ZenAPI
EU Data Protection

GDPR Compliance Notice

How we comply with the General Data Protection Regulation.

Last updated: February 13, 2026

1. Our Commitment to GDPR

ZenAPI is committed to complying with the General Data Protection Regulation (GDPR) and protecting the rights of individuals in the European Economic Area (EEA), United Kingdom, and Switzerland.

This notice supplements our Privacy Policy and explains how we comply with GDPR requirements when processing personal data of EU residents.

2. Legal Basis for Processing

We process personal data under the following legal bases:

Contractual Necessity

Processing necessary to perform our contract with you (providing the API service, account management, billing).

Legitimate Interest

Processing necessary for our legitimate interests (fraud prevention, security, service improvement) that don't override your rights.

Legal Obligation

Processing necessary to comply with legal requirements (tax laws, anti-money laundering regulations).

Consent

Processing based on your explicit consent (marketing communications, optional features). You may withdraw consent at any time.

3. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access:Request a copy of your personal data we hold
Right to Rectification:Correct inaccurate or incomplete data
Right to Erasure:Request deletion of your personal data ("right to be forgotten")
Right to Restriction:Limit how we process your data
Right to Data Portability:Receive your data in a structured, machine-readable format
Right to Object:Object to processing based on legitimate interests
Right to Withdraw Consent:Withdraw consent for processing at any time
Right to Lodge a Complaint:File a complaint with your local supervisory authority

To exercise any of these rights, contact us at gdpr@zenapi.io. We will respond within 30 days.

4. International Data Transfers

We transfer personal data outside the EEA to provide our services. We ensure adequate protection through:

  • Standard Contractual Clauses: EU Commission-approved clauses with all data processors
  • Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
  • Additional Safeguards: Encryption, access controls, and security measures

5. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee GDPR compliance and handle data protection matters.

Data Protection Officer

Email: dpo@zenapi.io

Address: 123 Infrastructure Ave, San Francisco, CA 94105

6. Data Breach Notification

In the event of a personal data breach that is likely to result in high risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Provide information about the nature of the breach
  • Describe measures taken to address the breach

7. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you without human intervention.

8. Data Protection by Design

We implement data protection principles in our system design:

  • Data Minimization: We collect only necessary data
  • Privacy by Default: Strictest privacy settings applied automatically
  • Pseudonymization: Technical measures to separate identity from data
  • Security Measures: Encryption, access controls, regular audits

9. Supervisory Authority

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with your local supervisory authority:

Irish Data Protection Commission

Website: www.dataprotection.ie

(Our lead supervisory authority in the EU)

10. Contact for GDPR Matters

For any GDPR-related questions or to exercise your rights:

GDPR Contact Information

Email: gdpr@zenapi.io

DPO Email: dpo@zenapi.io

Address: 123 Infrastructure Ave, San Francisco, CA 94105

Terms and ConditionsPrivacy PolicyData Processing Agreement