Privacy Policy

ZipTier Privacy Policy

Effective Date: 1st May 2026

Summary for Users (Plain Language Overview)

ZipTier respects your privacy. This policy explains:

  • What personal data we collect and why.
  • When ZipTier acts as Controller versus Processor.
  • How Customer Data is processed to provide the Service.
  • That Customer Data is not used to train ZipTier proprietary foundation or master AI models.
  • How we share data with trusted service providers such as hosting and payment vendors.
  • Your rights under GDPR, CCPA/CPRA, DPDPA, and other applicable laws.
  • How to contact us regarding privacy requests.

For full legal details, please read below.

  1. Introduction
    1. This Privacy Policy describes how ZipTier India Private Limited and its affiliates, including ZipTier Inc., as applicable to the services provided, billing relationship, or operational function (collectively, "ZipTier", "we", "us", or "our"), collect, use, disclose, and protect personal data when you use our website, applications, and related services (collectively, the "Service").
    2. We comply with applicable data protection laws, including:
      1. United States laws including the California Consumer Privacy Act (CCPA)
      2. European Union's General Data Protection Regulation (GDPR)
      3. India's Digital Personal Data Protection Act, 2023 (DPDPA)
    3. ZipTier may use affiliated entities within the ZipTier group for contracting, billing, support, product development, and administrative functions, subject to applicable confidentiality and data protection obligations.
    4. This policy is incorporated into our Terms and Conditions.
  2. Information We Collect

    We collect personal information in three ways:

    1. Information you provide
      • Account Data: Name, email, password, company, job title.
      • User Content: Documents, text, and data you upload—may include third-party personal data.
      • Payment Data: Billing address and payment details (processed via third-party providers; we do not store full card data).
      • Support & Feedback: Communications you send us.
    2. Information we collect automatically
      • Usage Data: IP address, browser type, pages visited, timestamps.
      • Device Data: Device type, OS, unique identifiers.
      • Cookies: See our Cookie Policy for details.
    3. Information from 3rd Parties
      • Payment processors, identity/authentication tools, or fraud prevention providers.
      • Hosting, infrastructure, and security providers.
      • Integrations or APIs you authorize us to connect with.
      • Public sources or business directories where relevant to account onboarding or verification.
  3. Roles and Responsibilities under GDPR, CCPA and DPDPA
    1. ZipTier acts in different capacities depending on the data and context.
    2. Account, billing, subscription, administrator, support, website, security, device, login, and operational telemetry data that ZipTier uses for its own business purposes (such as account management, billing, fraud prevention, service reliability, support, and legal compliance) are generally processed by ZipTier as:
      • Controller under GDPR / UK GDPR;
      • Business under CCPA/CPRA where applicable;
      • Data Fiduciary under the DPDPA where applicable.
    3. User Content (documents, text, and datasets that you or your organisation upload into the Service, which may include third-party personal data) is generally processed by ZipTier only on your documented instructions and solely for your business purposes (for example, generating AI Output, executing campaigns), in accordance with our Data Processing Addendum (DPA). For these data, you or your organization acts as:
      • Data Controller under the GDPR;
      • Business under the CCPA/CPRA;
      • Data Fiduciary under the DPDPA; and
      • ZipTier acts as: Data Processor / Service Provider / Data Processor, respectively.
    4. This Privacy Policy should be read together with our Terms and Conditions, Data Processing Addendum (DPA), and Cookie Policy, which describe in more detail how responsibilities and data protection obligations are allocated between ZipTier and its business customers.
  4. How we Use your Information
    1. We use your data to:
      • Provide and maintain the Service.
      • Generate AI Output from your User Content.
      • Improve service reliability, security, usability, support operations, and customer-requested features using aggregated, de-identified, or operational data where appropriate.
      • Communicate with you (support, updates, marketing).
      • Ensure security, prevent fraud, and comply with law.
    2. AI Model Training
      1. ZipTier uses AI technologies, including third-party/off-the-shelf model providers, to generate outputs, automate workflows, process prompts, summarize information, and provide requested Service functionality.
      2. ZipTier does not use Customer User Content, prompts, outputs, chat transcripts, or customer-submitted personal data to train or fine-tune ZipTier proprietary foundation models, generalized master models, or unrelated commercial AI systems.
      3. ZipTier may use aggregated, anonymized, or de-identified data that does not identify any person or customer for analytics, security improvement, capacity planning, quality assurance, and lawful product enhancement.
      4. Where third-party AI or infrastructure providers are used to process Customer Data in order to deliver the Service, such providers are engaged subject to contractual and technical safeguards reasonably designed to protect data.
      5. If ZipTier materially changes these practices in the future in a way requiring additional notice or consent under applicable law, this Policy will be updated accordingly.
  5. Legal Basis for Processing
    1. Users in the European Economic Area, United Kingdom, and Switzerland (GDPR): If you are in the EEA, UK, or Switzerland, we process your personal data on one or more of the following legal bases under Article 6 GDPR:
      • Contractual Necessity: To enter into and perform our contract with you, including:
        • creating and managing your account;
        • providing and maintaining the Service;
        • processing payments and managing subscriptions;
        • providing customer support.
      • Consent: Where you have given clear consent, for example:
        • sending you marketing communications that are not based on our legitimate interests;
        • placing and reading non-essential cookies and similar technologies (see our Cookie Policy);
        • processing optional non-essential cookies or similar technologies, where used and where consent is required.

        You may withdraw your consent at any time using the mechanisms described in this Policy, without affecting the lawfulness of processing before withdrawal.

      • Legitimate Interests: Where necessary for our legitimate interests, provided these are not overridden by your interests or fundamental rights and freedoms, including:
        • securing and protecting the Service (for example, fraud detection, abuse monitoring, and threat prevention);
        • limited operational telemetry, fraud prevention, service diagnostics, security monitoring, and aggregate service performance measurement to improve core functionality;
        • enforcing our contracts and defending legal claims;
        • business continuity, audit, and governance.

        Where we rely on legitimate interests, we have performed a balancing test and implemented safeguards to protect your privacy.

    2. Users in India (Digital Personal Data Protection Act, 2023): If you are a Data Principal in India, we process your personal data on the following bases under the Digital Personal Data Protection Act, 2023 ("DPDPA"):
      • Consent (Section 6): Where required under applicable law, including for:
        • sending marketing or promotional communications where consent is required;
        • optional non-essential cookies, tracking technologies, or similar tools, if introduced;
        • any future optional processing activity that is not necessary to provide the Service and for which consent is required by law.

        Consent, where relied upon, shall be free, specific, informed, unambiguous, and capable of being withdrawn as easily as it is given.

      • Certain Legitimate Uses (Section 7): In limited circumstances permitted under the DPDPA, including where reasonably applicable:
        • where processing is necessary to comply with law or lawful directions;
        • where personal data is voluntarily provided by you and it is reasonable to expect processing for that purpose;
        • for employment-related purposes, where applicable;
        • for prevention, detection, investigation, or prosecution of offences, or enforcement of legal rights;
        • for security, fraud prevention, service reliability, and other uses expressly permitted under applicable law.

      ZipTier does not rely on any general "legitimate interests" basis under the DPDPA. Where processing would otherwise rely on legitimate interests under certain other laws, ZipTier will instead rely on consent, Certain Legitimate Uses, contractual necessity where relevant, or another valid basis recognized under applicable Indian law.

    3. Users in California and Other U.S. States (CCPA and similar laws): For California residents, ZipTier acts as a "Business" for personal information it collects and determines the purposes and means of processing. We process personal information:
      • to provide the Service you request;
      • to operate, secure, and improve the Service;
      • to comply with legal obligations;
      • for other purposes described in this Policy that are compatible with the context in which the information was collected.
    4. ZipTier does not sell personal information. ZipTier does not currently share personal information for cross-context behavioural advertising through third-party trackers or advertising cookies.
    5. Personal data may be processed or stored in the United States and other jurisdictions through trusted vendors and affiliates. ZipTier primarily uses infrastructure hosted in the United States. Where required by applicable law, ZipTier will implement appropriate safeguards for restricted international transfers, which may include contractual clauses, technical measures, or other lawful mechanisms.
    6. Depending on the Service configuration, ZipTier may engage service providers such as:
      • Amazon Web Services – cloud hosting and infrastructure.
      • Stripe – payment processing.
      • Pinecone – vector database / search infrastructure.
      • LlamaIndex or similar workflow/document processing vendors.
      • Other carefully selected vendors providing security, support, or technical services.
    7. ZipTier uses logical access controls designed to segregate customer environments and restrict access to Customer Data based on company identifiers, user credentials, roles, tokens, and application-layer permissions.
  6. Retention and Deletion
    1. Different categories of data are retained for different periods depending on purpose, legal obligations, security needs, and contractual commitments.
    2. Certain operational logs may be retained for limited periods (for example, approximately ninety (90) days in some systems, subject to change).
    3. Customer Data deletion requests may require verification and may be processed manually or through system workflows depending on the nature of the request.
    4. Backup copies may persist temporarily until overwritten in the ordinary course.
    5. Where ZipTier processes personal data solely on behalf of a business customer, the relevant customer is primarily responsible for privacy notices, lawful basis, responding to rights requests, and instructions regarding deletion or correction. In such cases, you may need to contact that customer directly.
    6. ZipTier maintains reasonable technical and organizational safeguards designed to protect personal data. If a notifiable personal data breach occurs, ZipTier will take steps required under applicable law and contractual commitments.