General Terms and Conditions – effective August 25, 2017
General Terms and Conditions – effective October 2016
General Terms and Conditions – effective August 15, 2016
General Terms and Conditions – effective January 1, 2015
Free Trial/Proof of Concept Terms and Conditions – effective August 2016
Please contact us at firstname.lastname@example.org or call 1-877-586-5682.
Last Updated: November 1, 2016
Responsible Disclosure Policy
Zinc aims to keep its Service safe for everyone, and data security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in the Service, we appreciate your help in disclosing it to us in a responsible manner.
Zinc will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against or suspend or terminate access to the Service of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy.Zinc reserves all of its legal rights in the event of any noncompliance.
You may test only against an Account for which you are the Account owner or an Agent authorized by the Account owner to conduct such testing. In no event are you permitted to access, download or modify data residing in any other Account or that does not belong to you. You are also prohibited from:
- Executing or attempting to execute any Denial of Service attack;
- Knowingly posting transmitting, uploading, linking to, sending or storing any Malicious Software;
- Testing in a manner that would result in the sending unsolicited or unauthorized junk mail, spam, pyramid schemes or other forms of duplicative or unsolicited messages;
- Testing in a manner that would degrade the operation of the Service;
- Testing or otherwise accessing or using the Service from any jurisdiction that is a Prohibited Jurisdiction; or
- Testing third-party applications or websites or services that integrate with or link to the Service.
Share the details of any suspected vulnerabilities with the Zinc Security Team by sending an email to email@example.com or submitting a report on our HackerOne page. Please do not publicly disclose these details without express written consent from Zinc. In reporting suspected vulnerabilities, please include vulnerability details with information to allow us to efficiently reproduce your steps.
If you identify a verified security vulnerability in compliance with this Responsible Disclosure Policy, Zinc commits to:
- Promptly acknowledge receipt of your vulnerability report
- Provide an estimated timetable for resolution of the vulnerability
- Notify you when the vulnerability is fixed
- Publicly acknowledge your responsible disclosure (If submitted via HackerOne)
Vulnerabilities submitted through HackerOne are eligible for a monetary bounty. Bounties are awarded at the sole discretion of the Zinc Security Team.
- Our minimum reward is $50 USD.
- There is no maximum reward: each bug is awarded a bounty based on its severity and creativity.
- Only one bounty per security bug will be awarded.
- If we receive multiple reports for the same vulnerability, only the person offering the first clear report will receive a reward.
To be eligible for a bounty, our engineers must be able to reproduce the security flaw from your report. Reports that are too vague or unclear are not eligible for a reward. Reports that include clearly written explanations and working code are more likely to garner rewards. We are most interested in vulnerabilities with the Zinc mobile and desktop applications, our web app (zinc-app.com), our admin console (admin.zinc.it) or API endpoints (api.zinc.it). Other subdomains of Zinc are generally not eligible for rewards unless the reported vulnerability somehow affects the Zinc application or Zinc customer data.
Examples of non-qualifying vulnerabilities
- Denial of Service vulnerabilities (DOS)
- Possibilities to send malicious links to people you know
- Security bugs in third-party websites that integrate with Zinc
- Mixed-content scripts, insecure cookies or HTTP headers on www.zinc.it
- Social engineering, phishing, or physical attacks
- Vulnerabilities that require a potential victim to install non-standard software or otherwise take active steps to make themselves be susceptible
To receive a reward, you must reside in a country not on sanctions lists (e.g., Cuba, Iran, North Korea, Sudan & Syria). This is a discretionary program and Zinc reserves the right to cancel the program; the decision whether or not to pay a reward is at our discretion.
Zinc may be used by any individual with an organizational email address, such as one issued by a company, school or other governmental or non-governmental organization. Users who register with their organizational email address will become members of the corresponding Organization on Zinc. For example, anyone who signs up with a “circletech.com” email address would be part of the CircleTech Organization on Zinc. Users may also register with a personal email address, such as “firstname.lastname@example.org,” but they will not be added to a Zinc Organization unless they also confirm an organizational email address. If you would no longer like to be contacted by your Organization on Zinc, please contact the Organization or the Administrator that you interact with directly. We may transfer personal information to companies that help us provide our service, as listed later in this policy. Transfers to subsequent third parties are covered by the service agreements with our customer or with the corresponding Organization on Zinc.
Organizations have access to additional Zinc features and administrative control, which include the ability to see the data and activities of the users in that organization, including all data and activity. With respect to the Zinc Organization, references to “you” or “your” in this privacy statement refer to the individual users of Zinc. Individual users of Zinc Organizations should direct privacy-related inquiries to the organization that provides them access to the Zinc service.
Zinc has no direct relationship with the users who register with their organizational email address that will become members of the corresponding Organization on Zinc. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the corresponding Organization on Zinc. If requested to remove data, we will respond within a reasonable time.
We will retain personal data we process on behalf of a corresponding Organization on Zinc for as long as needed to provide services to the organization. Zinc will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
What Information Do We Collect?
Customer Data is all the data, including text, location data, device data, sound, software, image or video files that you provide, or are provided on your behalf, to us through your use of Zinc.
We make no claim of ownership to your Customer Data. Except as provided in this privacy statement or described in your agreements, we only use Customer Data to provide and enhance the Zinc Service. We don’t share your Customer Data with advertisers, or with anybody else except in the very limited circumstances described in the Sharing Your Information section below.
Contact Data includes the name, address, phone number, profile information, email address, title, time zone and other contact information for you or others that we may collect through your use of the service. Contact Data you provide as part of your Zinc profile is available to other users of the Zinc Service.
Zinc is communication software and therefore works better when more people are part of the service and available for communication. For this reason, Zinc encourages people to send invitations to others who are not on Zinc. If you choose to provide us with email addresses, phone numbers or other Contact Data of people inside or outside your organization, we will use that information to enable you and other users to invite those people to join Zinc.
We may also suggest contacts to you that you may want to connect with who are not users of Zinc. If you choose to connect with these users, we will send them an invitation to join Zinc by sending them an email or text message on your behalf which may include your name, picture and other profile information. We may also notify others via email or push notification when you join Zinc or take certain other actions within the application, such as creating or modifying a group.
In addition, Zinc uses Contact Data to complete the transactions you request, administer your account, improve the Services and detect and prevent fraud.
We may also use Contact Data to contact you to provide information about new subscriptions, billing and important updates about the Services, including information about security or other technical issues. We may also contact you regarding third-party inquiries as described in this privacy statement or your agreement(s). If you are an administrator for the Service, you may not be able to unsubscribe from some of these communications.
We may also use Contact Data to contact you regarding information and offers about the Service, other products and services or to request your feedback. If you do not wish to receive these communications you may unsubscribe from them in your notification preferences.
We may use statistical data, analytics, trends and usage information derived from your use of Zinc (“usage data”). Usage data includes, but is not limited to, aggregated quantitative information about active users, activity, messages, photos, video and location. Some ways we use the usage data include operating, improving and personalizing the Services. Except to provide reports to you or others in your organization, we do not disclose usage data in a way which is identifiable to your organization or users in your Zinc Organization.
Support Data is the information we collect when you submit a support request, crash report, or in-app feedback, including information about hardware, software, and other details related to the support incident, such as: contact or authentication information, information about the condition of the device and the application when the fault occurred (e.g., “stack trace”), and device screenshots.
Support may be provided through phone, email, online chat or within the Zinc application. We may access your Customer Data to troubleshoot the incident. Phone conversations and online chat sessions may be recorded and/or monitored. We use Support Data in the same way as we use your information, as described in this privacy statement. Additionally, we use it to resolve your support incident and for training purposes.
Following a support incident, we may send you a survey about your experience. You must opt-out of support surveys separately from other communications provided by Zinc, by contacting Support or through the email footer.
To review and edit your personal information collected through our support services, and for any other inquiries regarding our support services, please contact Support.
Some customers may purchase enhanced support offerings. These offerings are covered by their own contract terms and notices.
When you download and use our mobile or native desktop applications, we automatically collect information on the type of device you use and operating system version.
We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
User Data Supplementation
We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include:
- Information about your work such as job title and role, to suggest improvements to your profile in the Zinc app.
- Purchased marketing data about our customers from third parties that is combined with information we already have about you, to create more tailored advertising and products.
How Do We Use the Information We Collect?
We use the information collected through Zinc for the purposes described below:
- to provide our services or information you request, and to process and complete any transactions;
- to respond to your emails, submissions, questions, comments, requests, and complaints and provide customer service;
- to monitor and analyze usage and trends, and to personalize and improve Zinc and your experiences when you use Zinc, such as providing content or features to increase the functionality and usability of our services;
- to send you confirmations, updates, security alerts, and support and administrative messages and otherwise facilitate your use of, and our administration and operation of, our services;
- to find and connect with your colleagues;
- to allow you to share messages, photos, videos, location, links, contacts and other data with your colleagues;
- for any other purpose for which the information was collected.
What Information Do We Share With Third Parties?
We will not share Customer Data or Contact Data (“your information”) outside of Zinc or its controlled subsidiaries and affiliates except as described below:
- with other Zinc users who have permission to see your information based on information delivery rules and the preferences set in your account;
- with certain social networking services, if you allow such sharing through our services;
- with service providers who are working with us in connection with the operation of our services (these service providers have access to your personal information only to perform services on our behalf and are obligated not to disclose it or use it for any other purposes);
- we may share aggregated information and non-identifiable information with third parties for industry analysis, press, demographic profiling and other similar purposes;
We don’t share any of your information with 3rd party advertisers.
We are not responsible for the actions of service providers or other third parties, nor are we responsible for any additional information you provide directly to any third parties.
Accessing and Modifying Your Information
You may “opt out” of receiving marketing or promotional emails from us by changing your account preferences or by following the instructions in those emails. If you opt out of these messages, you will still receive emails from us, about your account, our services and other pertinent information related to our services. These communications are considered part of the service and your account, which you cannot opt-out from receiving.
Upon request Zinc will provide you with information about whether we hold any of your personal information. If you wish to request access, or deletion of your personal information please contact us at email@example.com. We will respond to your request within a reasonable timeframe. You may opt-out of location based services at any time by editing the setting at the device level.
We will retain your information including for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Some of the things you do on Zinc aren’t stored in your account, like groups you’ve created and messages you have sent to others (where your colleague may still have a message you sent, even after you delete your account). That information remains after you delete your account.
Cookies and Other Tracking Technologies
We and our website technology partners, affiliates, or analytics or service providers, use technologies such as cookies or similar technologies to analyze trends, administer the website, tracking users’ movements around the website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.
The Zinc Service uses “cookies”, which are small text files placed on a device’s hard disk by a web server. We may use both session and persistent cookies and similar technologies to better understand how you interact with our services, to monitor aggregate usage by our users and web traffic routing on our services, and to improve our services. Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you reject cookies, you may still use our website, but your ability to use some features or areas of our website may be limited.
As is true of most web applications, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, to improve marketing, analytics, or site functionality.
We partner with a third party to either display advertising on our website or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
We display personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
Our blog is managed by a third party application that may require you to register to post a comment. We do not have access or control of the information posted to the blog. You will need to contact or login into the third party application if you want your personal information that was posted to the comments section removed. To learn how the third party application uses your information, please review their privacy statement.
Links to Other Sites
Social Media Widgets
Our website includes Social Media Features, such as the Facebook Like button, and Widgets, such as the Share This button or interactive mini-programs that run on our website. These Features may collect your Internet protocol address, which page you are visiting on our website, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our website. Your interactions with these Features are governed by the privacy statement of the company providing it.
What Steps Do We Take to Protect Your Information Online?
We take reasonable measures and follow generally accepted standards to protect your personal information submitted to us, both during transmission and once it is received in an effort to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction. Please be aware, however, that despite our efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other type of misuse. If you have any questions about the security of your personal information, you can contact us at email@example.com.
U.S. National Security Requests
Zinc has never received an order to disclose Customer Data under either Section 215 of the USA Patriot Act or Section 702 of the FISA Amendments Act. Zinc will update this statement weekly with any changes.
EU-U.S. Privacy Shield
Zinc participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Zinc is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
Zinc is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Zinc complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Zinc is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Zinc may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Our Policy Toward Children
Our service is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information of a child under 13, we will take steps to delete such information from our files as soon as possible.
In certain situations, Zinc may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If Zinc is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your prior consent.
55 New Montgomery Street
San Francisco, CA 94105
Effective: April 21, 2017
Thanks to the following artists for creating the music used in our conference calls