Start free trial
Legal

The DPA, without the fog.

Last updated · June 2026 Zinye Technologies Ltd. [email protected]
Privacy → Terms →
This is the plain-language version — it is the real agreement, written so you can actually read it. A countersigned copy for your records is available from [email protected].

01Scope & parties

This Data Processing Agreement applies whenever Zinye Technologies Ltd. processes personal data inside your Zinye site on your behalf. It forms part of the Terms of Service for every customer — no separate signature needed, though a countersigned copy is available on request.

02Roles

You are the controller of the personal data in your site (your customers, employees, suppliers). Zinye is the processor: we process that data only on your documented instructions — i.e. to run the service you configured.

03What we process

The categories depend on how you use the service, and typically include contact details of your customers and suppliers, and employment data of your staff (for HR and payroll modules). Processing lasts for the duration of your subscription plus the deletion window.

04Sub-processors

We use a short list of sub-processors for hosting, email delivery and support tooling, each bound by equivalent data-protection terms. The current list is available from [email protected]; we give 30 days' notice before adding one, and you may object on reasonable grounds.

05Security measures

We maintain the controls described on our Security page: SOC 2 Type II and ISO 27001 programmes, encryption in transit and at rest, MFA, role-based access, quarterly penetration tests, 6-hour backups and point-in-time restore. Staff access to customer data is logged and limited to support cases you open.

06Breach notification

If we become aware of a personal-data breach affecting your site, we will notify you without undue delay — within 48 hours of confirmation — with what we know, what we're doing, and what we recommend you do.

07Data subject requests

If someone exercises their rights (access, deletion, correction) against you, the tools to comply are in the product — search, export and delete work on individual records. If a request reaches us directly, we'll forward it to you within 5 business days.

08International transfers

Your site stays in the hosting region you chose. Where any transfer outside that region is required (e.g. support tooling), it is covered by Standard Contractual Clauses or an equivalent lawful mechanism.

09Deletion & return

You can export all data yourself at any time. After cancellation, data is deleted following the 60-day retention window (plus 35 days for backup expiry), and we'll confirm deletion in writing if you ask.

10Contact

DPA questions and countersigned copies: [email protected].