Privacy Policy

1. Who we are & what we do

Zip Tech FZE (the Company) offers services in two ways:

• Dataset Services – delivery of datasets in machine‑readable formats that contain information made publicly available online by individuals or on their behalf.
• Platform/API Services (the Platform) – tools and APIs that allow customers to programmatically retrieve publicly available data from third‑party webpages.

Dataset Subjects are natural persons whose publicly available information appears in our datasets. Users are individuals acting for themselves or on behalf of an organization that uses our Services.

Affiliates. The Company itself does not collect Personal Data about Dataset Subjects directly from the web. Our affiliated companies gather publicly available information and organize it into datasets; the Company distributes those datasets and provides access to them to clients. ("Affiliate" means any entity that controls, is controlled by, or is under common control with the Company.)

2. Scope and definitions

This Policy describes how we collect, maintain, use, share, secure, and otherwise process Personal Data of Users and Dataset Subjects.

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on Personal Data (e.g., collection, recording, storage, use, disclosure, deletion).
• "Controller" / "Processor." For Dataset Services and our own user/account data, the Company acts as a controller. For Personal Data collected, uploaded, or otherwise provided by Users via our Platform/API for their own purposes, the User (or the User's organization) is the controller and the Company acts as a processor.

We do not knowingly collect or maintain Personal Data of children under 18. If you believe we have unintentionally stored such data, please contact us and we will delete it promptly.

3. What we collect & how we obtain it

A) Users (customers, trial users, and prospects)

Account/registration data. Name, work email, company name, role/title, country/region, password or SSO identifiers, and any information you submit in forms or communications with us.

Usage and device data. IP address, device/browser information, authentication and security logs, timestamps, API usage metrics, and in‑product interaction telemetry necessary to operate, secure, and improve the Services.

Communications. Content of emails, support tickets, and meeting notes you voluntarily provide. We may record customer support calls for quality assurance where legally permitted (with notice where required).

B) Dataset Subjects (publicly available sources)

We maintain Personal Data about Dataset Subjects that originates from public webpages, including public social media profiles and public professional directories. Typical fields can include: name, headline/position, employer, education, locations (at a city/region level), languages, skills, public bios, public posts or links, public memberships and affiliations, and publicly shareable contact or profile links. We do not intentionally include special categories of data (e.g., health, religious beliefs, biometric templates, sexual orientation). If such data appears inadvertently because an individual made it public, you may request removal.

Sources

• Publicly available webpages and public social media profiles (subject to those sites' user privacy settings).
• Licensed third‑party providers that certify lawful collection of public data.

No obligation to provide data (Users). You are not legally required to provide us with Personal Data. However, certain information is necessary to create and secure your account, deliver the Services, or comply with law. If you do not provide such data when requested, we may be unable to provide some or all Services.

4. Our roles as controller vs. processor

Controller (we decide why/how data is processed):

• Dataset Services (regarding Personal Data of Dataset Subjects contained in our datasets).
• User/Account/Website operations and marketing.

Processor (we act on a customer's instructions):

• Personal Data that Users collect, submit, or access through the Platform/API for their purposes. In these cases, the User (or their organization) is the controller and their privacy policy governs.

5. Purposes and legal bases for processing

We process Personal Data for the purposes below. Where required by law, we rely on the listed legal bases:

Users

• Provide, operate, and secure the Services (contract performance; legitimate interests).
• Customer support, billing, and account administration (contract performance; legitimate interests; legal obligation).
• Service improvement and analytics (legitimate interests; consent where required for cookies/SDKs).
• Communications and marketing about updates, features, and events (consent where required; legitimate interests with easy opt‑out).
• Compliance, fraud prevention, and safety (legal obligations; legitimate interests).

Dataset Subjects

• Create and maintain a structured repository of data that was made publicly available by you or on your behalf, to provide Dataset Services to Users (legitimate interests; in some jurisdictions, additional grounds such as public interest or consent may apply).
• Accuracy, quality, and integrity checks (legitimate interests).
• Compliance and rights handling (legal obligations; legitimate interests).

6. Transparency commitments

We are committed to:

• Providing clear, accessible information about our processing;
• Processing Personal Data only for the purposes described in this Policy (or compatible purposes explained at the time of collection);
• Respecting data subject rights; and
• Implementing appropriate technical and organizational security measures.

7. Who we share data with (recipients)

We share Personal Data only as necessary with:

• Affiliates who collect, normalize, or enrich publicly available data for inclusion in datasets;
• Service providers / processors (e.g., cloud hosting, security, logging and fraud prevention, email delivery, payments, and customer support tools) under written agreements that require data protection safeguards;
• Business partners where you have requested integrations or authorizations;
• Successors in the event of a merger, acquisition, or asset transfer (subject to this Policy); and
• Public authorities or other parties where required by law or to protect rights, safety, and property.

We do not sell your User account data. With respect to Dataset Services, some jurisdictions consider making public‑source datasets available for a fee to constitute a "sale" or "sharing" of personal information; see Section 12 (Regional notices) for applicable opt‑out rights and mechanisms.

8. International transfers

We may transfer, store, and process Personal Data in countries other than where it was collected. Where required by law, we implement appropriate safeguards for cross‑border transfers (e.g., adequacy decisions or contractual protections).

9. Security

We employ technical and organizational measures designed to protect Personal Data, including: encryption in transit; access controls and role‑based permissions; network segmentation and logging; vulnerability management; multi‑factor authentication for staff; secure software development and change‑management practices; and employee confidentiality and awareness training. No system is 100% secure; we maintain incident response procedures and will notify authorities and affected individuals where required by law.

10. Retention

We retain Personal Data for as long as needed to fulfill the purposes described in this Policy (e.g., to provide Services, comply with legal obligations, resolve disputes, and enforce agreements), or as otherwise permitted or required by law. Public‑source data may be refreshed periodically; where a Dataset Subject removes information from the original public source, we seek to update our records during standard refresh cycles. You may also request deletion/removal (see Section 11/12).

11. Your choices & how to exercise your rights

Contact points

Data requests (all regions): info@ziplabs.ai

To help protect privacy, we will verify your identity (and authority, if acting as an agent) before complying with a request. Where we are a processor, we will refer your request to the relevant controller.

Common request types we support

• Access / copy of your Personal Data;
• Correction (rectification) of inaccurate data;
• Deletion (erasure) where legally required;
• Restriction or objection to certain processing;
• Portability (structured, commonly used, machine‑readable format), where applicable;
• Opt‑out of marketing communications at any time (via email footer or request).

12. Regional notices (summaries)

These summaries are for convenience only; your rights and our obligations are determined by the applicable law.

A) United Arab Emirates (UAE)

The UAE's Personal Data Protection Law (PDPL) and its regulations may apply to our processing, including extraterritorially in some cases. Subject to exceptions, individuals in the UAE generally have rights to access, rectify, erase, restrict or stop processing, data portability, and to object to automated decision‑making. We support lawful cross‑border transfers through approved mechanisms.

Supervisory authority: UAE Data Office.
Complaints: You may contact the UAE Data Office if you are unable to resolve a concern with us.

Free‑zone regimes: If our operations fall within a UAE free‑zone with its own data protection regime (e.g., DIFC or ADGM), the corresponding rules and rights may also apply in addition to, or instead of, the federal PDPL.

B) European Economic Area (EEA) & UK (GDPR/UK GDPR)

Where the GDPR/UK GDPR applies, you have rights to: transparent information, access, rectification, erasure, restriction, portability, objection, and not to be subject to solely automated decisions with legal or similarly significant effects.

Legal bases we rely on typically include contract performance, legitimate interests, consent (where required), and legal obligations.

C) United States — California (CCPA/CPRA)

For California residents, we provide the following:

• Right to know/access categories and specific pieces of personal information we collected about you;
• Right to delete personal information (subject to exceptions);
• Right to correct inaccurate information;
• Right to opt‑out of "sale" or "sharing" of personal information (including cross‑context behavioral advertising);
• Right to limit use/disclosure of sensitive personal information (where applicable); and
• Right not to receive discriminatory treatment for exercising your rights.

How to exercise California opt‑outs:

Send email to info@ziplabs.ai with subject line "Do Not Sell or Share My Personal Information" with your LinkedIn profile link to submit an opt‑out.

Authorized agents: You may use an authorized agent to submit requests; we will require proof of authorization.

13. Cookies and similar technologies

We use cookies and similar technologies to operate the website, remember preferences, and measure performance. Where required, we will request consent for non‑essential cookies and provide a cookie settings manager.

14. Automated decision‑making / profiling

We do not make decisions with legal or similarly significant effects based solely on automated processing. Our datasets may include inferences or classifications derived from public fields (e.g., skills, seniority), but these are not used to make solely automated decisions about individuals with such effects.

15. Third‑party links and sources

Our Services link to third‑party sites from which public information originates. Those sites' privacy settings and policies govern data on their platforms. We are not responsible for third‑party practices.

16. How we handle requests regarding public‑source data

If you are a Dataset Subject and wish to access, correct, delete, or opt‑out of inclusion in our datasets, please contact info@ziplabs.ai. Where permitted by law, we may maintain limited records to honor your opt‑out and prevent re‑introduction of your data from public sources. We may also direct you to modify or delete the information at its original public source, which will help us propagate the change during our refresh cycles.

17. Contact us

Data Protection Officer (DPO):
Email: info@ziplabs.ai
Postal: Zip Tech FZE, SRTIP, Sharjah, United Arab Emirates (UAE)

If we act as a processor for a customer, please contact that customer (the controller) first.

18. Changes to this Policy

We may update this Policy from time to time. The "Effective date" at the top indicates when this Policy was last revised. Material changes will be notified through the website or by email where appropriate.