Privacy Policy

Introduction

ZapTap ("we," "us," or "our") operates the website zaptap.net and provides digital marketing services. This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you visit our website, use our services, or interact with us in any capacity.

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our website or services.

This policy applies to all visitors, users, clients, and prospective clients of ZapTap, regardless of location. We have included specific sections addressing the rights of individuals under the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

1.1 Information You Provide Directly

Contact form submissions: Name, email address, phone number, company name, job title, and any message content you include.
Service inquiries and proposals: Business details, project requirements, budget information, and any documents you share during the sales process.
Client onboarding: Billing information, login credentials for third-party platforms you authorize us to access, brand assets, and business data required to deliver our services.
Email subscriptions: Email address and communication preferences when you subscribe to our newsletter, reports, or marketing communications.
Career applications: Resume, cover letter, portfolio, and professional background information submitted through our careers page.
Event registrations: Name, email, company, and dietary preferences or accessibility needs for webinars and events.

1.2 Information Collected Automatically

Device and browser information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
Usage data: Pages visited, time spent on pages, click paths, scroll depth, referring URLs, and exit pages.
Cookies and tracking technologies: We use cookies, web beacons, pixels, and similar technologies to collect browsing data. See our Cookie Policy for details.
Analytics data: Aggregated and individual-level data collected through Google Analytics 4, including session duration, page views, bounce rate, and conversion events.
Advertising data: Conversion data, audience segments, and remarketing identifiers collected through Meta Pixel, Google Ads tags, LinkedIn Insight Tag, and similar advertising platforms.

1.3 Information from Third Parties

Business enrichment data: Company size, industry, revenue, and technographic data from third-party data providers to improve our understanding of prospective clients.
Social media platforms: Profile information when you interact with our social media accounts or log in using social authentication.
Referral partners: Contact information shared by partners who refer prospective clients to us, with appropriate consent.

2. How We Use Your Data

Service delivery: To provide, manage, and improve the marketing services you have engaged us to perform, including campaign management, reporting, and strategic consulting.
Communication: To respond to your inquiries, send project updates, share deliverables, and provide client support.
Marketing: To send you newsletters, case studies, industry reports, and promotional materials, where you have consented or where we have a legitimate interest to do so.
Analytics and improvement: To analyze website usage, measure marketing campaign effectiveness, optimize user experience, and improve our services.
Personalization: To tailor website content, recommendations, and advertising to your interests and business needs.
Security: To detect and prevent fraud, unauthorized access, and other security incidents.
Legal compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
Business operations: To manage billing, invoicing, contract administration, and internal record-keeping.

3. Legal Basis for Processing

Under the GDPR and similar data protection laws, we process personal data based on the following legal grounds:

Consent: Where you have given explicit consent to the processing of your personal data for specific purposes, such as subscribing to our newsletter or accepting non-essential cookies. You may withdraw consent at any time.
Contractual necessity: Where processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request, such as delivering marketing services or processing a service inquiry.
Legitimate interest: Where processing is necessary for our legitimate business interests, such as improving our services, marketing our business, ensuring security, and conducting analytics. We balance these interests against your rights and freedoms.
Legal obligation: Where processing is necessary to comply with a legal obligation to which we are subject, such as tax reporting, financial record-keeping, or responding to lawful requests from public authorities.

4. Data Sharing

We do not sell your personal data. We may share your data with the following categories of third parties, solely for the purposes described in this policy:

Analytics providers: Google Analytics, HubSpot, and Hotjar for website analytics and user behavior insights.
Advertising platforms: Google Ads, Meta (Facebook/Instagram), LinkedIn, and TikTok for campaign delivery, conversion tracking, and audience targeting.
CRM and email platforms: HubSpot and email service providers for managing client relationships, sending communications, and marketing automation.
Cloud infrastructure providers: Hosting, storage, and content delivery network providers that process data on our behalf under strict data processing agreements.
Payment processors: Secure payment processors for billing and invoicing. We do not store full payment card details on our systems.
Professional advisors: Accountants, lawyers, and auditors when necessary for legal, financial, or compliance purposes.
Law enforcement: When required by law, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, safety, or the safety of others.

All third-party service providers are contractually obligated to protect your data and may only process it for the specified purposes under appropriate data processing agreements.

5. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete personal data.
Right to erasure: Request deletion of your personal data, subject to legal obligations that may require us to retain certain information.
Right to restrict processing: Request that we limit how we use your data in certain circumstances.
Right to data portability: Request your personal data in a structured, machine-readable format for transfer to another service provider.
Right to object: Object to the processing of your data based on legitimate interests or for direct marketing purposes.
Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
Right to non-discrimination: Exercise your privacy rights without receiving discriminatory treatment.

To exercise any of these rights, contact us at hello@zaptap.io. We will respond to verified requests within 30 days (or within the timeframe required by applicable law).

6. Additional Rights for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email, IP address), internet activity information (browsing history, search history, interactions with our website), professional information (job title, company name), and commercial information (services purchased, service inquiries).

Your CCPA/CPRA Rights

Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
Right to delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
Right to correct: You may request that we correct inaccurate personal information.
Right to opt out of sale/sharing: We do not sell personal information as defined under the CCPA. We do share personal information with advertising partners for cross-context behavioral advertising. You may opt out of this sharing.
Right to limit use of sensitive personal information: If we collect sensitive personal information, you may request that we limit its use to what is necessary for performing our services.
Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

How to Submit a Request

Submit a verifiable consumer request by emailing hello@zaptap.io with the subject line "CCPA Request." We will verify your identity before processing the request and respond within 45 days.

"Do Not Track" Signals

Our website does not currently respond to "Do Not Track" browser signals. However, you can manage your cookie preferences through our cookie consent tool and opt out of interest-based advertising through the links provided in our Cookie Policy.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze site traffic, and deliver targeted advertising. Our use of cookies falls into four categories:

Essential cookies: Required for the website to function properly. These cannot be disabled.
Analytics cookies: Help us understand how visitors use our site (e.g., Google Analytics).
Marketing cookies: Used to deliver relevant advertisements and track campaign performance (e.g., Meta Pixel, Google Ads).
Functional cookies: Remember your preferences and settings to improve your experience.

For a complete list of cookies we use, their purposes, and durations, please see our Cookie Policy.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our general retention periods are:

Contact form submissions: 24 months from submission, unless a client relationship is established.
Client data: Duration of the client relationship plus 36 months after termination, to support any follow-up inquiries or legal obligations.
Email subscriber data: Until you unsubscribe or request deletion. Inactive subscribers are removed after 18 months of non-engagement.
Analytics data: 26 months (aligned with Google Analytics default retention settings).
Financial and billing records: 7 years, as required by tax and accounting regulations.
Career application data: 12 months from submission, unless you consent to longer retention.
Cookie data: Varies by cookie type; see our Cookie Policy for specific durations.

When data is no longer required, we securely delete or anonymize it using industry-standard methods.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

TLS/SSL encryption for all data transmitted between your browser and our servers.
Encryption at rest for sensitive data stored in our systems.
Access controls limiting data access to authorized personnel who need it for their job functions.
Regular security assessments and vulnerability testing.
Employee training on data protection and privacy best practices.
Incident response procedures for detecting and addressing security breaches.

While we take reasonable precautions, no method of transmission or storage is 100% secure. If you believe your data has been compromised, please contact us immediately.

10. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Data processing agreements with all third-party processors.
Assessment of the data protection laws in the receiving country.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that any international transfer of your data complies with Chapter V of the GDPR.

11. Children's Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at hello@zaptap.io, and we will promptly delete the information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. When we make material changes, we will:

Update the "Last Updated" date at the top of this page.
Post a notice on our website for significant changes.
Notify you by email if the changes materially affect how we handle your personal data (where we have your email address and applicable law requires notification).

We encourage you to review this policy periodically. Your continued use of our website and services after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact us:

Email: hello@zaptap.io
Subject line: "Privacy Inquiry" for general questions, "Data Rights Request" for access/deletion/portability requests, or "CCPA Request" for California-specific requests.
Website: zaptap.net/contact

If you are located in the EEA and believe we have not adequately addressed your data protection concern, you have the right to lodge a complaint with your local Data Protection Authority.