Privacy Policy

Last updated: 24 May 2026 · Effective: 24 May 2026

Zendikt operates as an independent B2B software intelligence publisher at www.zendikt.com. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and the rights you have under EU GDPR, UK GDPR, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), India’s Digital Personal Data Protection Act 2023 (DPDP), and equivalent laws in other jurisdictions.

1. Who we are (data controller)

Zendikt (“we”, “us”, “our”) is the data controller for personal data described in this policy. For any privacy enquiry, including subject access, deletion, correction, restriction, or portability requests, contact privacy@zendikt.com. We will respond within the timelines required by the applicable regulation (30 days under GDPR, 45 days under CCPA, 30 days under DPDP).

2. What we collect

2.1 Information you submit directly

• Demo request forms on Top 10 and category pages: full name, work email address, company name. Submitted to the relevant vendor with your consent.
• Pricing contributions at /contribute-pricing/<product>: optional, anonymous unless you choose to include identifying details. Used to build crowdsourced verified-pricing intelligence.
• Editorial enquiries sent to editorial@zendikt.com or privacy@zendikt.com: any contents of your email and your email address.

2.2 Information collected automatically

• Standard server logs: IP address, user-agent string, referrer, request URL, timestamp. Retained 30 days for security and abuse detection, then aggregated or deleted.
• Analytics events via Google Analytics 4 (GA4): pseudonymous device identifier, page paths, session duration, broad geography (country / region). IP addresses are truncated by Google before processing. We do not enable Google Signals or cross-device tracking.
• Advertising data via Google AdSense (where shown): cookies and similar identifiers used by Google to serve and measure ads, subject to Google’s advertising policies.

2.3 Information from third parties

We do not buy contact databases or behavioural data. Vendor and product information on this site is gathered from public sources (vendor websites, regulatory filings, press releases, G2, Capterra, Reddit, Trustpilot) under fair-use editorial publication norms.

3. Lawful basis for processing (GDPR Article 6 / UK GDPR / DPDP)

• Consent (Art. 6(1)(a)): demo request submissions, pricing contributions, and any non-essential cookies. You may withdraw consent at any time without affecting prior lawful processing.
• Legitimate interests (Art. 6(1)(f)): security logging, abuse prevention, aggregate analytics. Balanced against your privacy expectations; you may object via privacy@zendikt.com.
• Contract (Art. 6(1)(b)): performance of any contractual arrangement entered with you (e.g., editorial subscriptions, if offered).
• Legal obligation (Art. 6(1)(c)): retention of records required by tax, accounting, or regulatory rules in the jurisdictions where we operate.

4. How we use the data

• To forward your demo request to the vendor you selected. The vendor receives your name, work email, company, and product context. They become an independent data controller for any onward processing.
• To produce and improve editorial content, including aggregated and anonymised pricing intelligence.
• To operate and secure the site (server logs, fraud and abuse detection).
• To measure aggregate audience behaviour (e.g., which Top 10 pages get most attention) so we know where to invest editorial effort.
• To respond to enquiries, corrections, and rights requests.

We do not sell, rent, or lease personal data. We do not use submitted data to train artificial-intelligence models. We do not perform automated decision-making with legal or similarly significant effects on you.

5. Who we share data with

• The vendor you selected, when you submit a demo request. The vendor’s own privacy policy governs onward processing.
• Resend (resend.com), our transactional-email processor, which transmits demo-request emails on our behalf. Resend is bound by a data-processing agreement and operates SOC 2 Type II controls.
• Google LLC, for Analytics and AdSense services, under Google’s standard terms and the EU–US Data Privacy Framework where applicable.
• Vercel Inc., our hosting provider, which processes server logs and provides serverless function execution. Vercel is a data processor under the EU GDPR and CCPA.
• Cloudflare, our CDN and edge security layer, processes IP addresses transiently for routing and DDoS mitigation.
• Lawful disclosure: courts, regulators, or law enforcement, where compelled by valid legal process.

6. International transfers

Where personal data leaves the European Economic Area, the United Kingdom, or India, we rely on either an adequacy decision (where one exists), the EU–US Data Privacy Framework (for transfers to participating US processors), or the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum. For India-origin data, we comply with the cross-border transfer conditions set out in the DPDP Act 2023.

7. Retention

• Demo-request submissions: 24 months from submission, then deleted from our systems. The receiving vendor’s own retention policy is independent.
• Pricing-contribution submissions: indefinite in anonymised aggregate form; personal identifiers (if any included) deleted within 30 days.
• Server logs: 30 days.
• Analytics data: 14 months at GA4 default.
• Email correspondence: 36 months.

8. Your rights

Subject to the applicable law, you have the following rights:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Request erasure (“right to be forgotten”).
• Restrict or object to processing.
• Data portability (machine-readable export).
• Withdraw consent at any time.
• Lodge a complaint with your supervisory authority (e.g., the ICO in the UK, CNIL in France, the BfDI in Germany, the California AG’s Office, the Data Protection Board of India).
• Opt out of the sale or sharing of personal information under CCPA/CPRA. We do not sell or share personal information as those terms are defined under CCPA/CPRA.

To exercise any of these rights, email privacy@zendikt.com. We may need to verify your identity before responding.

9. Security

We use HTTPS site-wide, hash and rotate any access tokens, and rely on the security controls of Vercel, Cloudflare, Resend, and Google for the components they host. We do not store personal data in plaintext databases under our direct control beyond the minimum necessary for editorial operation.

10. Children

Zendikt is a B2B publication for purchasing decision-makers. We do not knowingly collect personal data from anyone under 16 (EU) / 13 (US) / 18 (India under DPDP). If you believe a child has submitted data, contact privacy@zendikt.com and we will delete it.

11. Changes to this policy

We will revise this policy whenever our practices change materially, and republish at this URL with an updated “Last updated” date. Substantive changes affecting your existing data will be communicated by email where we have a current address on file.

12. Contact

General privacy questions: privacy@zendikt.com
Editorial: editorial@zendikt.com
General contact: /contact

This policy supersedes any prior privacy statements published at zendikt.com. Where this English-language version conflicts with any translation, the English version controls.