Legal
Privacy Policy
Last updated: 2 June 2026 · Applies to all ZifyWMS services
1. Introduction
ZifyWMS Ltd ("ZifyWMS", "we", "us", "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with the ZifyWMS platform and website.
ZifyWMS Ltd is registered in England and Wales and acts as a data controller in respect of personal data collected via our website and marketing activities, and as a data processor in respect of personal data submitted by customers through the platform.
This policy applies to all individuals whose personal data we process, including:
- Visitors to our website (zifywms.io)
- Prospective customers who contact us or request a demo
- Customer account administrators and users
- Individuals whose data is submitted to the platform by our customers
This Privacy Policy was last updated on 2 June 2026.
2. Personal Data We Collect
We collect personal data in the following ways:
**2.1 Data you provide directly**
- Name, job title, email address, and phone number when you complete our contact form or request a demo
- Company name, business type, and number of locations provided in sales enquiries
- Account credentials and profile information when you create a ZifyWMS account
- Payment and billing information processed through our secure payment provider
**2.2 Data collected automatically**
- IP address, browser type, operating system, and device identifiers when you visit our website
- Pages visited, time on page, referring URLs, and navigation patterns via our analytics tools
- Session data and error logs generated by your use of the platform
**2.3 Data submitted through the platform**
When customers use ZifyWMS to manage their warehouse operations, they may submit data about their own employees, retail account contacts, and other individuals to the platform. ZifyWMS processes this data as a data processor on the customer's behalf.
**2.4 Data from third parties**
We may receive limited personal data from partners, referral sources, and publicly available business directories in connection with our sales and marketing activities.
3. Lawful Basis for Processing
We process personal data on the following lawful bases:
**Contractual necessity:** We process account administrator and user data to provide the Service as contracted. This includes account management, authentication, billing, and support.
**Legitimate interests:** We process visitor and prospect data for our legitimate interests in marketing our services, improving our website, and developing our product. We have assessed that these legitimate interests are not overridden by individuals' rights.
**Consent:** Where we send marketing communications to individuals who are not existing customers, we do so only with explicit consent. You may withdraw consent at any time by using the unsubscribe link in any marketing email or by contacting us at privacy@zifywms.io.
**Legal obligation:** We retain certain financial and transactional records as required by UK tax and accounting laws.
For customer data processed through the platform (where ZifyWMS acts as data processor), the customer is the data controller and determines the lawful basis for processing.
4. How We Use Personal Data
We use personal data for the following purposes:
**Service delivery:** Providing, maintaining, and improving the ZifyWMS platform; authenticating users; processing orders and payments; providing customer support.
**Communications:** Sending service-related notifications (including product updates, maintenance windows, and security alerts); responding to support requests and enquiries; sending marketing communications where consent has been given or legitimate interests apply.
**Analytics and improvement:** Analysing usage patterns to improve the platform; identifying bugs and performance issues; conducting user research.
**Security:** Detecting and preventing fraud, abuse, and security incidents; maintaining audit logs; enforcing our Terms and Conditions.
**Legal compliance:** Meeting our obligations under applicable law, including tax, accounting, and data protection regulations.
We do not sell personal data to third parties. We do not use personal data for automated decision-making that produces legal or similarly significant effects without human oversight.
5. Data Sharing
We share personal data with third parties only in the following circumstances:
**Service providers:** We engage trusted third-party service providers to support our operations, including cloud hosting providers, payment processors, email delivery services, and analytics platforms. These providers are contractually bound to process data only on our instructions and in compliance with applicable data protection law.
**Key sub-processors include:**
- Cloud infrastructure: AWS (EU regions) and Google Cloud (EU regions)
- Payment processing: Stripe (PCI-DSS compliant)
- Email delivery: Postmark
- Analytics: Plausible Analytics (privacy-preserving, no cross-site tracking)
**Legal requirements:** We will disclose personal data where required by law, court order, or regulatory authority, or where we believe in good faith that disclosure is necessary to protect our legal rights or the safety of others.
**Business transfers:** In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections set out in this policy.
We do not transfer personal data outside the UK or European Economic Area except where adequate safeguards are in place (such as Standard Contractual Clauses) and where such transfers are necessary to provide the Service.
6. Data Retention
We retain personal data for no longer than necessary for the purposes for which it was collected, subject to legal retention requirements.
**Account and platform data:** Retained for the duration of the subscription and for 90 days following termination, after which it is permanently deleted. Customers may request an export of their data at any time during this period.
**Financial and transactional records:** Retained for 7 years in accordance with UK financial record-keeping requirements.
**Marketing enquiry data:** Retained for 2 years from the date of last contact, or until consent is withdrawn, whichever is earlier.
**Website analytics data:** Retained in anonymised, aggregated form without time limit. IP addresses are not retained beyond the current session.
**Support correspondence:** Retained for 3 years from the date of resolution.
We regularly review our data holdings and delete personal data that is no longer required.
7. Your Rights
Under UK GDPR and, where applicable, EU GDPR, you have the following rights in respect of your personal data:
**Right of access:** You may request a copy of the personal data we hold about you (a "Subject Access Request"). We will respond within one calendar month.
**Right to rectification:** You may request that inaccurate or incomplete personal data be corrected.
**Right to erasure:** You may request that your personal data be deleted in certain circumstances, including where it is no longer necessary for the purpose for which it was collected.
**Right to restrict processing:** You may request that we restrict the processing of your personal data in certain circumstances.
**Right to data portability:** Where processing is based on consent or contractual necessity, you may request that your data be provided to you in a machine-readable format.
**Right to object:** You may object to processing based on legitimate interests, including for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.
**Rights in relation to automated decision-making:** You have the right not to be subject to decisions based solely on automated processing that produce significant effects.
To exercise any of these rights, please contact us at privacy@zifywms.io. We will verify your identity before processing any request. There is no charge for exercising these rights in most circumstances.
If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Security
We implement and maintain appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, destruction, or accidental loss.
Our security measures include:
- Encryption of all data in transit using TLS 1.2 or higher
- Encryption of data at rest using AES-256
- Role-based access controls with principle of least privilege
- Multi-factor authentication for all staff with access to production systems
- Regular penetration testing and vulnerability assessments
- Comprehensive audit logging of all data access events
- ISO 27001-aligned information security management practices
- Incident response procedures with defined notification timelines
In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where the breach is likely to result in a high risk.
No system is completely secure. If you believe your data has been compromised, please contact security@zifywms.io immediately.
10. Third-Party Links
Our website and platform may contain links to third-party websites and services. This Privacy Policy applies only to ZifyWMS's own websites and services.
We are not responsible for the privacy practices of third-party sites and encourage you to review the privacy policies of any third-party sites you visit. Links to third-party sites do not constitute endorsement by ZifyWMS.
11. Children's Privacy
The ZifyWMS Service is not directed at children under the age of 18. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected personal data from a child under 18 without verified parental consent, we will take steps to delete that data.
If you believe we have inadvertently collected personal data from a child, please contact us at privacy@zifywms.io.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
We will notify you of material changes by:
- Emailing account administrators at least 30 days before the changes take effect
- Displaying a prominent notice on the ZifyWMS website and platform
Your continued use of our Service after the effective date of any changes constitutes your acceptance of the updated policy.
Previous versions of this Privacy Policy are available on request.
13. Contact & DPO
For any questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please contact:
**Data Protection Officer**
ZifyWMS Ltd
12 Warehouse Lane
London, EC1A 1BB
United Kingdom
Email: dpo@zifywms.io
General privacy enquiries: privacy@zifywms.io
We aim to respond to all enquiries within 5 business days.
You may also lodge a complaint with the UK Information Commissioner's Office:
Website: ico.org.uk
Telephone: 0303 123 1113
