Skip to main content

Zapflow & GDPR

This article outlines the data-related roles and responsibilities and explains our efforts to meet the values and requirements of the GDPR.

Support avatar
Written by Support
Updated over a month ago

Zapflow as Data Processor

When you store people in Zapflow as Contacts, they are your data subjects. You are the data controller for this personal data.

By using Zapflow to manage your customers, you engage Zapflow as a data processor to perform certain processing activities on your behalf. Under Article 28 of the GDPR, the controller–processor relationship must be established in writing. Electronic form is acceptable under subsection (9) of the same Article.

Our Terms of Service and Privacy Policy serve as your data processing agreement. These documents set out your instructions to Zapflow for processing the personal data you control and establish the rights and responsibilities of both parties. Zapflow processes this data only on your instructions as controller.

Data Transfers

Zapflow relies on sub-processors such as Amazon Web Services, which hosts the Zapflow platform. As with other modern cloud systems, this may involve transfers of data to trusted third parties for sub-processing.

We maintain an up-to-date list of sub-processors in our Terms of Service to provide transparency. We also require that our third-party service providers are certified under the EU-U.S. Data Privacy Framework.

Zapflow as Data Controller

Zapflow also acts as data controller for the personal data we collect about you as a user of our web application, mobile apps, and website.

We process this data on the following grounds:

  • To perform our contract with you (GDPR Article 6(1)(b))

  • To comply with legal obligations (GDPR Article 6(1)(c))

  • For our legitimate interests (GDPR Article 6(1)(f)), which include:

    • Improving the app to deliver more value to you

    • Protecting the security of your data and our systems

    • Marketing our product and features responsibly

As controller, Zapflow is committed to upholding your rights under the GDPR. You may contact us at legal@zapflow.com with any questions or feedback.

Security and Data Transfers

Access to Client Data processed on your behalf is strictly limited. Our internal procedures and logs ensure compliance with GDPR accountability requirements.

We require third-party providers to meet the same high standards for privacy and security that Zapflow and its customers expect.

Readiness to Comply with Data Subject Requests

Respect for data subjects’ ownership of their personal data is a core principle of the GDPR. Zapflow provides tools to help you manage such requests. We will also comply with any requests you submit to us regarding Zapflow’s role as controller.

Documentation

We regularly update our Terms of Service and Privacy Policy to maintain transparency and ensure continued alignment with GDPR requirements.

Did this answer your question?