Connect Zero privacy policy
This privacy policy covers all three Connect Zero products: Connect Zero for 3CX, Connect Zero for ConnectWise Xero Invoice Sync, and Connect Zero for Timesheets. It describes what personal data Connect Zero collects, how we use it, who we share it with, and what rights you have over it.
What is personal data
In this policy, "personal data" means any information that identifies you or could reasonably be used to identify you. This includes your name, email address, phone number, company or organisation name, IP address when you visit the Connect Zero web site, and any content you submit through the contact form. For the three Connect Zero products in operation, personal data also includes the data your team enters into the connected source systems (ConnectWise contact records, 3CX call participant phone numbers, Xero contact records) which transits through Connect Zero infrastructure as part of the integration sync.
Connect Zero and Its Subsidiaries: Company Overview and Headquarters
"We", "us", and "Connect Zero" in this policy refer to Connect Zero, an Adelaide-based Australian software business operating from South Australia. References to "the site" mean connectzero.app and its subdomains.
How we collect your data
Connect Zero collects personal data in four ways. First, directly from you when you submit the contact form, sign up for a 30-day trial, install one of the products via a CRM marketplace, or email or phone the support team. Second, automatically when you visit the site (server logs, cookies, basic analytics). Third, through the integration sync itself when records move between the source and destination systems your team has connected. Fourth, from third-party services we use to operate the product (Stripe for billing, the CRM platform marketplace for app metadata).
We do not buy or rent personal data from third parties. We do not scrape personal data from public sources to enrich our records.
How we use your data
We use personal data for four purposes. Operating the site, providing the products, communicating with you, and improving the products. We do not sell personal data. We do not use personal data for advertising on third-party platforms. We do not profile customers for retargeting outside the site.
How we share your data
We share personal data with a small set of categories of third party. Service providers (the cloud hosting platform, Stripe for billing, the CRM marketplace platform for the 3CX product, email delivery providers) under contract terms that require equivalent privacy protection. Authorised legal recipients when required by law. Group companies if Connect Zero is restructured into a corporate group during the customer relationship.
We do not share personal data with marketing partners, data brokers, or analytics aggregators beyond the standard product analytics named above.
International data transfers
Connect Zero application infrastructure runs in Australia. Where third-party services we depend on (Stripe, the CRM marketplace platform for the 3CX product) operate outside Australia, the data necessary to operate those services may transit through their respective jurisdictions. Where transfers happen, they happen under standard contractual clauses or equivalent legal mechanisms aligned with the Australian Privacy Principles.
Security commitments
Connect Zero stores customer data in encrypted form at rest. We use TLS 1.2 or higher for data in transit. Access to production systems is restricted to named team members with auditable access logs. We follow industry-standard practices for credential storage, password hashing, and OAuth token handling.
If a security incident affecting customer data occurs, we notify affected customers without undue delay and follow the notification requirements under the Australian Privacy Act and the Notifiable Data Breaches scheme.
Retention
We retain personal data for as long as the customer relationship continues, plus a defined post-cancellation period. Operational data (audit logs, payment history) is retained for seven years for compliance reasons. Marketing data is retained until you unsubscribe or request deletion. Contact form submissions are retained for one year unless they become part of an active customer relationship.
Your rights
Under the Australian Privacy Act, you have the right to access the personal data we hold about you, request correction of inaccurate data, request deletion of your personal data subject to operational and legal retention requirements, and opt out of marketing communications at any time. We respond to access and correction requests within thirty days.
Contact us
For privacy questions, data access requests, or deletion requests, email privacy@connectzero.app. For general support questions, see the contact page. For legal correspondence requiring a postal address, contact us first via email and we will provide it on request.
