Privacy Notice – Zeeks Consent & Compliance Management Platform
Zeeks respects your privacy and is committed to protecting personal data processed through the Zeeks Consent & Compliance Management Platform (the "Platform" or "Services"). This Privacy Policy explains how personal data is collected, used, disclosed, stored, and protected, and the rights available to individuals whose data is processed using the Platform.
This Policy applies to the different ways you may interact with Zeeks, including:
This Policy does not replace a Customer's own privacy notice. Customers are responsible for informing their End Users about the purposes and means of processing, the lawful basis relied upon, the retention practices, and the rights mechanisms applicable to End Users under relevant laws.
Zeeks Technologies LLP is a consent and compliance management platform provider that helps organizations manage consent lifecycle, privacy compliance, audit readiness, and supporting workflows under applicable laws such as India's Digital Personal Data Protection Act, 2023 ("DPDPA"), and where relevant, other global privacy laws.
Depending on the context, Zeeks may act either as a Data Processor or as a Data Fiduciary/Controller.
Zeeks processes personal data on behalf of Customers as part of delivering the Platform (for example, storing and retrieving consent records, powering consent banners/forms configured by the Customer, enabling revocation workflows, and maintaining audit logs required by the Customer). In such cases, Customers determine the purposes and means of processing and Zeeks processes the data only on documented instructions (such as contractual terms, Platform configuration, and API instructions).
Zeeks processes limited personal data for operating the Platform itself (such as account administration, authentication, security monitoring, service communications, billing coordination, and improving core platform reliability and security).
Zeeks may collect and process the following categories of personal data, depending on your relationship with Zeeks and how you use the Services:
This may include your name, work email address, organization name, role and access level, and authentication-related data (for example, credentials stored securely using industry-standard methods).
Where Zeeks is used to collect or manage consent, we may process data such as consent status (given/withdrawn/modified), purposes selected, time and date (timestamp), consent source (web/app), website or application identifier, and limited technical attributes needed to maintain an auditable consent record, such as IP address and device/browser metadata.
We may collect technical information such as IP address, device type, browser type and version, operating system, session logs, and security logs required to protect the Platform and maintain service availability.
We may collect information about how Users interact with the Platform, including feature usage, configuration changes, administrative actions, access logs, and audit records used for compliance evidence and security monitoring.
If you interact with our support or onboarding teams, we may process support tickets, email communications, call notes, feedback, and troubleshooting information.
Zeeks does not intentionally collect sensitive personal data unless explicitly configured by Customers for lawful compliance purposes. Customers are responsible for ensuring that any data they choose to collect through the Platform is lawful, necessary, and appropriately disclosed to End Users.
Zeeks collects personal data through:
Our collection is purpose-bound and aligned to this Policy.
Zeeks processes personal data only for legitimate and specified purposes, which may include:
Zeeks does not use Customer Data for advertising-based profiling of End Users.
Depending on the context and applicable law, Zeeks processes personal data on one or more of the following grounds:
Where processing is based on consent, consent can be withdrawn at any time, without affecting the lawfulness of processing carried out before withdrawal.
Zeeks enables Customers to implement a compliant and auditable consent framework, including:
Customers decide what purposes are shown, what data is collected, and how consent outcomes affect processing within the Customer's systems. Zeeks provides the technology layer to capture and maintain the consent record and configured workflows.
Zeeks uses essential cookies required for secure login, session management, and Platform stability and security. We do not use third-party advertising cookies on the Platform by default.
For Customer websites/apps using Zeeks consent mechanisms, Customers control what cookie categories and preferences are presented to End Users. Zeeks operates those mechanisms based on Customer configuration and applicable legal requirements.
Zeeks does not sell, rent, or trade personal data. We may disclose or share personal data only in limited situations, including:
We aim to disclose only the minimum necessary data for the relevant purpose.
Zeeks may engage sub-processors to help provide the Services (for example, cloud infrastructure, monitoring, transactional email, and support tools). Sub-processors are contractually bound to protect data and to process it only for providing services to Zeeks. A list of relevant sub-processors can be shared upon request depending on your deployment and configuration.
Zeeks stores data in secure environments. Personal data is retained only as long as necessary for the purposes described in this Policy, including compliance and audit requirements.
For Customer Data, retention is generally governed by Customer configuration and contractual commitments. Upon termination or expiry of Services, data may be returned or deleted in accordance with the applicable contract and law, subject to limited retention required for legal compliance, dispute resolution, and security logging.
Zeeks implements reasonable technical and organizational measures aligned with industry practices to protect personal data, including encryption in transit and at rest (where applicable), role-based access controls, secure authentication mechanisms, audit trails, and logging/monitoring. While no system can be guaranteed to be 100% secure, we continuously work to protect the confidentiality, integrity, and availability of data processed through our Services.
Where personal data is transferred or stored outside India (for example, for service delivery, reliability, or disaster recovery), Zeeks implements appropriate contractual and technical safeguards and ensures that protections are not diluted by such transfers, subject to applicable legal requirements.
Where permitted by law, Zeeks may create and use anonymized and/or aggregated data for analytics, benchmarking, service improvement, and security insights, provided such data does not identify an individual.
Zeeks may use automation or AI-assisted capabilities to enhance the Services (for example, improving workflows, detecting anomalies, and supporting compliance operations). Where such features process Customer Data, they do so under Customer instructions and with appropriate safeguards. Zeeks does not intentionally use Customer Data to train external third-party models outside the agreed scope of Services.
Subject to applicable law, you may have rights such as:
If you are an End User whose data is collected through a Customer's website/app, you should typically contact that Customer to exercise your rights because the Customer controls the purposes and means of processing. Zeeks will support Customers in fulfilling rights requests as required under contract and applicable law.
We may disclose personal data if required to comply with applicable law or lawful legal processes (such as court orders), or where necessary to protect the safety and security of Zeeks, our Customers, Users, or others; investigate fraud or security incidents; or establish, exercise, or defend legal claims and enforce agreements.
The Services are intended for business and organizational use. Zeeks does not knowingly collect personal data of children unless a Customer configures a lawful use case and implements appropriate notice and consent mechanisms as required by applicable law.
We may update this Policy from time to time. When we make material changes, we will update the "Last Updated" date and may notify Customers and Users via email or in-platform notice. Continued use of the Services after such updates constitutes acceptance of the updated Policy.
If you have any questions, concerns, or requests related to this Policy or personal data processing, you may contact:
We will respond within reasonable timelines as required under applicable law and contractual commitments.