Privacy Policy

Ziproh Training Ltd (“Ziproh”, “we”, “us”, “our”) operates the Ziproh Compliance Centre at app.ziprohtraining.co.uk and the marketing website at ziprohtraining.co.uk. We are registered in England and Wales. Our registered address is available on request at hello@ziprohtraining.co.uk.

We are the data controller for the personal data you provide to us when using our services.

We collect the following categories of personal data:

• Account data: your name, email address, organisation name, service type, and regulator.
• Usage data: pages visited, features used, and session timestamps, collected to improve the platform.
• Billing data: payment method details processed securely by Stripe. We do not store card numbers.
• Communications: emails and support messages you send to us.

We do not collect sensitive or special-category data (e.g. health records of service users). Ziproh is a compliance management tool — the content of policies belongs to you.

We use your personal data to:

• Provide, operate, and improve the Ziproh platform.
• Process payments and manage your subscription.
• Send transactional emails (account confirmation, password reset, billing receipts).
• Send service updates and product announcements (you can unsubscribe at any time).
• Respond to support enquiries.
• Meet our legal and regulatory obligations.

We process your personal data under the following legal bases (UK GDPR Article 6):

• Contract: processing necessary to provide the service you signed up for.
• Legitimate interests: improving the platform, preventing fraud, and communicating service updates.
• Legal obligation: compliance with applicable law.
• Consent: marketing communications (you may withdraw consent at any time).

We share personal data only with trusted third-party processors who are contractually bound to protect it:

• Supabase (database and authentication) — hosted on AWS EU-West.
• Stripe (payment processing) — PCI-DSS Level 1 certified.
• Vercel (platform hosting) — EU data residency configured.

We do not sell your personal data to any third party.

We retain account data for as long as your account is active and for up to 12 months after cancellation, in case of reactivation. Billing records are retained for 7 years to meet HMRC requirements. You may request earlier deletion at any time (see Your Rights below).

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data (“right to be forgotten”).
• Restrict or object to certain processing.
• Data portability — receive your data in a machine-readable format.
• Withdraw consent at any time where processing is consent-based.

To exercise any right, email hello@ziprohtraining.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

The Ziproh app uses only essential cookies required for authentication (session tokens). We do not use tracking or advertising cookies. The marketing website (ziprohtraining.co.uk) may use analytics cookies — please see the cookie notice on that site.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production data is restricted to authorised personnel only. We conduct regular security reviews.

We may update this policy from time to time. Material changes will be notified by email to all account holders. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

For any privacy-related questions: hello@ziprohtraining.co.uk