Zenkit and GDPR Legislation

At Zenkit, we care deeply about protecting the personal data of our users. We only collect and store information that is necessary to offer our service, and we do this with the consent of our users. Our approach towards privacy, security, and data protection aligns with the goals of the European Union’s GDPR regulation, and we’ve taken measures to ensure that we are fully compliant.

About the GDPR

GDPR stands for the General Data Protection Regulation. It is the European Union’s (EU’s) in 2016 released regulation that safeguards the personal data of individuals in the EU, as well as the export of personal data abroad.

The GDPR gives EU residents greater control over how any organization worldwide collects, processes, stores, and shares their personal data. Personal data is broadly defined in the regulations, but in general it can be thought of as any data that can be used to personally identify an individual. It applies to any organization that processes EU citizens’ personal data, regardless of the organization’s location.

The regulation encompasses the steps to be taken in all areas of protecting an individual’s privacy, including setting up security mechanisms, compliance, and repercussions. Failure to comply with the GDPR incurs a heavy fine for the non-compliant organization.

To learn more about the GDPR and how you may be affected, please feel free to read the following articles from our blog:

Zenkit and the GDPR
The GDPR explained
How to ensure GDPR compliance
Your GDPR compliance checklist

Our Stance on Privacy and the GDPR

Here at Zenkit, we strongly support data privacy legislation because we believe that strong privacy practices are good for our customers, and thus good for us. We are fully committed to the protection of our users’ data.

Our servers are located in Germany, which means that we need to meet not only the GDPR but also the European Data Protection Directives, as well as the German Federal Data Protection Act. This has set us up in good stead to meet GDPR compliance.

We will do our best to support your GDPR compliance efforts by providing information about the data that Zenkit collects, transmits, and stores for your account. That being said, we are unable to offer legal advice pertaining to how you or your organization achieve compliance.

Please read our app privacy policy and web privacy policy to learn more.

What We’re Doing to Comply

Just like any other software company with users and customers based inside the EU, we implemented a compliance strategy leading up to May 25th, 2018. Our data privacy practices are now in compliance with the GDPR.

We understand that our customers have GDPR requirements that are directly affected by their use of Zenkit and to that effect we worked hard with everyone on our team to ensure that, to the extent Zenkit directly collects the personal data of EU residents, it is GDPR compliant. Here are some of the steps we’ve taken:

  • Committed to upholding the security and privacy measures required by the GDPR.
  • Committed to appropriate data transfer mechanisms when transferring data outside to the EU.
  • Ensured that any subprocessors or third-party services to which we transfer our users’ data uphold the security and privacy measures required by the GDPR.
  • Ensured that all of our staff are appropriately educated about the proper handling of personal data.
  • Ensured that staff who have access to, and process, our user’s personal data are bound to maintain the confidentiality and security of that data.
  • Committed to notifying the appropriate regulators in the case of personal data breaches, and ensuring our users are informed of such breaches promptly.
  • Created awareness within the company regarding the Privacy by Default and Privacy by Design principles for ongoing development.
  • Hired a Data Protection Officer to oversee our data practices and offer advice.


Does Zenkit Process Personal Data?

Yes, we process some personal data to provide the Zenkit service. To learn more about the data we process, please read our Privacy Policy and Terms of Service.

Data you enter into Zenkit when using the platform is stored and processed exclusively in the EU and never transferred outside of it. However, some optional services occasionally require personal data to be transferred outside of the EU, such as your email address. Additionally, some employees or contractors may need to access data stored in the EU from a non-EU country for technical or support reasons. We commit to ensuring that such transfers are compliant with all applicable data transfer laws, including the GDPR.

If you would like more information about our privacy practices, please feel free to contact us at privacy@zenkit.com.

Where Does Zenkit Send User Data?

The Zenkit service is used by customers around the world. We follow common practices used by SaaS software to provide that service.
For example, Zenkit data is stored in Amazon Web Services (AWS) data centers located in Frankfurt, Germany (RDS & S3, contractual partner AWS Luxembourg. Learn about their privacy practices here). Backups of your data are created regularly and are also stored in a separate AWS server in Germany. We send periodic email updates and tips via our newsletter using Brevo (learn about their privacy practices here).

We have taken steps to ensure that each of our service providers are GDPR compliant, and have signed a Data Processing Agreement (DPA) with each of them.

What User Data Does Zenkit Collect?

You can find and download all data we store about you from your Zenkit profile, under ‘Your privacy rights’.

Can I Exercise My Privacy Rights?

Yes, you can find an option to exercise your rights in your Zenkit profile under ‘Your privacy rights’. Please read the following to learn how your requests to exercise your rights are handled.

How Can I Remove All of My Data from Zenkit?

As a Zenkit user, you have the right to be forgotten. You can permanently remove all of your data from Zenkit by deleting your account. Learn more about how to delete your account in our documentation.

All of your collections will immediately be deleted upon confirmation. Where total deletion is not possible (for example, in the case of comments on existing collections), personal data will be anonymized.

Data that we are required by law to keep for a certain period of time, such as invoices or offers, will be properly disposed of once the retention period is over.

Can I Access My Data?

Yes. As a Zenkit user, you have the right to request access to all data we have stored about you. You may request a copy of your purchase history and any other personal information we have about you. To request this information, please contact privacy@zenkit.com. We will respond to your request within the one-month response time.

Can I Transfer My Data to Another Provider?

Yes, you have the right to transfer. To do so, please export your collections as CSV files using the CSV export function. Please note that this will not delete your data.

Can I Sign a DPA with Zenkit?

Yes. If you would like to sign a DPA with Zenkit, please contact privacy@zenkit.com with the name and email address of the person in your organization authorized to sign. DPAs are currently available only to Plus subscribers.

Note: We will continue to update this page as information and practices evolve.