Privacy Policy
Effective date: 1 June 2026 · Last updated: 22 June 2026 · Version 2.0
This Privacy Policy explains how Zimpl ("Zimpl", "we", "us", or "our") collects, processes, stores, and protects information when you visit our website at zimpl.app, use the Zimpl Executive Visibility Platform, or interact with us in any other way. Please read this carefully. By using Zimpl, you agree to the practices described here.
1. Who We Are
Zimpl is an Executive Visibility Platform built specifically for business groups operating across the GCC. We provide multi-company operational intelligence — covering structure, financial tracking, compliance monitoring, workforce management, and performance reporting — through a single, integrated platform.
Our primary contact for privacy matters is: hello@zimpl.app
2. Scope of This Policy
This policy applies to:
- Visitors to our website at zimpl.app and any associated subdomains
- Administrators, owners, and executives who hold a Zimpl account
- Users (managers, accountants, PROs, and other staff) granted access by an account owner
- Individuals whose data is entered into the platform by an account holder — such as employees whose visa or passport records are tracked
- Anyone who contacts us by email, through a demo request, or any other channel
This policy does not apply to third-party websites or services that may be linked from our platform. We are not responsible for the privacy practices of those third parties.
3. Information We Collect
3.1 Information You Provide Directly
- Account registration: Name, business email address, company name, country, and a password when you create a Zimpl account
- Demo requests: Name, email, company name, phone number, and any notes you include when requesting a demo
- Contact and support enquiries: Any information you share when you contact us for support, ask a question, or send a general message
- Billing information: Name, billing address, and payment method details when you subscribe to a paid plan — payment card details are processed directly by our payment processor and are not stored on our servers
- Platform data: All business, operational, and personnel data you and your team enter into the platform in the course of using Zimpl
3.2 Information Collected Automatically
- Usage data: Pages visited, features used, time spent on pages, actions taken within the platform, and session duration
- Device and browser data: IP address, browser type and version, operating system, screen resolution, and referring URL
- Log data: Server logs including timestamps, request types, and response codes, retained for security and diagnostic purposes
- Cookies and similar technologies: Session cookies necessary for the platform to function, and analytics cookies where consent has been given (see Section 16)
3.3 Information From Third Parties
- If you sign up or log in using a third-party identity provider such as Google Workspace, we receive basic profile information including your name and email address from that provider
- We may receive referral information indicating how you found Zimpl, from partners or referral programmes where applicable
4. How We Use Your Information
4.1 To Provide and Operate the Platform
- Creating and managing your account and granting appropriate access to members of your team
- Delivering the core functionality of the Zimpl platform across all modules you use
- Generating the Confidence Scores, Executive Briefings, and reporting outputs your account is configured to produce
- Processing payments and managing your subscription
- Sending transactional communications including account confirmations, password resets, and billing notifications
4.2 To Improve the Platform
- Analysing usage patterns in aggregate to understand which features are most valuable and where the platform can be improved
- Diagnosing technical issues, errors, and performance problems
- Developing new features and capabilities based on how the platform is being used
4.3 To Communicate With You
- Responding to support requests, demo enquiries, and general questions
- Sending product updates, release notes, and important notices about changes to the platform or this policy
- Sending marketing communications about Zimpl if you have consented to receive them, subject to your right to opt out at any time
4.4 For Security and Compliance
- Detecting and preventing fraud, unauthorised access, and abuse of the platform
- Maintaining audit logs of significant account actions for security and accountability purposes
- Complying with applicable legal obligations and responding to lawful requests from authorities
5. Legal Bases for Processing
Where applicable data protection law requires us to identify a legal basis for processing personal data, we rely on the following:
- Contract: Processing necessary to fulfil our agreement with you, including delivering platform services, managing your account, and processing payments
- Legitimate interests: Processing necessary for our legitimate business interests — such as improving the platform, maintaining security, and communicating product updates — where those interests are not overridden by your rights
- Consent: Where we rely on your consent, such as for marketing communications or optional analytics cookies, you may withdraw that consent at any time
- Legal obligation: Processing required to comply with applicable laws and regulations
6. Data Entered Into the Platform
The majority of data within Zimpl is data that you and your team actively enter into the platform in the course of running your business. This includes business entity records, financial data, employee records, compliance deadlines, contracts, legal matters, goals, and management reports.
You are the data controller for all data you enter into Zimpl. Zimpl acts as a data processor in relation to this data — we process it solely according to your instructions and for the purpose of delivering the platform services to you.
Your data is yours. We do not use, analyse, sell, or share your business operational data for any purpose other than providing, maintaining, and improving the platform services as described in this policy. We do not use your data to train AI models, benchmark against competitors, or share insights with any third party.
7. Data Isolation Between Business Groups
Zimpl is a multi-tenant platform. Each business group's data is logically isolated from every other business group's data. This means:
- No user from one business group can view, access, or interact with the data of any other business group
- Role-based access controls within your own group are fully configurable by your account administrator — access can be scoped by company, branch, module, or role
- External parties such as auditors or accountants who are granted limited access see only the data explicitly scoped to their role
- Zimpl staff can only access your data for defined support, maintenance, and security purposes, and only with appropriate authorisation controls in place
8. Employee and Workforce Data
Zimpl's Employees, Visas, and Passports modules involve storing personal data about individual employees, including names, roles, company assignments, visa expiry dates, passport numbers, and renewal status.
As the Zimpl account holder, you are responsible for ensuring you have the appropriate legal basis to store this personal data, that affected employees are informed of how their data is used, and that you comply with applicable employment and data protection laws in your jurisdiction.
We process this data solely to deliver the compliance tracking, workforce visibility, and Confidence Score features you have configured. We do not use employee personal data for any purpose outside the scope of your account.
- Employee data is accessible only to users within your business group who have been granted appropriate access by your administrator
- You can request deletion of specific employee records at any time
- Archived records for departed employees are retained in a non-active state and are not included in active compliance tracking unless you choose to restore them
9. Financial Data
Zimpl's Receivables, Payables, VAT, and MIS Entries modules involve storing financial figures, customer and supplier names, invoice data, and VAT filing information. This data is used exclusively to generate the financial visibility and Confidence Score outputs within your account.
- Financial data is never shared with third parties for commercial purposes
- Financial figures are displayed in your configured currency and are not transmitted to any external financial institution or payment network
- Payment card details for Zimpl subscriptions are handled entirely by our payment processor and are not stored within the Zimpl platform
- VAT figures and filing data you enter are your records — we do not independently submit anything to tax authorities on your behalf
10. Compliance and Document Data
Zimpl's Contracts, Legal, and Passports modules may involve storing dates, counterparty names, document references, case descriptions, financial exposure estimates, and related operational detail. Where documents are attached to records, those documents are stored securely and are accessible only within your account.
- Document attachments are stored in encrypted cloud storage scoped to your account
- Compliance data such as visa expiry dates, contract renewal dates, and hearing dates is used only to generate alerts and Confidence Score inputs within your account
- We do not independently contact any government authority, counterparty, or court on your behalf based on data entered into the platform
11. How We Share Information
We do not sell personal data. We share information only in the following circumstances:
11.1 With Your Authorisation
When you grant access to a third party such as an external auditor or accountant, they can access only the data within the scope you have configured for their role.
11.2 With Service Providers
We share data with third-party service providers who help us operate the platform — including cloud infrastructure, payment processing, email delivery, and analytics services. These providers process data only on our instructions and are contractually bound to appropriate data protection standards. See Section 12 for more detail.
11.3 For Legal Compliance
We may disclose information if required by law, regulation, or valid legal process such as a court order or regulatory request, or where we believe disclosure is necessary to protect the rights, property, or safety of Zimpl, our users, or the public.
11.4 In a Business Transfer
If Zimpl is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify affected users of any such transfer and the applicable privacy choices available to them.
12. Third-Party Services and Sub-Processors
Zimpl uses a small number of carefully selected third-party providers to operate the platform. Current categories of sub-processors include:
- Cloud infrastructure and hosting: For secure storage, computing, and delivery of the platform
- Payment processing: For handling subscription payments securely without Zimpl storing card details
- Transactional email: For sending account notifications, password resets, and system alerts
- Error monitoring and diagnostics: For detecting and resolving technical issues within the platform
- Analytics (optional, consent-based): For understanding aggregate usage patterns to improve the platform
All sub-processors are required to maintain appropriate technical and organisational security measures and are prohibited from using your data for any purpose other than providing their service to us. A current list of sub-processors is available on request by emailing hello@zimpl.app.
13. International Data Transfers
Zimpl operates primarily within the GCC region. Some of our third-party service providers may process data in other countries, including outside the GCC. Where such transfers occur, we ensure appropriate safeguards are in place — including standard contractual clauses or equivalent protections recognised by applicable data protection frameworks.
If you have specific requirements around data residency or cross-border transfers, please contact us at hello@zimpl.app to discuss your needs.
14. Data Retention
We retain data for as long as necessary to provide the platform services and to comply with our legal obligations. Specific retention practices include:
- Active account data: Retained for the duration of your account and subscription, plus a reasonable period after closure to allow for data export requests
- Archived records (e.g. departed employees, closed companies): Retained in an inactive state within your account until you choose to delete them, or until account closure
- Billing and transaction records: Retained for the period required by applicable financial and tax regulations, typically seven years
- Support and communications: Retained for as long as reasonably necessary to resolve the matter and for a reasonable period thereafter
- Security and audit logs: Retained for a defined period — typically twelve months — for security monitoring and incident response purposes
- Website analytics data: Retained in anonymised or aggregated form after the session period
When data is no longer needed, it is securely deleted or anonymised so it can no longer be associated with any individual or business.
15. Security
We take the security of your data seriously and implement technical and organisational measures appropriate to the nature and sensitivity of the information we process. These include:
- Encryption of data in transit using TLS and at rest using industry-standard encryption protocols
- Role-based access controls limiting access to data within the platform and internally within Zimpl
- Regular security reviews and vulnerability assessments
- Secure, access-controlled cloud infrastructure with monitoring and alerting
- Internal policies restricting access to customer data by Zimpl staff
No system can guarantee absolute security. If you discover a potential security vulnerability, please report it responsibly to hello@zimpl.app and we will respond promptly.
In the event of a data breach likely to result in a risk to individuals, we will notify affected users and relevant authorities in accordance with applicable legal requirements.
16. Cookies and Tracking
16.1 Essential Cookies
Zimpl uses session cookies that are strictly necessary for the platform to function — for example, to maintain your logged-in state during a session. These cannot be disabled without breaking core platform functionality.
16.2 Analytics Cookies
We may use optional analytics cookies to understand how visitors use our website and platform in aggregate. These are only set with your consent, which you can provide or withdraw at any time through your browser or cookie settings.
16.3 No Advertising Cookies
We do not use advertising, retargeting, or third-party tracking cookies. Zimpl does not serve advertising, and we do not share data with advertising networks.
16.4 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies will affect the functionality of the platform. Instructions for managing cookies are available from your browser's help documentation.
17. Your Rights
Depending on your location and applicable data protection laws, you may have some or all of the following rights in relation to your personal data:
- Access: The right to request a copy of the personal data we hold about you
- Rectification: The right to request correction of inaccurate or incomplete personal data
- Erasure: The right to request deletion of your personal data, subject to our legal obligations to retain certain records
- Restriction: The right to request that we limit how we process your data in certain circumstances
- Portability: The right to receive your data in a structured, machine-readable format and to transfer it to another service
- Objection: The right to object to processing based on legitimate interests, including for direct marketing purposes
- Withdrawal of consent: Where processing is based on consent, the right to withdraw that consent at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us at hello@zimpl.app. We will respond within a reasonable timeframe and in accordance with applicable law. We may need to verify your identity before fulfilling certain requests.
If you believe your rights have not been respected, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.
18. Children's Privacy
Zimpl is a business platform intended solely for use by adults operating in a professional capacity. We do not knowingly collect or process personal data relating to children under the age of 18. If you believe a child's data has been submitted to the platform in error, please contact us immediately at hello@zimpl.app and we will take appropriate action.
19. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the platform, applicable law, or our data practices. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify active account holders by email where the changes are significant
- Where required by law, seek fresh consent before implementing material changes to how we process your data
We encourage you to review this policy periodically. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.
20. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your data, please contact us at hello@zimpl.app
We aim to respond to all privacy-related enquiries within 10 business days.