Zipwire | Privacy notice

We've tried our best to make this friendly and unscary. We'd like to hear specific feedback on how we can better explain stuff.

This privacy policy clarifies how Evoq Limited (also referred to as “our”, “we”, “us” or simply “Evoq”), collects, stores and consumes the information that you generate as you use the Zipwire service, as well as how you can manage your data.

This document does not cover the practices of companies that we do not own or control or of people that are not employed or managed by Evoq Limited. Similarly, this policy doesn't cover websites linked to from our web properties or applications.

Your privacy has been respectfully considered at every stage while our service was under development and we continue to be committed to this cause. We appreciate the sensitive nature of tracking what you do with your time and our goal is to be transparent with how we treat the information we collect that enables the service to function.

Our service depends on using trusted login providers to verify your identity, since it's important that all parties involved in sending, approving and processing timesheets are confident that they're dealing with the people they think they are.

To use the service you must login using an “OAuth” identity provider (IDP) such as Google. When you login via an OAuth provider we collect only the most basic possible level of information from the provider and store it.

Specifically, we look for the email address you use with the IDP and the unique account number that the IDP uses for you.

The information we collect will not be used in any other manner than that described in this policy document.

You have the legal right of access, to be informed, to rectification, to erasure, to restrict processing, to data portability and the right to object.

For data enquiries, please email data@zipwire.io

The Zipwire Website

By using the Zipwire website, you consent to:

The collection and retention of any information submitted via the web interface to the extent of that which is legal.
The processing of your data by our product team for the worthy reasons explained below.
Incur any costs resulting from its usage, such as mobile network data fees, rental or other service charges and taxes.

The Information We Collect

Log Files

All our applications create log files while they are running. This log file data is useful to us for diagnostic reasons and is primarily used by engineers to troubleshoot problems. The log files contain times and dates, and what the code is doing which therefore reflects client activity and sometimes the hardware environment the application is running within.

We never intentionally log your personal information, though we may log the IP address of your device and sometimes small bits of data which you enter into the application UI. Diagnostic logs comprise thousands of short text messages written by our engineers. These logs are not retained for longer than they may be useful for troubleshooting and providing a secure service and protecting our service from attack. We may sometimes use log data to look for usage trends in the application where other more deliberate usage tracking analytics is lacking.

Diagnostic logs are very important for our engineers but we do not systematically process diagnostic logs for marketing. We do collect data for marketing but in another system which counts clicks, views and other events and totals that are unlikely to be contaminated with personal data.

Our servers are hosted on Google and Microsoft cloud platforms and we may turn on features to gather a log of the connections made and technical conversation between your device and the server. The logs are produced by the server software and are do not form part of the Zipwire system.

Server logs contain the IP address of the device or computer you are accessing our services from, as well as the type of browser you're using and the pages you visit. Additionally, internet addresses that referred you to our website are recorded.

Usage Analytics

By using our website and applications, you agree to the collection of event data for the purpose of improving the product.

We use the same highly popular Google Analytics software as hundreds of thousands of other websites to gather information on how you arrived at our site, the pages you visit and the features you interact with.

This information is aggregated into dynamic reports, charts and other visual representations, which help us validate the design of our product and ensure it's easy to use, as well as the success of various marketing campaigns.

You can control the data Google collects on you and therefore the means by which Google can track you across its websites and apps, by visiting Google's My Activity portal.

By continuing to use our software you give us consent to use Google Analytics to collect information on how you're using our software and that Google may link you to your activities on its other websites. This is useful for us for measuring how well our marketing campaigns are working and whether our customers are discovering all the value in our product and whether change to the product or indeed our marketing, is working for us and working for you. Remember that this doesn't change your legal rights.

We also use Microsoft Application Insights to gather further event information from within the application code. This information is useful for the above reasons and also for diagnostics, stability and performance monitoring of the system.

We reserve the right to add other analytics services as needed. We always use well-known and what we believe to be highly trustworthy software vendors such as, but not exclusively, Google and Microsoft.

Other Analytics

We also collect event and behaviour information within our own database for the purposes of improving the product and as part of its designed operation, for example, to enable or disable features within the application and to draw attention to features.

Location Information

The analytics software mentioned in Usage Analytics is able to determine the nearest postal town you live in. This information can be useful for looking for patterns in behaviour by location.

To the best of our knowledge, the analytics software we use inhibits isolating a single user to an exact location. However, by using our services you accept that even if you delete your account and we delete all your application data, in very rare circumstances it may be feasible to infer and guess an individual user by their location, actions and other data that may be captured by our analytics system. Note that our analytics systems have a defined retention period.

We will only personally identify you when we want to contact you and we will only use the data you have submitted expressly for this purpose, for example, in completing a questionnaire and ticking a box agreeing to be contacted via a supplied means.

Cookies

Cookies are a small text files stored on your computer by your browser containing information we would like to keep even if you reboot your computer. This is how it's possible for our website to recognize you without asking you to login again. They are a fundamental part of how the web works.

Cookies are also used by our analytics systems to uniquely identify your web browser. Cookies may also store small bits of data to make it available from one page to another without writing and reading it on our servers.

When you access our website, the cookies associated with it, i.e. only those that our website set, are sent to our servers. They may be consumed only for the duration of your visit, or may be stored and used upon subsequent visits, even if you reboot your computer.

You can control the handling of cookies in your browser settings; however our website may not be available if you disable cookies.

By using Zipwire you accept that we must use cookies else the product would not work.

Payment Details

We do not store the details you submit in the process of paying for Zipwire feature access. Such data is handled by our payments provider. By not storing your data, we do not have to worry about securing this very important information, and you don't have to worry about us securing it, either. We select a trustworthy and reputable payment gateway to handle such transactions for us.

How Your Information is Used

Any personal information you provide as part of the new member registration process is used to create a default profile so you can begin using the service immediately. Profiles are used in the course of your interaction with our service and profile data may be visible to other users.

We are not responsible for the publicly visible information you may enter, such as your name, your profile picture, any captioning you provide on your account, or any other information that you choose to publicly disclose using our service. If you remove or change any information held on our systems, it may still exist in copies held in internet infrastructure, caches and archives that cannot be changed retrospectively or are outside of our control. Your rights as a data owner are unaffected where this data is within our control.

Evoq Limited is not obliged to monitor the information you post using our service, but maintains the right to remove this information at our sole discretion and without reason. We reserve the right to take down your content by request of any third party.

The web server log data we collect is used to analyse usage patterns, for performance analysis, maintenance and improvement of the product. We may send the server log data to third-parties who are trusted in the business of providing this type of analysis to us and many other websites. This data is not linked to the activity journaling or workflow data we collect as part of the Zipwire core product.

We use Google Analytics to analyse visitor traffic and Google Ads and remarketing features. Under GDPR rules, we are the Data Controller and Google are a Data Processor. We have opted to anonymize your IP address when sending data to Google and we take all necessary steps to prevent personally identifiable information from being sent to Google or anywhere else out of our direct control.

If you would prefer not to have your data sent to Google at all, feel free to install the Google Analytics Opt-out Browser Add-on. Google Analytics is used by over 40% of the world's top 1 million websites.

We will use the main email address on your profile to send workflow alerts and reminders as well as marketing material.

We use browser cookies as a convenience so you don't have to login every time you visit our site. We also use cookies to change how our web pages are presented to you, either to customise and improve your experience of our website, or for diagnostic purposes. We may also use cookies to track and group website usage habits and gather traffic statistics.

How Your Information is Shared

We will not share your data with third-parties without your consent, unless required to do so by law or subpoena, or if we believe that is it reasonably necessary to comply with a regulation, or in the course of investigating suspected illegal activity, to protect the safety of another person, or to protect the rights or property of Evoq Limited.

Your data may be held on systems outside of the direct control of Evoq Limited, such as on web server equipment stored at a third-party server hosting company, or rented from such a company. Your data may be stored or replicated in any country. We always use trusted cloud storage providers and secure connections.

Should the Zipwire service or Evoq Limited be sold in full or in part, merged or dissolved, your information may be sold or transferred as part of the transaction. In this event, your information will be subject to the terms as described in this Privacy Policy within the new business.

How Your Information is Secured

Our first method to protect your data is not to store it in the first place. We store only what is absolutely essential for the provision of a great experience. When we do hold data in persistent storage, we take all reasonable steps to ensure that it is physically safeguarded and hosted in a secure facility. In practice, we use trusted and accredited cloud providers and do not store data on our own hardware.

We have taken technical measures to harden our services and software interfaces to prevent attack and unauthorised information disclosure.

When transmitting login credentials across public networks, we secure the channel. We do not store login credentials since we delegate identity to trusted OAuth2 login providers.

We feel it is impossible to guarantee the security of any information you transfer into our custodianship and you do so at your own risk.

You are responsible for maintaining the security of your login credentials and access to any email account to which we may send messages.

You are responsible for maintaining the security of any devices and the networks on which you access our information services.

We use Google Cloud to host the website and services and for all storage. Data is encrypted whenever it is transmitted between computers and equipment, as well as when stored on disk.

Your data is primarily stored in North Carolina, United States but Google Cloud keeps encrypted backups on in other locations across the United States.

Google has made a comprehensive document available to its customers.

Trusting your data with Google Cloud

When Your Information is Deleted

We retain data which is used by the application features to provide working software for as long as you are an active user, whether you are a paying subscriber or not. Accounts are deemed inactive after 6 months after which this application data is retained for a further 6 months before being deleted.

You have the right to expedite deletion of your account and all its application data by contacting our Data Protection officer at data@zipwire.io

Data sent to our analytics platforms is automatically purged within a configured period, since it is expensive to retain and it becomes unuseful as the product changes. This data is aggregated and not deemed to be personally identifiable.

We may retain aggregated reports for many years in order to identify long term trends. Such aggregated data is rendered personally unidentifiable. For example, we may produce an average for a group that you belong to, such as a group of accounts that all registered in winter 2020, and then discard the original data points.

General Data Protection Regulation (GDPR)

The rights set out in the GDPR applies to all users, regardless of their location. This product has been designed and built with GDPR in mind. The regulation defines the following terminology which is important to know since users of this product have a responsibility to safeguard data and comply with regulations.

What's "processing"?

Almost anything done with data counts as processing; including collecting, recording, storing, using, analysing, combining, disclosing or deleting it.

What's a "controller"?

A controller is anyone that decides how and why to collect and use the data. This is often an organisation, but it can be an individual such as a sole trader, partner in an unincorporated partnership, or self-employed professional. If you're an employee acting on behalf of your employer, the employer would be the controller and controllers must make sure that all processing of data complies with data protection law. As a user of our product, you are a data controller.

What's a "processor"?

A processor is any person or organisation (not an employee) who processes data on behalf of the controller. Processors have some direct legal obligations, but these are more limited than the controller's obligations.

What's a "subject"?

This is the term for any individual whom personal data is about. In Zipwire this includes but it not limited to the senders, approvers and processors that the controller enters information about.

Changes to this Privacy Policy

Evoq Limited may update this policy from time to time. When we do, we will post the new policy and a notification of the changes on our website and the new policy will be effective at this point.

Questions and Suggestions

If you have any questions, suggestions or wish to complain, you can email suggest@zipwire.io

Document Version History

V1.1 July 2022

Added section about GDPR and definitiions of roles. Added details about Google Cloud storage.
V1.0 April 2020

The original policy.