Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.
This policy is effective as of 4 March 2021.
Last updated: 4 March 2021
Our Collection and Use of Information
Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.
“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.
“Automatically collected” information refers to any information automatically sent by your devices in the course of accessing our products and services.
Information You Provide to Us
Account Creation: We collect personal information, such as your name and email address, when you register for an account on the Service. You may also provide us with optional information such as a photograph. Your user name, email address and any optional profile information that you elect to associate with your account is referred to herein as your “Profile Information.”
Payment Information: If you are a user of our paid premium service, we will utilize a third party credit card payment processing company to collect payment information, including your credit card number, billing address and phone number. We will share this payment information with the third party processing company as detailed below in “How We Share Your Information: With Trusted Service Providers and Business Partners.” We do not store your payment information.
Communication with us: We may use your email address to send you Service-related notices (including any notices required by law, in lieu of communication by postal mail). We may also use your email address to send you announcements and information about other products or services (including third party services) that you may be interested in (together, the “Marketing Messages”). You may opt-out of receiving Marketing Messages at any time by following the instructions provided in the Marketing Message. Through your account interface, you may also opt-out of receiving categories of Service-related notices that are not deemed by zipBoard to be integral to your use of the Service.
Even if you are not a registered user of our Service, if you email us we may retain a record of such email communication, including your email address, the content of your email, and our response.
If you choose to use our invitation service to invite a friend to the Service, we will ask you for that person’s contact information, which may include their email address or their social network identity, and automatically send an invitation. zipBoard stores the information you provide to send the invitation, to register your friend if your invitation is accepted, and to track the success of our invitation service.
Access to customer data, logs is restricted to only authorized employees. Security training is provided to all employees and contractors. On termination of employment or contracts, all access to internal systems are revoked. Password managers / SSH access used to access admin systems & service accounts.
We consider “user-generated content” to be materials (text, image and/or video content) voluntarily supplied to us by our users for the purpose of publication, processing, or usage on our platform. All user-generated content is associated with the account or email address used to submit the materials.
Your use of the Service will involve you uploading or inputting various content into the Service; including but not limited to: tasks, attachments, project names, team names, and conversations (together, the “Content”).
You control how your Content is shared with others via your settings on the Service. zipBoard may view your Content only as necessary (i) to maintain, provide and improve the Service; (ii) to resolve a support request from you; (iii) if we have a good faith belief, or have received a complaint alleging, that such Content is in violation of our Acceptable Use Guidelines; (iv) as reasonably necessary to allow zipBoard to comply with or avoid the violation of applicable law or regulation; or (v) to comply with a valid legal subpoena or request that meets the requirements of our Law Enforcement Guidelines. We may also analyze the Content in aggregate and on an anonymized basis, in order to better understand the manner in which our Service is being used.
Information We Collect Automatically
We use technologies like cookies and pixel tags to provide, monitor, analyze, promote and improve the Service. For example, a cookie is used to remember your user name when you return to the Service and to improve our understanding of how you interact with the Service. You can block cookies on your web browser; however please be aware that some features of the Service may not function properly if the ability to accept cookies is disabled.
When you use the Service, our servers automatically record certain information in server logs. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, mobile carrier, and other such information. Log files help us to monitor, analyze, improve and maintain the Service and to diagnose and fix any Service-related issues.
Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons
When you visit our website or interact with our services, we may automatically collect data about your device, such as:
Unique device identifiers
Data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us. We may associate this device identifier with your Service account and will use data associated with your device identifier to customize our Services to your device and to analyze any device-related issues.
We may collect and process information about the location of the device from which you are accessing the Service. Location data may convey information about how you browse the Service and may be used in conjunction with personally identifiable information. You can disable location based services in settings associated with the Service; however please be aware that some features of the Service may not function properly if location services are turned off.
How We Share Your Information
We may share the information we collect from you with third parties as detailed below.
We will display your Profile information on your profile page and elsewhere on the Service in accordance with the preferences you set in your account. You can review and revise your Profile information at any time. We will display your Content within the Service as directed by you.
With Trusted Service Providers and Business Partners
zipBoard uses a number of third-party processors to deliver our services to you. These sub-processors are listed below for your information.
zipBoard uses AWS USA for hosting our services and all related data through Amazon’s AWS offering.
We use Stripe for payment and invoicing. Stripe collects identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection.
zipBoard allows logging in and creating account with the following providers:
zipBoard allows signup and login through Google Accounts, provided by Google.
zipBoard allows signup and login through a Microsoft Accounts, provided by Microsoft.
Google cloud analytics
zipBoard uses google analytics and tag manager for website usage analysis. The tracked data is not connected to specific individuals and is anonymous.
zipBoard uses Hubspot as a CRM system to store contacts, sales information about prospects and current customers.
zipBoard uses Sendinblue to manage transactional emails related to projects and tasks and also send newsletter emails.
zipBoard uses crisp for chat support and also to send product emails to users.
zipBoard uses helpscout for email support and also to manage help documentation.
Scheduled weekly & monthly backups (EBS & S3 snapshots) are done to ensure continued access & fall back solutions. Well tested & fast access to backups also stored on AWS.
With Law Enforcement or In Order to Protect Our Rights
We may disclose your information (including your personally identifiable information) if required to do so by law or subpoena and if the relevant request meets our Law Enforcement Guidelines. We may also disclose your information to our legal counsel, governmental authorities or law enforcement if we believe that it is reasonably necessary to do so in order to comply with a law or regulation; to protect the safety of any person; to address fraud, security or technical issues; or to protect zipBoard’s rights or property.
In an Aggregate and Non-Personally Identifiable Manner
We may disclose aggregate non-personally identifiable information (such as aggregate and anonymous usage data, platform types, etc.) about the overall use of our Service publicly or with interested third parties to help them understand, or to help us improve, the Service.
How We Protect Your Information
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.
The security of your information is important to us. When you enter sensitive information (such as a credit card number) as part of our service, we encrypt the transmission of that information using industry-standard encryption.
zipBoard uses commercially reasonable and industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your information. For example, we continuously and regularly back up your data to help prevent data loss and aid in data recovery.
If you have any questions about security on our Service, you can view our Security Overview Page or contact us at [email protected]
Risks Inherent in Sharing Information
Although we allow you control over where you share your Content and what information is included in your Profile and take reasonable steps to maintain the security if the information associated with your account, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other users with whom you share your Content and we are not responsible for third party circumvention of any privacy settings or security measures on the Service.
Your Choices About Your Information
Right to Update: You may update or correct your account information at any time by logging in to your account.
Right to refrain contacting for direct marketing: You can ask us to stop contacting you for marketing reasons.
Right to erasure of your personal data: You can ask us to completely delete your personal data anytime.We would inform the same to everyone with whom the data is shared from our side(unless it is impossible or requires huge efforts). We might continue processing your data in certain cases where we have a legal justification to do that(e.g for retaining proofs for past interactions like billing records or records for resolved support requests, etc.).
Right to data portability: You can ask us for an e-copy of your personal data that we have(that you consented to provide us). You can use this data elsewhere.
Right to access your personal data: You can ask us anytime, if we are processing your personal data. We will confirm the status and let you know. In the event we are processing your personal data, we can provide you with details(if asked for) like what data we have, the purpose of processing data, the retention period, data recipients or any information about the data source.
Right to complain: If you have any concern relating to your personal data handling at our end,you can contact us anytime. We will do the best to answer your concerns. But if you are still not satisfied you can report it to the data protection authorities.
Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example processing transaction data), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Information you provide in comments to our blogs are public and may be read, collected, and used by others who view those blogs. Your posts will remain even after you cancel your Service account.
Our Service is not directed to persons under 13. zipBoard does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register for an account on the Service. If we become aware that we have collected personal information from a child under age 13 without verification of parental consent, we take steps to remove that information. If you believe that we might have any information from or about a child under 13, please contact us at [email protected]
International Data Transfer
Additional Disclosures for Australian Privacy Act Compliance (AU)
Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.
Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)
Data Controller / Data Processor
The GDPR distinguishes between organizations that process personal information for their own purposes (known as “data controllers”) and organizations that process personal information on behalf of other organizations (known as “data processors”). We, zipBoard Tech Inc, located at the address provided in our Contact Us section, are a Data Controller with respect to the personal information you provide to us.
As our systems are hosted in Amazon Web Services, we don’t have any direct access to any of the physical media storing personal data. Also, during data transport personal data can’t be copied, read, modified or deleted without permission. You can check out AWS compliance standards here: https://aws.amazon.com/compliance/programs/.
Legal Bases for Processing Your Personal Information
We will only collect and use your personal information when we have a legal right to do so. In which case, we will collect and use your personal information lawfully, fairly, and in a transparent manner. If we seek your consent to process your personal information, and you are under 16 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose.
Our lawful bases depend on the services you use and how you use them. This means we only collect and use your information on the following grounds:
Consent From You
Performance of a Contract or Transaction
Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you. For example, if you purchase a product, service, or subscription from us, we may need to use your personal and payment information in order to process and deliver your order.
Our Legitimate Interests
Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests.
Compliance with Law
International Transfers Outside of the European Economic Area (EEA)
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
Your Rights and Controlling Your Personal Information
Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.
Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.
Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.
Deletion: You may have a right to request that we delete the personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records. If you ask us to delete your personal information, we will let you know how the deletion affects your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request. If you terminate or delete your account, we will delete your personal information within 30 days of the deletion of your account. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, like certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.
Additional Disclosures for California Compliance (US)
Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes.
Do Not Track
Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser “Do Not Track” signals.
Cookies and Pixels
CCPA-permitted financial incentives
In accordance with your right to non-discrimination, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels for the goods or services we provide.
Any CCPA-permitted financial incentive we offer will reasonably relate to the value of your personal information, and we will provide written terms that describe clearly the nature of such an offer. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
California Notice of Collection
In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act:
Customer records, such as billing and shipping address, and credit or debit card data.Commercial information, such as products or services history and purchases. Audio or visual data, such as photos or videos you share with us or post on the service. Geolocation data.
For more information on information we collect, including the sources we receive information from, review the “Information We Collect” section. We collect and use these categories of personal information for the business purposes described in the “Collection and Use of Information” section, including to provide and manage our Service.
Right to Know and Delete
If you are a California resident, you have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
The categories of personal information we have collected about you;
The categories of sources from which the personal information was collected;
The categories of personal information about you we disclosed for a business purpose or sold;
The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
The business or commercial purpose for collecting or selling the personal information; and
The specific pieces of personal information we have collected about you.
Shine the Light
If you are a California resident, in addition to the rights discussed above, you have the right to request information from us regarding the manner in which we share certain personal information as defined by California’s “Shine the Light” with third parties and affiliates for their own direct marketing purposes.
Links to Other Websites
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
For questions about these or any zipBoard terms or policies, email us at [email protected]
©️ Copyright 2022 zipBoard Tech. All rights reserved.