Data Processing Addendum (DPA)
Effective: 2025
Our DPA describes how Zact processes personal data on behalf of customers when providing the Service, including roles (controller/processor), security measures, subprocessor disclosures, and cross‑border transfers. The signed PDF is the canonical version.
Download: Zact-DPA.pdf
Subprocessors: View list (also available as JSON and CSV).
Need a signed copy? Email legal@usezact.com.
1. Scope
The DPA applies when Zact processes personal data as a processor on behalf of a customer (the controller) to provide the Service. This typically includes processing meeting metadata and any content the customer authorizes Zact to access via integrations.
2. Integrations & permissions
Customers control which integrations are connected and what permissions (OAuth scopes) are granted. Connected third‑party services may include Google Calendar/Drive/Docs, Notion, Asana/Jira, Slack, and other workspace tools. The DPA governs Zact’s processing of personal data obtained through these integrations for the purpose of providing the Service.
3. Security measures
We maintain technical and organizational measures designed to protect customer data (e.g., encryption in transit and at rest, access controls, monitoring, and incident response). For a plain‑language overview, see Security.
4. Contact
Questions about the DPA? Email legal@usezact.com.