Skip to main content
ZapStack

Privacy Policy

Last updated: May 20, 2025

This Privacy Policy describes how TeamLeap Ltd ("we", "us", or "our") processes personal information when users visit zapstack.io or engage with the company's services, which include a software platform designed to automate cloud optimization.

If you do not agree with our policies and practices, please do not use our Services.

1. Information We Collect

Information You Provide

Users may provide:

  • Names
  • Email addresses
  • Job titles
  • Contact preferences
  • Contact or authentication data

Payment Information

All payment data is handled and stored by Stripe. You can review Stripe's privacy policy at stripe.com/gb/privacy .

Social Media Login Data

When registering via social platforms (Facebook, X, etc.), we receive profile information including name, email, and profile picture.

Important: All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

2. Automatically Collected Information

We automatically collect information that does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, and location.

Log and Usage Data

This includes service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files.

Device Data

Information about computers, phones, tablets, and other devices used to access the service, potentially including IP addresses, device identification numbers, location, browser type, hardware model, ISP/mobile carrier, and operating system.

Location Data

We collect location information that can be either precise or imprecise depending on device type and settings. You can opt out by disabling location settings. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Cookies and Tracking

You can find detailed information about our use of cookies at zapstack.io/cookies .

3. Google API Usage

Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

4. Third-Party Information Sources

We may obtain data from public databases, joint marketing partners, affiliate programs, data providers, and social media platforms for targeted advertising and event promotion.

This includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behaviour data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles.

5. How We Process Your Information

We process information to:

  • Create, authenticate, and manage accounts
  • Deliver services and facilitate user support
  • Respond to inquiries and provide administrative communications
  • Fulfill orders and manage payments
  • Enable user-to-user communications
  • Request feedback
  • Send marketing and promotional communications
  • Protect services and prevent fraud
  • Analyze usage trends
  • Evaluate marketing campaign effectiveness
  • Protect vital interests

6. Legal Bases for Processing

For EU/UK Residents (GDPR)

Processing relies on:

  • Consent: You can withdraw your consent at any time.
  • Contract Performance: Fulfilling contractual obligations
  • Legitimate Interests: Business needs that don't outweigh user rights, including sending special offers, analyzing service usage, supporting marketing, diagnosing problems, and improving user experience
  • Legal Obligations: Compliance with law enforcement or regulatory requirements
  • Vital Interests: Protecting individual safety

For Canadian Residents

Processing relies on express or implied consent. Exceptions exist for fraud detection, business transactions, insurance claims, and witness statements.

Data Controller Status

We are generally the "data controller" under European data protection laws. This Privacy Policy does not apply to the personal information we process as a "data processor" on behalf of our customers.

7. Information Sharing

Third-Party Service Providers

We share data with vendors who have contracts requiring data protection. Shared service provider categories include:

  • AI Service Providers: OpenAI
  • Account Connection Services: Google account
  • Cloud Services: Cloudflare
  • Communication: Freshchat
  • Content Optimization: Google Fonts
  • Analytics: Cloudflare, Google Analytics
  • Billing: Stripe
  • Authentication: Google OAuth 2.0
  • Performance Monitoring: Cloudflare, Sentry

Other Sharing Scenarios

  • Business transfers, mergers, or acquisitions
  • Public areas of the platform where users post content

8. Cookies and Tracking Technologies

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services.

Google Analytics

Users can opt out at tools.google.com/dlpage/gaoptout . Google's privacy practices are at policies.google.com/privacy .

Targeted Advertising

Third parties may use tracking to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences).

9. Artificial Intelligence Products

We offer AI features including:

  • AI insights
  • AI predictive analytics

Your input, output, and personal information will be shared with and processed by these AI Service Providers to enable your use of our AI Products. Our primary AI provider is OpenAI.

Google Workspace API Data

ZapStack does not use data obtained through Google Workspace APIs to develop, improve, or train generalised artificial intelligence (AI) or machine learning (ML) models. Data collected through Google Workspace APIs is used solely to provide ZapStack's application features and services.

10. Social Login Handling

Users can register/login using social media accounts (Facebook, X, etc.). We receive certain profile information about you from your social media provider which will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public.

Important: We do not control, and are not responsible for, other uses of your personal information by your third-party social media provider.

11. International Data Transfers

Server Locations

Servers are located in the United States and United Kingdom. Information may be transferred and processed in these countries and by third-party facilities worldwide.

EEA/UK/Switzerland Protections

We use European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations.

12. Data Retention

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law.

No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information.

13. Information Security

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process.

Despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. You should only access the Services within a secure environment.

14. Minor Protection

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information.

By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services.

If we learn of data from children under 18, we will deactivate the account and take reasonable measures to promptly delete such data.

15. Your Privacy Rights

General Rights (varies by location)

Depending on residence in EEA, UK, Switzerland, or Canada, you may have the right to:

  • Request access and obtain copies of personal information
  • Request rectification or erasure
  • Restrict processing
  • Data portability (where applicable)
  • Object to automated decision-making

Complaint Rights

EEA/UK: You can file complaints with your Member State data protection authority or the UK Information Commissioner's Office .

Switzerland: Contact the Federal Data Protection and Information Commissioner .

Consent Withdrawal

You may withdraw consent at any time by contacting us. However, please note that this will not affect the lawfulness of the processing before its withdrawal.

Marketing Opt-Out

You can unsubscribe by clicking email unsubscribe links or contacting us. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account.

Account Management

You can review or change account information by logging into account settings. Upon termination requests, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookie Controls

Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies.

16. Do-Not-Track Controls

At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognising or honouring DNT signals, we do not respond to them at this time.

17. US Resident Privacy Rights

Covered States

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia.

Personal Information Categories Collected (Past 12 Months)

Collected:

  • Category A - Identifiers: Contact details, real name, alias, postal address, phone numbers, unique personal identifiers, online identifiers, IP addresses, email, account names
  • Category B - Personal Information (California Customer Records): Name, contact information, education, employment, employment history, financial information
  • Category D - Commercial Information: Transaction information, purchase history, financial details, payment information
  • Category G - Geolocation Data: Device location
  • Category I - Professional/Employment Information: Business contact details, job titles, work history, professional qualifications
  • Category K - Inferences: Profile or summary information about preferences and characteristics

Not Collected:

  • Category C - Protected classifications (gender, age, race, etc.)
  • Category E - Biometric information
  • Category F - Internet activity/browsing history
  • Category H - Audio/sensory information
  • Category J - Education information
  • Category L - Sensitive personal information

Data Retention

Your data is retained as long as you have an account with us for most categories.

Third-Party Disclosure

Categories disclosed to third parties in the past 12 months:

  • Category A (Identifiers)
  • Category B (Personal information/California Customer Records)
  • Category D (Commercial information)
  • Category G (Geolocation data)
  • Category I (Professional/employment information)

We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months.

Your Rights

You have the right to:

  • Know whether personal data is being processed
  • Access personal data
  • Correct inaccuracies
  • Request deletion of personal data
  • Obtain a copy of previously shared personal data
  • Non-discrimination for exercising rights
  • Opt out of targeted advertising, personal data sales, or profiling

How to Exercise Rights

Submit requests via:

Appeals Process

You may appeal denials by emailing privacy@zapstack.io. We will respond in writing with reasoning. If your appeal is denied, you may submit a complaint to your state attorney general.

California 'Shine The Light' Law

Under California Civil Code Section 1798.83, California residents can request information about third parties receiving personal information for direct marketing. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact details below.

18. Policy Updates

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Policy.

If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification.

We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

19. Contact Us

If you have questions about this Privacy Policy, please contact our Data Protection Officer:

Email: privacy@zapstack.io

Postal Address:
TeamLeap Ltd
Data Protection Officer
124 City Road
London
EC1V 2NX
United Kingdom

20. Data Access and Deletion

You can request access, updates, or deletion of your personal information at zapstack.io/privacy or by emailing privacy@zapstack.io.

These rights may be limited in some circumstances by applicable law.