ZenPM
Start Free

GDPR Compliance

ZenPM is committed to protecting your data rights under the General Data Protection Regulation.

Last updated: March 2026

Data Processing

ZenPM processes personal data to provide our project management service. This includes account information (name, email), project data (tasks, notes, contacts), and usage analytics. We process data only as necessary to deliver the Service, fulfill our contractual obligations, and comply with legal requirements.

Legal Basis for Processing

We rely on the following legal bases under GDPR:

  • Contractual necessity: Processing required to provide the ZenPM service you signed up for.
  • Legitimate interests: Improving our service, preventing fraud, and ensuring platform security.
  • Consent: Where applicable, such as for non-essential cookies or marketing communications. You may withdraw consent at any time.
  • Legal obligation: Processing required to comply with applicable laws, such as tax and accounting requirements.

Your Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing: Request that we limit how we process your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, email us at hello@zenpm.work. We will respond within 30 days.

International Data Transfers

ZenPM's infrastructure is hosted in the United States. When data is transferred from the EEA or UK, we ensure appropriate safeguards are in place, including standard contractual clauses where applicable. Our third-party processors (Stripe, Mailgun, Google) maintain their own GDPR compliance programs and data processing agreements.

Data Protection Contact

For any GDPR-related inquiries, data subject requests, or to report a data protection concern, please contact our data protection team:

ZenPM Data Protection

Email: hello@zenpm.work

Response time: within 30 days of receipt

Cookies

ZenPM uses essential cookies required for authentication and session management. These cookies are strictly necessary and do not require consent under GDPR. We do not use third-party advertising or tracking cookies. For analytics, we use minimal, privacy-respecting methods. You can manage cookie preferences through your browser settings at any time.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.