Privacy Policy

1. Overview

Zirpa (“we”, “us”, “our”) provides an AI-powered journey platform that helps organisations design, manage, and automate workflows involving candidates, customers, and partners.

This Privacy Policy explains how we collect, use, and protect personal information when you:

  • use our website
  • create an account
  • interact with workflows powered by Zirpa

We take privacy seriously and design our platform to handle data responsibly, securely, and transparently.

2. Our Role

Zirpa operates in two distinct roles:

2.1 As a Service Provider (Processor)

When our customers (e.g. brands, organisations) use Zirpa to run workflows:

  • We process personal data on their behalf
  • They determine what data is collected and how it is used
  • We act as a data processor / service provider

This includes data relating to:

  • candidates
  • applicants
  • customers
  • other end users interacting with Zirpa workflows

If you are an end user interacting with a Zirpa-powered experience, your data is primarily controlled by the organisation using Zirpa.

2.2 As a Business (Controller)

We act as a data controller for:

  • account registration and administration
  • billing and payments
  • support and communications
  • our website and marketing

3. Information We Collect

3.1 Information You Provide

We collect information you provide directly, including:

  • name and contact details
  • work email address
  • account credentials
  • organisation details
  • communications with us

When you interact with a Zirpa-powered workflow, the organisation using Zirpa may collect:

  • application or profile information
  • documents and uploads
  • responses to forms or questionnaires
  • messages and communications

3.2 Automatically Collected Information

We collect limited technical data such as:

  • IP address
  • browser and device information
  • usage data (pages visited, actions taken)
  • timestamps and session data

3.3 Information from Integrations

Where enabled by our customers, Zirpa may process data from third-party services such as:

  • email systems
  • SMS providers
  • calendar systems
  • document storage systems

4. How We Use Information

We use information to:

  • provide and operate the Zirpa platform
  • create and manage user accounts
  • enable workflow execution and automation
  • process communications (email, SMS, notifications)
  • provide support and respond to enquiries
  • improve performance, reliability, and user experience
  • ensure security and prevent misuse

We do not sell personal information.

Where required by applicable law, we process personal data based on:

  • contractual necessity (to provide our services)
  • legitimate interests (such as improving and securing our platform)
  • consent (where applicable)

5. AI and Automated Processing

Zirpa uses artificial intelligence to support workflows and enhance user experiences.

This may include:

  • generating content or responses
  • summarising or structuring information
  • assisting with decision-making processes
  • producing insights or scoring outputs (where configured by customers)

Important:

  • AI outputs are assistive, not deterministic decisions unless explicitly configured by the customer
  • Zirpa does not make fully automated decisions with legal or similarly significant effects unless explicitly configured by the customer
  • the organisation using Zirpa is responsible for how AI outputs are used
  • we do not use customer data to train general-purpose AI models unless explicitly agreed

6. How We Share Information

We share information only where necessary to provide our services, including with:

6.1 Service Providers (Subprocessors)

We use trusted third-party providers for:

  • cloud hosting and infrastructure
  • email delivery
  • SMS messaging
  • analytics and monitoring
  • AI processing

These providers are contractually required to protect data and use it only for service delivery.

We maintain a list of subprocessors which is available upon request.

6.2 Customers (Your Organisation)

If you are interacting with a Zirpa-powered workflow:

  • your data is shared with the organisation using Zirpa
  • they control how it is used, disclosed, and retained

6.3 Legal Requirements

We may disclose information where required to:

  • comply with applicable laws or regulations
  • respond to lawful requests
  • protect rights, safety, or security

7. International Data Transfers

Zirpa operates globally and may process data in multiple countries, including the United States.

Where personal data is transferred internationally, we take steps to ensure appropriate safeguards are in place consistent with applicable privacy laws.

8. Data Retention

We retain personal information:

  • for as long as necessary to provide our services
  • as required by our customers (for workflow and candidate data)
  • as needed to comply with legal, accounting, and operational obligations

Data may be retained in backups or archives for a limited period after deletion.

9. Security

We implement appropriate technical and organisational measures to protect personal information, including:

  • encryption in transit and at rest
  • access controls and authentication mechanisms
  • system monitoring, logging, and alerting
  • logical separation of customer environments

We regularly review and improve our security practices.

10. Your Rights

Depending on your location, you may have rights to:

  • access your personal information
  • correct inaccurate data
  • request deletion
  • restrict or object to processing
  • request data portability

If your data is processed through a Zirpa customer, you should contact that organisation directly.

You may also contact us at: privacy@zirpa.ai

11. Cookies and Tracking

We use cookies and similar technologies to:

  • operate and secure our website
  • understand usage and performance
  • improve user experience

You can control cookies through your browser settings.

12. Children’s Privacy

Zirpa is not intended for use by individuals under the age of 16, and we do not knowingly collect personal information from children.

If we become aware that we have collected such data, we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

If changes are material, we will provide appropriate notice.

14. Contact

For questions or concerns about this policy:

Zirpa

Email: privacy@zirpa.ai

Last updated: March 31, 2026