ZRP Link Effective date: April 27, 2026 Last updated: April 27, 2026
ZRP Link ("we", "us", "our") is an automation services company based in Alberta, Canada. We build and operate automation systems for small and mid-sized businesses. Contact: privacy@zrplink.com
We collect and process the following categories of data:
From our clients (accounting firms and other businesses):
Business name and contact information
Microsoft 365 OAuth authorization tokens (used solely to send emails on your behalf)
Document checklist configuration data
Email addresses of your clients for sending automated reminders
From end clients (your clients who receive automated communications):
Email address
Name (first name only, for email personalization)
Document submission status
From website visitors:
Basic usage data such as pages visited and browser type, collected anonymously through standard web hosting logs
Any information voluntarily submitted through contact forms
We do not collect, store, or transmit the contents of any documents. All documents remain in your client-controlled storage (Microsoft SharePoint, Google Drive, or equivalent) at all times.
Additional data collected for specific automation services is documented in the applicable Service Agreement.
Data is used exclusively to operate the automation services you have contracted us to provide:
Sending automated document reminder emails on your behalf
Tracking document checklist completion status
Generating status reports for your review
Responding to inquiries submitted through our website
We do not sell, share, or use your data or your clients' data for any purpose beyond delivering the contracted service.
All data is stored on infrastructure located in Canada:
Application database: Supabase (Montreal, Quebec, Canada)
Application servers: AWS Lightsail (Montreal, Quebec, Canada)
No personal data is transferred outside of Canada except as described in Section 5.
We use the following third-party services to operate our systems:
Supabase — Database storage — Montreal, Canada
AWS Lightsail — Application hosting — Montreal, Canada
Microsoft Graph API — Email sending on client behalf — Microsoft infrastructure
Microsoft Graph API is used solely to send emails using your authorized Microsoft 365 account. We do not store email content. Microsoft's privacy policy governs their infrastructure and data handling.
OAuth tokens are retained for the duration of the service agreement and deleted within 30 days of termination
Document checklist and status data is retained for the duration of the service agreement and deleted within 30 days of termination
End client email addresses are retained for the duration of the service agreement and deleted within 30 days of termination
Website inquiry data is retained for up to 12 months
In the event of a data breach involving personal information, we will notify affected clients within 72 hours of becoming aware of the breach, in accordance with PIPEDA breach of security safeguards requirements. Notification will be provided by email and will include the nature of the breach, the data affected, and steps being taken to address it.
Our website may use standard browser cookies and server logs for basic functionality and anonymous usage analytics. We do not use third-party advertising trackers or cross-site tracking technologies. You may disable cookies in your browser settings without affecting your ability to use our services.
Under PIPEDA and Alberta's Personal Information Protection Act (PIPA), you have the right to:
Access the personal information we hold about you
Request correction of inaccurate information
Withdraw consent and request deletion of your data
File a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner of Alberta
To exercise any of these rights, contact us at privacy@zrplink.com. We will respond within 30 days.
Our services are intended for businesses and are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors.
While we take reasonable steps to ensure the accuracy and security of data processed through our systems, ZRP Link is not liable for inaccuracies in data provided by clients or their end clients, or for actions taken based on automated communications sent through our systems.
We implement appropriate technical safeguards including:
Encrypted data storage
Encrypted data transmission (TLS)
Access controls limiting data access to authorized systems only
No storage of client document content on ZRP Link infrastructure
We will notify clients of material changes to this policy by email at least 14 days before changes take effect. Continued use of our services after that date constitutes acceptance of the updated policy.
ZRP Link Alberta, Canada privacy@zrplink.com