Privacy Policy

Last updated: February 19, 2026

1. Introduction

ZAP Analytics ("ZAP", "we", "us", or "our") operates the ZAP Email Signature Manager platform accessible at zapanalytics.net and app.zapanalytics.net (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you register for the Service, we collect:

  • Name (first and last)
  • Email address
  • Company/organization name
  • Password (stored in hashed form)

2.2 Employee Directory Data

When you connect your Microsoft 365 or Google Workspace account, we access employee directory information to enable signature management. This may include:

  • Employee names and email addresses
  • Job titles and department information
  • Phone numbers and office locations
  • Profile photos (when available)

This data is accessed through Microsoft Graph API or Google People API with your explicit authorization and is used solely for signature creation and deployment.

2.3 Signature Content

We store the email signature designs, templates, and associated assets (logos, images, social links) that you create within the Service.

2.4 OAuth Tokens

When you connect Microsoft 365 or Gmail, we securely store OAuth access and refresh tokens to maintain the integration. These tokens are encrypted at rest and are used only to perform authorized actions on your behalf, such as deploying signatures.

2.5 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers. We may store a reference to your Stripe customer ID and subscription status.

2.6 Usage and Log Data

We automatically collect certain technical information when you use the Service, including:

  • IP address and approximate location
  • Browser type and device information
  • Pages visited and features used
  • Timestamps and session duration

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Create and manage email signatures, synchronize employee data, and deploy signatures to email platforms
  • Manage your account: Authenticate your identity, process subscriptions, and communicate about your account
  • Improve the Service: Analyze usage patterns, diagnose technical issues, and develop new features
  • Communicate with you: Send transactional emails (verification, password reset), service announcements, and product updates
  • Ensure security: Detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations: Respond to legal requests and enforce our Terms of Service

4. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information with:

  • Service Providers: Third-party vendors who assist in operating our Service, including cloud hosting (Railway), payment processing (Stripe), and email delivery (Resend). These providers are contractually obligated to protect your data.
  • Microsoft and Google: When you authorize integrations, data flows between our Service and these platforms as necessary to deploy signatures and sync user directories.
  • Legal Requirements: We may disclose information when required by law, regulation, legal process, or enforceable governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.

5. Data Storage and Security

Your data is stored on secure cloud infrastructure. We implement industry-standard security measures to protect your information, including:

  • Encryption of sensitive data at rest (OAuth tokens, credentials)
  • HTTPS/TLS encryption for all data in transit
  • Secure authentication with hashed passwords
  • Role-based access controls within the application
  • Regular security reviews and updates

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Upon account termination:

  • Account data is retained for 30 days to allow for reactivation
  • After the retention period, data is permanently deleted from our active systems
  • Backup copies may persist for up to 90 days before being purged
  • Anonymized, aggregated data may be retained indefinitely for analytics purposes

You may request deletion of your data at any time by contacting us at support@zapanalytics.net.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Data Portability: Request an export of your data in a machine-readable format
  • Withdrawal of Consent: Revoke previously granted consent for data processing
  • Objection: Object to processing of your data for certain purposes

To exercise any of these rights, contact us at support@zapanalytics.net. We will respond to requests within 30 days.

8. Microsoft and Google API Data Usage

Our use of information received from Microsoft Graph API and Google APIs adheres to the respective platform policies:

  • We only request the minimum scopes necessary to provide our Service functionality
  • Microsoft data (user profiles, mailbox settings) is used solely for signature deployment and user directory synchronization
  • Gmail data (signature settings) is used solely for deploying and managing email signatures
  • We do not use API data for advertising, profiling, or any purpose unrelated to the Service
  • OAuth tokens are encrypted and never shared with unauthorized parties

Our use of Google API data complies with the Google API Services User Data Policy, including the Limited Use requirements.

9. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. We may also use analytics tools to understand how the Service is used. You can control cookie preferences through your browser settings.

10. International Data Transfers

Our Service infrastructure is hosted in the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on our website and updating the "Last updated" date. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: