Data Processing Addendum (DPA)

Last Updated: February 2026

This Data Processing Addendum ("DPA") forms part of the agreement between Zippify ("Zippify," "Processor," "we," "us") and the customer, partner, or organization ("Customer," "Controller") that uses Zippify's services (the "Services").

This DPA applies where Zippify processes Personal Data on behalf of the Customer in the course of providing the Services and is incorporated by reference into any applicable service agreement, terms of service, or written contract between the parties (the "Agreement").

1. Definitions

For purposes of this DPA:

• "Applicable Data Protection Laws" means all laws and regulations applicable to the processing of Personal Data, including but not limited to GDPR, UK GDPR, and U.S. state privacy laws.
• "Controller" means the entity that determines the purposes and means of processing Personal Data.
• "Processor" means the entity that processes Personal Data on behalf of the Controller.
• "Personal Data" means any information relating to an identified or identifiable individual.
• "Processing" means any operation performed on Personal Data.
• "Sub-processor" means a third party engaged by Zippify to process Personal Data.

2. Roles and Scope

2.1 Roles of the Parties

• The Customer acts as the Controller of Personal Data.
• Zippify acts as the Processor, processing Personal Data solely on documented instructions from the Customer.

2.2 Scope of Processing
Zippify processes Personal Data only as necessary to provide the Services, including:

• AI-powered interview practice and feedback
• Career guidance and performance analytics
• Account management and support
• Platform security, reliability, and compliance

3. Categories of Data and Data Subjects

3.1 Categories of Personal Data

May include:

• Name, email, and account identifiers
• Employment history or resume data
• Interview responses (text, audio, or video, if enabled)
• Performance metrics and analytics
• Usage and session data

3.2 Categories of Data Subjects

• Job candidates
• Employees
• Students
• Program participants
• Contractors or workforce members

4. Processor Obligations

Zippify shall:

• Process Personal Data only in accordance with Customer's instructions
• Ensure confidentiality of all Personal Data
• Implement appropriate technical and organizational security measures
• Assist Customer in responding to data subject rights requests
• Notify Customer without undue delay of any confirmed Personal Data breach
• Delete or return Personal Data upon termination of Services, unless retention is required by law

5. Security Measures

Zippify maintains reasonable and appropriate safeguards designed to protect Personal Data, including:

• Access controls and authentication mechanisms
• Encryption in transit and at rest where appropriate
• Monitoring and logging
• Regular security reviews

Zippify does not guarantee absolute security but commits to industry-standard practices.

6. Sub-processors

6.1 Authorization
Customer grants Zippify general authorization to engage Sub-processors for hosting, analytics, AI processing, payments, and infrastructure.

6.2 Obligations
Zippify ensures Sub-processors are bound by data protection obligations no less protective than those in this DPA.

6.3 Changes
A current list of Sub-processors may be provided upon request.

7. International Data Transfers

Where Personal Data is transferred outside the Customer's jurisdiction, Zippify will ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs), where applicable
• Equivalent lawful transfer mechanisms

8. Data Subject Rights Assistance

Zippify will reasonably assist Customer in fulfilling requests related to:

• Access
• Correction
• Deletion
• Restriction or objection to processing
• Data portability

Requests should be submitted through Customer, not directly to Zippify, unless required by law.

9. Audit and Compliance

Upon reasonable written request, Zippify will:

• Provide relevant information necessary to demonstrate compliance with this DPA
• Cooperate with audits conducted by Customer or an independent auditor, subject to confidentiality and reasonable limitations

10. Data Breach Notification

In the event of a confirmed Personal Data breach, Zippify will:

• Notify Customer without undue delay
• Provide relevant information about the nature and scope of the breach
• Cooperate in mitigation and remediation efforts

11. Deletion and Return of Data

Upon termination or expiration of the Services:

• Zippify will delete or return Personal Data at Customer's request
• Residual copies may be retained only as required by law or for legitimate business obligations

12. Liability and Precedence

In the event of a conflict between this DPA and the Agreement:

• This DPA governs matters related to data protection
• All other terms remain in full force and effect

13. Updates to This DPA

Zippify may update this DPA to reflect changes in law or processing practices. Material changes will be communicated through the Services or website.

14. Contact Information

For data protection inquiries or requests:

Email: privacy@zippify.com
Company: Zippify
Location: Florida, United States

Zippify – Where preparation meets opportunity.