join research interviews, report bugs, or request assistance, we collect the content of those communications and any files you share. We use that information to resolve issues, improve documentation, audit support quality, and maintain reliable service operations.

We automatically collect technical and usage data when you use Zetapad. This can include device type, browser family, operating system, application version, referral URLs, approximate geolocation derived from IP address, session identifiers, and timestamps associated with account events.

Operational logs may record page views, feature interactions, API calls, authentication attempts, configuration changes, and error traces. We use these logs to detect abuse, investigate incidents, measure performance, troubleshoot reliability issues, and understand which workflows require product improvements.

Cookies and similar technologies help us maintain sessions, remember settings, secure accounts, and analyze aggregate behavior. You can control non essential cookies through browser settings, but disabling some technologies may reduce functionality, such as persistent login, workspace personalization, or analytics diagnostics.

Zetapad processes content that users create or upload within workspaces, including documents, comments, task metadata, attachments, collaboration history, and version activity. This data is processed to provide core service features such as editing, synchronization, permissions, history, and search functionality.

Workspace administrators control member access, role assignments, and retention settings within their organization. If your account belongs to a managed workspace, administrators may access account level metadata and content needed to administer policies, investigate misuse, or comply with legal obligations.

We do not use private customer content to train publicly shared artificial intelligence models. Any product assistance features that analyze workspace content operate under contractual controls, access restrictions, and technical safeguards designed to maintain confidentiality and reduce unauthorized data exposure.

We use personal data to deliver, maintain, and improve Zetapad. Core uses include account creation, authentication, team collaboration, synchronization, support delivery, service reliability, and billing administration. Without this processing we cannot provide secure access or the functionality requested by users.

We also use data for product analytics, quality assurance, and roadmap decisions. For example, we may evaluate how features are adopted, where workflows fail, and which performance bottlenecks affect teams. These insights guide bug fixes, usability updates, and infrastructure planning.

Communication uses include onboarding guidance, release notes, security alerts, policy updates, and customer support responses. Where required by law, we seek consent before sending promotional messages. You can unsubscribe from marketing at any time while continuing to receive essential transactional or security notices.

For users in regions with legal basis requirements, we process personal data under one or more grounds: contract necessity, legitimate interests, compliance with legal obligations, and consent where required. We assess legitimate interests by balancing business needs against individual rights and expectations.

Contract necessity covers account operations, billing, customer support, and core collaboration features requested by users or organizations. Legal obligations may require retention of tax records, fraud prevention logs, or security audit evidence. Consent may apply to optional cookies, marketing, or region specific disclosures.

If consent is the basis for a specific activity, you may withdraw it at any time without affecting prior lawful processing. Withdrawal can be managed through account settings, email preferences, or direct requests to our privacy contact. Some features may remain unavailable if consent is required.

We share personal data with service providers that help us operate Zetapad, such as hosting providers, analytics vendors, customer communication tools, billing partners, and security monitoring services. Each provider is contractually required to process data only for authorized purposes and protect confidentiality.

We may disclose information when required to comply with applicable law, legal process, or enforceable government requests. We may also disclose data to protect rights, safety, and security of users, Zetapad, and the public, including investigations into fraud or abuse attempts.

If Zetapad is involved in a merger, financing, acquisition, reorganization, or asset sale, personal data may be transferred as part of that transaction subject to confidentiality safeguards. We will provide notice where legally required and continue to honor applicable privacy commitments after transfer.

Zetapad and its providers may process data in multiple countries where we or our subprocessors operate. When personal data is transferred across borders, we implement safeguards such as standard contractual clauses, transfer impact assessments, and supplementary technical and organizational protections where appropriate.

We evaluate transfer destinations, provider security programs, and applicable legal frameworks to reduce risks associated with cross border processing. Access controls, encryption in transit, and contractual audit rights are examples of protections we apply to support lawful and responsible international data handling.

Where local law grants specific transfer rights, you may request information about our transfer mechanisms and safeguards through our privacy contact channel. We provide additional details to enterprise customers in contractual documentation, including subprocessors lists and data processing agreement commitments.

We retain personal data only for as long as necessary to provide services, maintain security, resolve disputes, and satisfy legal requirements. Retention periods vary based on data type, contractual commitments, and regulatory obligations. We review retention schedules periodically to remove stale or unnecessary data.

When an account or workspace is deactivated, related data enters a controlled retention period before deletion or anonymization, unless longer retention is required by law or valid legal requests. Backup copies may persist temporarily under standard disaster recovery cycles and controlled restoration policies.

You or your administrator can request deletion of certain account data through settings or support channels. Before deleting data, we may verify identity and authority to protect account security. We document deletion outcomes and maintain minimal records needed to demonstrate compliance and prevent fraud.

Zetapad maintains administrative, technical, and organizational safeguards designed to protect personal data from unauthorized access, alteration, disclosure, and destruction. Controls include role based access, employee confidentiality commitments, change management, vulnerability handling, and monitoring designed to detect suspicious activity quickly.

We use encryption in transit for network communications and apply encryption at rest for sensitive systems where feasible. Access to production systems is limited to authorized personnel with a business need, and privileged actions are logged for auditability and incident response investigations.

No system can guarantee absolute security. If we identify an incident that materially affects personal data, we will investigate promptly, mitigate impact, and provide notifications in accordance with legal and contractual obligations. We continuously refine safeguards through testing, reviews, and operational learning.

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or receive a portable copy of your personal data. You may also have the right to appeal certain decisions or lodge complaints with relevant supervisory authorities.

You can manage many choices directly in product settings, including profile updates, communication preferences, workspace visibility, and optional cookie controls. For requests that cannot be completed in product, contact us at hello@zetapad.com with enough detail for verification and response handling.

If your account is managed by an organization, some requests should be directed to your administrator because the organization controls workspace data processing. We assist organizational customers in responding to verified requests and support legally required timelines for responses across applicable jurisdictions.

Zetapad is not directed to children under the age required by local law for independent consent. We do not knowingly collect personal data from children in violation of applicable law. If we learn that such data was collected, we take steps to delete it promptly.

Please avoid submitting sensitive categories of personal data unless specifically necessary for a support case or legal obligation. If sensitive information is shared, we process it only for the limited purpose for which it was provided and apply heightened handling controls where feasible.

We may update this Privacy Policy to reflect product evolution, legal developments, or operational changes. Material updates will be posted with a revised effective date. Continued use of Zetapad after the effective date means you acknowledge the updated policy terms and practices.