ZipFields

Privacy Policy

Universal Edition — Applies to all users in all jurisdictions

Effective Date: March 29, 2026

This Privacy Policy is written in plain English. It tells you exactly what personal information we collect, why we collect it, how we use it, who we share it with, and how we protect it. Wherever you are, your rights are protected.

1. Our Commitment to Your Privacy

At ZipFields, we take your privacy seriously. You are trusting us with some of your most sensitive personal information — government ID numbers, health information, banking details — and we do not take that lightly.

ZipFields is designed and operated to comply with the highest applicable privacy standards, including Canada's PIPEDA, Quebec's Law 25, and the California Consumer Privacy Act (CCPA/CPRA). If you are located somewhere with a stricter standard, contact us and we will work with you.

2. What Personal Information We Collect

Information You Provide Directly

  • Full legal name, date of birth, and marital status
  • Home address, postal code, city, province or state, and country
  • Driver's licence number and expiry date
  • Health card or equivalent government health identifier and expiry date
  • Government drug benefit program numbers
  • Social Insurance Number (SIN) or Social Security Number (SSN)
  • Passport number and expiry date
  • Banking information (institution number, transit number, account number)
  • Vehicle information (make, model, trim, year)
  • Number of dependants or children
  • Photos or scans of identity documents (used for AI-assisted data entry only)
  • Email address and account password (stored encrypted — we cannot read your password)

Information We Collect Automatically

  • Your IP address and general geographic location (city/region level only)
  • Browser type and device information
  • Pages visited and features used within the platform
  • Date and time of access
  • The date, time, and IP address at which you agreed to these Terms — for consent verification

3. Why We Collect This Information — Our Legal Basis

  • Consent: For the majority of our data uses, we rely on your explicit consent given at registration. You may withdraw consent at any time.
  • Contract: We process certain data as necessary to provide the services you signed up for.
  • Legal Obligation: We may retain or disclose certain data where required by applicable law.
  • Legitimate Interests: We process minimal data for platform security and fraud prevention.

4. How We Use Your Information — Complete Disclosure

The following is a complete list of every way we use your personal information. We will never use your information in any way not described here without updating this Policy and notifying you.

4a. Free Form Population

We use your stored data to automatically populate government and official forms on your behalf. This is our core service.

4b. Business Access — Always Requires Your Approval

When a registered business requests access to your profile data, you receive a notification and must explicitly approve that specific request before any data is shared.

4c. Aggregate and Anonymized Data

We may produce and share statistical insights that cannot identify any individual. No personal information is included in these outputs.

4d. Targeted Lead Generation

With your consent, we may allow businesses to reach users matching certain anonymized profile characteristics. You will always be notified first and may opt out at any time.

4e. Affiliate and Referral Partnerships

ZipFields may earn a referral fee when you click on a clearly identified partner offer and complete a transaction.

4f. ZipFields Profile Match

We may confirm to a business that a user's self-reported information is internally consistent across multiple documents in their profile. This is not verification against government databases.

4g. Triggered Marketing

With your consent, when a time-sensitive event occurs in your profile such as a document expiry, we may alert relevant businesses. You may opt out at any time.

4h. Government and Non-Profit Partnerships

ZipFields may partner with government agencies or non-profit organizations to assist with form completion services.

4i. Financial Pre-Qualification

With your explicit consent, we may share your self-reported profile information with financial institutions to help pre-qualify you for financial products.

4j. API Access

Businesses may access ZipFields data through our API. The same consent requirements apply regardless of the technical method of access.

4k. Platform Security and Fraud Prevention

We use IP addresses, device information, and access logs to detect and prevent unauthorized access and abuse of our platform.

5. What We Will Never Do

These are absolute commitments. No exceptions.
  • We will never sell your raw personal data directly to any third party without your explicit, specific consent.
  • We will never share your data with any business that has not been properly registered and approved on our platform.
  • We will never use your data in any way not described in this Privacy Policy without updating this Policy and notifying you directly by email.
  • We will never deny you service or treat you differently because you exercised your privacy rights.

6. Sensitive Personal Information

ZipFields collects highly sensitive information including government ID numbers, health information, and financial account details. We treat this with the highest level of care:

  • Encrypted at rest and in transit using industry-standard encryption
  • Accessible only by you, or by businesses you have explicitly approved
  • Never used for any purpose beyond what is described in this Privacy Policy
  • Never stored in plain text
  • Access within our organization is strictly limited on a need-to-know basis

7. How We Protect Your Information

ZipFields protects your data using enterprise-level security standards. Your information is encrypted, securely stored, and continuously monitored.

  • TLS/HTTPS encryption for all data in transit
  • Encryption of all sensitive data at rest
  • Secure authentication with email verification
  • Strict internal access controls
  • Continuous infrastructure monitoring

In the event of a data breach affecting your personal information, we will notify you promptly as required by applicable law — and no later than 72 hours after becoming aware of the breach where required by law.

For full details on our security practices, please see our Security Policy.

8. Third-Party Service Providers

ZipFields uses the following third-party service providers to operate our platform. Each provider is bound by their own privacy and security commitments and is used solely to deliver our service to you.

  • Supabase — Database hosting, authentication, and secure data storage. Data is stored in servers located in the United States. Supabase is SOC 2 Type 2 compliant.
  • Vercel — Application hosting and content delivery. Servers are located in the United States and Canada.
  • Stripe — Payment processing for paid subscription plans. ZipFields does not store your payment card information. Stripe is PCI DSS Level 1 certified.
  • Anthropic — AI-assisted data entry from document scans. Document images are processed transiently and are not retained by Anthropic for training purposes under our usage agreement.

We do not share your personal information with any third party beyond what is described above and in Section 4.

9. Data Residency

ZipFields is incorporated in Ontario, Canada. Your data is stored and processed on servers located in the United States and Canada through our infrastructure providers Supabase and Vercel. By using ZipFields, you consent to this cross-border transfer in accordance with applicable law, including PIPEDA's requirements for equivalent protection. If you have specific data residency requirements, please contact us at hello@zipfields.com.

10. Data Retention

We retain your personal information for as long as your account is active. If you delete your account, we will delete or permanently anonymize your personal information within 30 days, except where required by law.

11. Cookies and Tracking

ZipFields uses cookies to keep you logged in and remember your preferences. We do not use cookies to track your activity on other websites. We do not engage in cross-context behavioral advertising or share your information with advertising networks or data brokers.

12. Your Privacy Rights — Universal

ZipFields recognizes and will honor the following rights for all users, regardless of location:

  • Right to Know: Request details about what personal information we hold and how it is used.
  • Right to Access: Receive a copy of your personal information in a readable format.
  • Right to Correct: Request correction of any inaccurate information.
  • Right to Delete: Request deletion of your account and all personal data within 30 days.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Withdraw Consent: Withdraw consent for any specific use at any time without penalty.
  • Right to Opt Out: Opt out of the sale or sharing of your personal information at any time.
  • Right to Non-Discrimination: We will never treat you differently for exercising your privacy rights.
  • Right to an Authorized Agent: Designate an authorized agent to make privacy requests on your behalf.

Contact us at hello@zipfields.com. We will respond within 30 days, free of charge.

13. International Data Transfers

ZipFields is based in Ontario, Canada. If you are accessing ZipFields from outside Canada, your information may be transferred to and stored in Canada and the United States. By using ZipFields, you consent to this transfer in accordance with this Policy.

14. Children's Privacy

ZipFields is not intended for use by anyone under the age of 18 without verifiable parental or guardian consent. If you believe a minor has created an account without the required consent, contact us at hello@zipfields.com and we will delete the account promptly.

15. California Residents — Additional Rights

If you are a California resident, all rights in Section 12 apply to you under CCPA/CPRA. In addition:

  • You may opt out of the sale or sharing of your personal information by clicking "Do Not Sell or Share My Personal Information" in the footer of our website, or by contacting us at hello@zipfields.com.
  • We will respond to verifiable consumer requests within 45 days.
  • We have not sold personal information in the past 12 months and will not do so without explicit consent.

16. Quebec Residents — Additional Rights

If you are a Quebec resident, all rights in Section 12 apply to you under Law 25. In addition:

  • You have the right to be informed of any automated decision-making that produces significant effects on you.
  • You have the right to request that automated decisions be reviewed by a person.
  • ZipFields conducts Privacy Impact Assessments before implementing new data processing activities affecting Quebec residents.
  • You may communicate with us in French at any time by contacting hello@zipfields.com.

17. Changes to This Policy

If we make a material change, we will notify you by email at least 30 days before the change takes effect and display a prominent notice on your dashboard.

18. Contact Our Privacy Officer

ZipFields Privacy Officer

Email: hello@zipfields.com

Website: www.zipfields.com

Last updated: April 8, 2026 — ZipFields Privacy Policy — Universal Edition