GDPR Notice for Zynk

Last updated: March 9, 2026

This GDPR Notice supplements the Zynk Privacy Policy. It applies to personal data processed in connection with our website, apps, file transfer services, messaging functionality, customer support, security operations, and related business activities where the GDPR or UK GDPR applies.

1. Data controller

Zynk is the controller of the personal data described in this notice unless another party is expressly identified at the time of collection.

For privacy questions, rights requests, or concerns about this notice, contact:

• •Email: [email protected]
• •Support: [email protected]
• •Website: https://zynk.it

If you need additional controller identity details or a mailing address for a formal privacy request, contact [email protected].

2. Categories of personal data

Depending on how you use Zynk, we may process:

• •account information such as email address, username, phone number, and encrypted credentials
• •profile information you choose to provide
• •device, browser, and operating system details
• •connection, diagnostic, and security logs such as IP address, timestamps, and crash data
• •transfer and service metadata such as file names, sizes, routing details, delivery status, and related technical events
• •support requests, survey responses, and other communications you send to us
• •billing, payment, or transaction records if you purchase paid services
• •marketing-site analytics data if you opt in to optional website analytics

We do not intentionally access the contents of files or messages except where temporary technical handling is required to route, relay, reconnect, secure, or deliver the service.

3. Why we process personal data

We process personal data to:

• •provide, operate, and maintain the Zynk service
• •authenticate users and secure accounts
• •facilitate file transfer, messaging, and service reliability
• •respond to support requests and service inquiries
• •detect abuse, fraud, security incidents, and technical issues
• •improve performance, stability, accessibility, and product quality
• •measure marketing-site usage when you opt in to analytics
• •comply with legal obligations and enforce our contractual terms

4. Lawful bases

Where GDPR applies, we rely on one or more of the following lawful bases:

• •Contract: to provide the services you request and administer your account
• •Legitimate interests: to secure, maintain, troubleshoot, improve, and defend the service
• •Consent: for optional marketing-site analytics and any other processing that requires consent
• •Legal obligation: to comply with applicable laws, regulations, court orders, or lawful requests

5. Recipients of personal data

We may disclose relevant personal data to:

• •infrastructure, hosting, email, payment, or support providers acting on our behalf
• •analytics providers acting on our behalf when you enable optional website analytics
• •professional advisers such as lawyers, auditors, and insurers
• •regulators, courts, law enforcement, or public authorities where required by law
• •a buyer, investor, or successor entity in connection with a merger, financing, restructuring, or sale of assets

We require service providers to process personal data only on documented instructions and to apply appropriate confidentiality and security protections.

If you opt in to website analytics, Google Analytics may process related marketing-site identifiers and usage events as our analytics provider. We keep ad personalization signals disabled in that setup.

6. International transfers

Personal data may be processed outside your country of residence. When GDPR-restricted transfers occur, we rely on appropriate safeguards such as contractual protections, adequacy decisions, or other valid transfer mechanisms recognized by applicable law.

7. Data retention

We keep personal data only for as long as necessary for the purposes described in this notice, including to provide the service, resolve disputes, maintain security, and meet legal requirements.

As a general guide:

• •account records are retained while your account remains active and for a limited period afterward where needed
• •transfer metadata may be retained for operational and troubleshooting purposes
• •security and diagnostic logs may be retained for fraud prevention, abuse detection, and incident response
• •support and billing records may be retained as needed for customer service, tax, accounting, and compliance obligations
• •analytics cookies and related marketing-site analytics data remain subject to your consent choice, browser controls, and our Google Analytics retention settings

Retention periods may vary depending on the nature of the data, the product features used, and applicable law.

8. Your GDPR rights

Subject to applicable law and verification of your identity, you may have the right to:

• •request access to the personal data we hold about you
• •request correction of inaccurate or incomplete data
• •request deletion of your personal data
• •request restriction of processing
• •object to processing based on legitimate interests
• •receive a portable copy of certain personal data
• •withdraw consent where processing is based on consent
• •lodge a complaint with your local supervisory authority

To exercise these rights, email [email protected]. We may request additional information reasonably necessary to verify your identity and process the request securely. If you previously allowed marketing-site analytics, you can also withdraw that consent at any time through Cookie Settings in the footer.

9. Automated decision-making

We do not currently make decisions based solely on automated processing that produce legal or similarly significant effects on individuals in the ordinary course of providing Zynk. If that changes, we will update this notice where required.

10. Security

We maintain technical and organizational measures designed to protect personal data, including access controls, encryption where appropriate, logging, and ongoing security review. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Changes to this notice

We may update this GDPR Notice from time to time to reflect operational, legal, or regulatory changes. When we do, we will post the revised version here and update the "Last updated" date.

12. Contact us

If you have questions about this GDPR Notice or our data handling practices, contact [email protected].