Get started

GDPR Commitment

The General Data Protection Regulation (GDPR) is a regulation that strengthens and unifies data protection rights for individuals across the European Economic Area. As a company based in Poland and operating within the EU, Zendo is committed to full compliance with the GDPR (Regulation (EU) 2016/679).

If your organisation requires GDPR-compliant service providers, Zendo meets that standard. Your data is never sold, shared for third-party profit, or used outside the purposes described in this document.

Owner and Data Controller

The Data Controller responsible for your personal data is:

Massive Pixel Creation Sp. z o.o.
Jesionowa 22, 40-158 Katowice
Poland, EU
Operating as: Zendo (getzendo.io)
Contact email: [email protected]

Types of Data Collected

Among the types of Personal Data that this platform collects, by itself or through third parties, there are: first name, last name, company name, email address, payment information, cookies, and usage data.

Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using the Service. Unless specified otherwise, all Data requested by this platform is necessary to provide the Service. Failure to provide mandatory Data may make it impossible to deliver certain features.

Users are responsible for any third-party Personal Data they share through the platform and confirm they have obtained the necessary consents to provide such Data.

Mode and Place of Processing

Methods of processing

The Owner takes appropriate technical and organisational security measures to prevent unauthorised access, disclosure, modification, or destruction of personal data. Processing is carried out using IT systems, following procedures strictly related to the stated purposes.

In some cases, Data may be accessible to personnel involved in the operation of the Service (administration, sales, support, legal, technical) or to external parties appointed as Data Processors where necessary.

Legal basis of processing

The Owner may process Personal Data when one or more of the following applies:

  • Consent — Users have given consent for one or more specific purposes.
  • Contract performance — Processing is necessary for the performance of an agreement with the User.
  • Legal obligation — Processing is necessary for compliance with a legal obligation to which the Owner is subject.
  • Legitimate interests — Processing is necessary for the legitimate interests pursued by the Owner or a third party, where those interests are not overridden by the rights of the Data Subject.

Place

Data is processed at the Owner’s operating offices and in any locations where the parties involved in processing are located. Depending on the User’s location, data transfers may involve transferring Data to a country other than their own.

Where Personal Data is transferred outside the European Economic Area, the Owner ensures an adequate level of protection is maintained through:

  • Adequacy decisions — Transfers to countries recognised by the European Commission as providing adequate data protection.
  • Standard Contractual Clauses (SCCs) — Where no adequacy decision exists, transfers are covered by European Commission-approved SCCs.
  • Additional safeguards — Where necessary, supplementary measures such as encryption and strict access controls are applied.

Retention

Personal Data is stored for as long as required by the purpose for which it was collected. Data related to contract performance is retained until the contract is fully performed. Once a retention period expires, Data is securely deleted. After deletion, the rights of access, erasure, rectification, and portability can no longer be exercised in relation to that data.

Purposes of Processing

Data is collected to allow the Owner to provide its Service, as well as for the following purposes: analytics, payment processing, customer support, and platform hosting.

Detailed Information on Processing

1. Analytics

PostHog (POSTHOG, INC.)

A product analytics platform used to track user behaviour, feature usage, and session data within the Zendo application. PostHog is used in self-hosted or cloud configuration to collect events, identify users, and analyse product usage patterns.

Data collected: User identifier, event data, session data, page views, browser and device metadata.

📍European Union (EU Cloud) — data processed within the EEA

Google Tag Manager (GOOGLE LLC)

A tag management service used on the marketing website (getzendo.io) to manage scripts and tracking tags in a centralised fashion. User data may flow through this service.

Data collected: Cookies, Usage Data.

📍United States — transfers safeguarded by Standard Contractual Clauses (SCCs).

2. Payment Processing

Stripe (STRIPE, INC.)

A payment processing service used to handle credit card and other payment transactions. Only the information necessary to execute the transaction is shared with Stripe.

Data collected: Payment and billing information, as specified in Stripe’s privacy policy.

📍United States — transfers safeguarded by SCCs.

3. Custom Support & Communications

Crisp (CRISP IM SARL)

A customer messaging and communication platform used to provide live chat support, send transactional emails, and deliver behavioral email campaigns to users based on their activity within the Service.

Data collected: Email address, name, usage events, conversation content, and behavioral data used for campaign segmentation.

📍France, EU — data processed within the EEA

4. Platform Hosting & Infrastructure

Amazon Web Services (AWS) (AMAZON.COM, INC.)

Cloud hosting infrastructure used to run and store the Zendo platform and its data.

Data collected: Data stored within the platform as part of normal service operation.

📍Ireland, EU (eu-west-1) — data processed within the EEA, no international transfer

Cloudways (DIGITALOCEAN, LLC)

A managed hosting platform used exclusively to host the Zendo marketing website (getzendo.io). No application user data is stored on Cloudways infrastructure.

Data collected: IP addresses, request metadata, server logs.

📍United States — transfers safeguarded by SCCs

Cloudflare (CLOUDFLARE, INC.)

A content delivery network and security service used for the marketing website. Cloudflare processes HTTP request data to provide DDoS protection and performance optimization.

Data collected: IP addresses, request headers, Usage Data.

📍United States — transfers safeguarded by SCCs. Cloudflare maintains EU data localisation options where applicable.

Rights of Users

Users may exercise the following rights regarding their Personal Data at any time:

  • Withdraw consent — Where processing is based on consent, Users have the right to withdraw that consent at any time.
  • Object to processing — Users have the right to object to processing carried out on a legal basis other than consent, including processing for direct marketing purposes (which can be objected to at any time without justification).
  • Access their Data — Users have the right to learn whether their Data is being processed and to receive a copy of that Data.
  • Rectification — Users have the right to verify the accuracy of their Data and request corrections.
  • Restrict processing — Under certain circumstances, Users have the right to restrict the processing of their Data.
  • Erasure — Under certain circumstances, Users have the right to have their Personal Data deleted.
  • Data portability — Users have the right to receive their Data in a structured, machine-readable format and, where technically feasible, have it transferred to another controller.
  • Lodge a complaint — Users have the right to lodge a complaint with the competent data protection authority in their EU Member State.

To exercise any of these rights, contact the Owner at [email protected]. Requests are free of charge and will be addressed within one month.

Additional Information

Legal action

Personal Data may be used for legal purposes by the Owner in court proceedings or in stages leading to possible legal action arising from improper use of the Service. The Owner may be required to disclose personal data upon request of public authorities.

System logs and maintenance

For operation and maintenance purposes, the Service and third-party services used may collect system logs that record interactions with the platform, including IP addresses.

Do Not Track

This platform does not respond to “Do Not Track” signals. To determine whether any third-party services used honour such requests, please consult their respective privacy policies.

Changes to this policy

The Owner reserves the right to make changes to this policy at any time. Users will be notified of material changes via email or through a notice within the platform. Continued use of the Service after changes constitutes acceptance of the revised policy. Where changes affect processing based on consent, new consent will be collected where required.

Definitions and Legal References

Personal Data
Any information that directly or indirectly allows for the identification of a natural person.

Usage Data
Information collected automatically through the Service, including IP addresses, browser type, pages visited, time spent, and other interaction metadata.

User / Data Subject
The natural person using the Service, whose personal data is being processed.

Data Controller
The entity that determines the purposes and means of processing Personal Data. For Zendo, this is Massive Pixel Creation sp. z o.o.

Data Processor
A natural or legal person that processes Personal Data on behalf of the Data Controller.

GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council — the General Data Protection Regulation.

Supervisory Authority

As a company registered in Poland, the competent supervisory authority is:

Urząd Ochrony Danych Osobowych (UODO)
President of the Personal Data Protection Office
ul. Stawki 2, 00-193 Warsaw, Poland
Website: uodo.gov.pl
Email: [email protected]

Users located in other EU Member States also have the right to lodge a complaint with the supervisory authority of their country of residence.

Do you want to scale your productized agency?

Learn how to generate a +1 M USD worth pipeline of leads for your productized services with our free online training delivered daily to your inbox.

Get your free online training now
Is your business showing signs of needing software?

Learn how to recognize if your business should invest in software and how to choose the best suited solution from those available on the market.

Get your free ebook now
Get started
Get started