Privacy Policy

Last updated: November 4, 2025

Introduction

Welcome to ZapItDone. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our checklist management service.

Information We Collect

Information you provide

  • Account information: Name, email address, company name
  • Checklist data: Checklists, tasks, client information, deadlines
  • Client portal data: Information you share with clients
  • Payment information: Processed securely through LemonSqueezy

Automatically collected information

  • Usage data: Features used, time spent, interactions
  • Device information: IP address, browser type, operating system
  • Log data: Access times, pages viewed, actions taken
  • Cookies: Essential cookies for authentication

Third-party integrations

  • Google Drive: Access tokens with your permission
  • Slack: Webhook URLs with your permission
  • OAuth: Profile information from Google

How We Use Your Information

  • Provide, maintain, and improve our service
  • Process transactions and send related information
  • Send administrative updates and security alerts
  • Respond to support requests
  • Monitor usage and improve user experience
  • Detect and prevent security threats
  • Comply with legal obligations

Data Sharing and Disclosure

We do not sell your personal data.

We share information with:

  • Service providers: LemonSqueezy, hosting providers, email services
  • Your team: Users within your organization as configured
  • Your clients: Information you explicitly share via portals
  • Legal requirements: When required by law

Data Security

We implement industry-standard security measures:

  • Encryption in transit: HTTPS/TLS for all connections
  • Encryption at rest: AES-256-GCM for sensitive data
  • Secure authentication: Password hashing with scrypt
  • Access controls: Role-based permissions
  • Audit logging: Security event tracking

No method of transmission over the Internet is 100% secure.

Your Rights

European users (GDPR)

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion ("right to be forgotten")
  • Portability: Receive data in machine-readable format
  • Object: Object to data processing

California users (CCPA)

  • Know what personal information is collected
  • Know if information is sold or disclosed (we don't sell)
  • Request deletion of personal information
  • Equal service regardless of privacy rights exercised

Exercising your rights

Contact privacy@zapitdone.com

We respond within 30 days (GDPR) or 45 days (CCPA)

Data Retention

  • Active accounts: Retained while account is active
  • Deleted accounts: Permanently deleted within 90 days
  • Backups: May retain in backups for up to 30 days
  • Audit logs: Retained for 1 year for compliance

Contact Us

Email: privacy@zapitdone.com

Data Protection Officer: dpo@zapitdone.com