33 New Montgomery St
Suite 1420
San Francisco, CA 94105
Privacy Policy
This Privacy Policy describes the privacy practices of Greenbax Inc. d/b/a ZipHQ ("ZipHQ", “Zip”,
“Evergreen,” "we", “us” or "our") and how we handle personal information that we collect
through our digital properties that link to this Privacy Policy, including our website
(collectively, the “Service”), as well as through social media, our marketing activities, and other
activities described in this Privacy Policy.
Zip provides a pioneering platform that offers one place for employees to initiate a purchase or
vendor request. This Privacy Policy does not apply to information that we process on behalf of our
enterprise customers while providing the Zip platform to them. Our use of such information is
governed by our agreements with those enterprise customers. If you have concerns regarding
personal information that we process on behalf of an enterprise customer, for example if you are
an employee of such an enterprise customer, please direct your concerns to that enterprise
Our websites, products, and services are primarily designed for enterprise organizations and their
representatives. We do not offer products or services for use by individuals for their personal,
family, or household purposes. Accordingly, we treat all personal information we collect as
pertaining to individuals in their capacities as enterprise organization representatives and not their
individual capacities.
Zip may provide additional or supplemental privacy policies for specific products or services
that we offer at the time we collect personal information or as otherwise notified to you.
Personal information we collect
How we use your personal information
How we share your personal information
Anonymized, aggregated, or de-identified data
How we share your personal information
Your rights
Your choices
Other sites and services
International data transfer
Additional disclosures for California residents
Changes to this Privacy Policy
How to contact us
Personal information we collect
Information you provide to us. Personal information you may provide to us through the
Service or otherwise includes:
Contact data - such as your first and last name, salutation, email address, billing and
mailing addresses, professional title and company name, and phone number.
Demographic Information - such as your city, state, country of residence, and postal
Profile data - such as the username and password that you may set to establish an
online account with us and any other information that you add to your account profile.
Communications data - that we exchange with you, including when you contact us with
questions or feedback, through the Service, social media, or otherwise. When you
contact us, we may also keep a record of your communication to better support you in
the future.
Transactional data - such as information relating to or needed to complete your orders
on or through the Service, including order numbers and transaction history.
Marketing data - such as your preferences for receiving our marketing communications
and details about your engagement with them.
User-generated content - such as comments, questions, messages, works of
authorship, and other content or information that you generate, transmit or otherwise
make available on the Service, as well as associated metadata. Metadata includes
information on how, when, where, and by whom a piece of content was collected and
how that content has been formatted or edited.
Financial information - such as your financial account numbers or payment card
Payment information needed to complete transactions, including payment card
information or bank account number.
Other data not specifically listed here, which we will use as described in this Privacy
Policy or as otherwise disclosed at the time of collection.
Third-party sources. We may combine personal information we receive from you with personal
information we obtain from other sources, such as:
Public and private sources - such as government agencies, public records, social
media platforms, and other publicly or privately available sources.
Data providers - such as information services and data licensors.
Our affiliate partners - such as our affiliate network provider and publishers,
influencers, and promoters who participate in our paid affiliate programs.
Marketing partners - such as joint marketing partners and event co-sponsors.
Automatic data collection. We, our service providers, and our business partners may
automatically log information about you, your computer or mobile device, and your
interaction over time with the Service, our communications, and other online services, such as:
Device data - such as your computer’s or mobile device’s operating system type and
version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU
usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers
used for advertising purposes), language settings, mobile device carrier, radio/network
information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or
geographic area.
Online activity data - such as pages or screens you viewed, how long you spent on a page or
screen, the website you visited before browsing to the Service, navigation paths between
pages or screens, information about your activity on a page or screen, access times and
duration of access, and whether you have opened our marketing emails or clicked links
within them.
Cookies and similar technologies. Like many online services, we may use the following
Cookies, which are text files that websites store on a visitors device to uniquely identify the
visitor’s browser or to store information or settings in the browser for the purpose of
helping you navigate between pages efficiently, remembering your preferences, enabling
functionality, helping us understand user activity and patterns, and facilitating analytics
and online advertising.
Local storage technologies, like HTML5 and Flash, that provide cookie equivalent
functionality but can store larger amounts of data, including on your device outside of your
browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a
webpage or email address was accessed or opened, or that certain content was viewed or
Data about others. Users of the Service may have the opportunity to refer other contacts to us and
share their contact information with us. Please do not refer someone to us or share their contact
information with us unless you have their permission to do so.
How we use your personal information
We may use your personal information for the following purposes or as otherwise described
at the time of collection.
Where the processing is necessary to administer our relationship with you,
including where based on our contract with you or to take steps at your request
prior to entering into a contract. For example, we may use your personal
information to:
create and administer orders for you;
establish and maintain your user profile on the Service;
enable security features of the Service, such as by sending you security codes
via email or SMS, and remembering devices from which you have previously
logged in;
communicate with you about the Service, including by sending
announcements, updates, security alerts, and support and administrative
provide support for the Service, and respond to your requests, questions,
and feedback; and
facilitate you visiting our offices or attending events.
Where the processing is necessary for our legitimate interests and where our
interests are not outweighed by your data protection rights. For example, we may
use your personal information to:
further our research and development, including to analyze and improve the
Service and our business;
collect and use your personal information for marketing and advertising
purposes, including through service providers or third parties and to
understand your needs and interests, and personalize your experience with
the Service and our communications;
send you Zip-related or other direct marketing communications as
permitted by law;
undertake mergers, acquisitions, reorganizations, disposals, or other
business transactions as permitted/required in accordance with local law;
protect our, your or others’ rights, privacy, safety or property (including by
making and defending legal claims).
Where necessary to comply with a legal obligation. For example, we may use your
personal information to:
comply with applicable laws, lawful requests, and legal processes, such as to
respond to subpoenas or requests from government authorities;
audit our internal processes for compliance with legal and contractual
requirements and internal policies;
enforce the terms and conditions that govern the Service; and
prevent, identify, investigate and deter fraudulent, harmful, unauthorized,
unethical, or illegal activity, including cyberattacks and identity theft.
With your consent. In some cases, we may specifically ask for your consent to
collect, use or share your personal information, such as when required by law.
Anonymized, aggregated, or de-identified data
Anonymization is a data processing technique that modifies personal information so that it
cannot be associated with a specific individual. Except for this section, none of the other
provisions of this Privacy Policy apply to anonymized, aggregated (i.e., information about
our customers that we combine so that it no longer identifies or references an individual
customer) or de-identified data. We may use this anonymized, aggregated, or de-identified
data and share it with third parties for our lawful business purposes, including to analyze
and improve the Service and promote our business.
How we share your personal information
We may share your personal information with the following parties and as otherwise
described in this Privacy Policy or at the time of collection.
Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent
with this Privacy Policy.
Service providers. Third parties that provide services on our behalf or help us operate
the Service or our business (such as hosting, information technology, customer
support, email delivery, marketing, and website analytics).
Payment processors. Any payment card information you use to make a purchase from
us, including on the Service, is collected and processed directly by our payment
processors and as such may be subject to that payment processor’s privacy policy.
Third parties designated by you. We may share your personal information with third
parties where you have instructed us or provided your consent to do so.
Business and marketing partners. Third parties with whom we collaborate on joint
activities (such as co-sponsors of contests and promotions), with whom we have
entered into joint marketing relationships or other joint ventures, or who we think may
offer you products or services that you may enjoy.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and
insurers, where necessary in the course of the professional services that they render to
Authorities and others. Law enforcement, government authorities, and private parties,
as we believe in good faith to be necessary or appropriate for the legal compliance and
other purposes described above.
Business transferees. Acquirers and other relevant participants in business
transactions (or negotiations and diligence for such transactions) involving a corporate
divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition
of all or any portion of the business or assets of, or equity interests in, Zip or our
affiliates (including, in connection with a bankruptcy or similar proceedings).
Other users and the public. Your profile and other user-generated content (except for
messages) may be visible to other users of the Service and the public. For example,
other users of the Service or the public may have access to your information if you
choose to make your profile or other personal information available to them through
the Service, such as when you provide comments, reviews, survey responses, or share
other content. This information can be seen, collected, and used by others, including
being cached, copied, screen captured, or stored elsewhere by others (e.g., search
engines), and we are not responsible for any such use of information.
Your rights
You may have a right to access and to obtain a copy of your personal information as processed by
Zip. If you believe that any personal information we hold about you is incorrect or incomplete, you
may also request the correction of it (for example by logging into the Service if you have registered
for an account with us).
You may also have the right to:
object to the processing of your personal information;
request the deletion of your personal information;
request a restriction on the processing of your personal information; and/or
withdraw your consent where Zip obtained your consent to process personal information
(without this withdrawal affecting the lawfulness of any processing that took place prior to
the withdrawal).
Zip will honor such requests for access, correction, deletion or restriction and/or any withdrawal or
objection as required under the applicable data protection laws and regulations, and we will not
discriminate against you for exercising your legal rights. However, please note that such rights are
not absolute: they do not always apply, and exemptions may be applicable. Zip will usually, in
response to any such request, ask you to verify your identity and place of residence and/or provide
information that helps us to better understand your request. If we do not comply with your request,
we will explain why.
To exercise the above rights with Zip, you may contact us as set forth below. If you are not satisfied
with how we process your personal information, please let us know and we will investigate your
If you are not satisfied with our response, you have the right to make a complaint to the data
protection authority in the jurisdiction where you live or work, or in the place where you think an
issue in relation to your data has arisen. For European residents, the contact details of data
protection authorities in the European Economic Area can be found
As highlighted above, if you are personnel of an enterprise customer that uses Zip products or
otherwise have had your personal information collected via Zip products by or on behalf of our
customers, please note this Privacy Policy does not apply to such personal information. If you have
questions regarding your rights in relation to personal information that we process on behalf of an
enterprise customer, for example if you are an employee of such an enterprise customer, please
direct your questions to that enterprise customer.
Your choices
You also have the following choices with respect to your personal information.
Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions
in your browser settings. Many browsers accept cookies by default until you change your
settings. Please note that if you set your browser to disable cookies, the Service may not
work properly. For more information about cookies, including how to see what cookies
have been set on your browser and how to manage and delete them, visit
Advertising choices. You may be able to limit use of your information for interest-based
advertising by:
Browser settings. Blocking third-party cookies in your browser settings.
Privacy browsers/plug-ins. By using privacy browsers or ad-blocking browser
plug-ins that let you block tracking technologies.
Platform settings. Google and Facebook offer opt-out features that let you opt-
out of use of your information for interest-based advertising:
Ad industry tools. Opting out of interest-based ads from companies participating
in the following industry opt-out programs:
Network Advertising Initiative:
Digital Advertising Alliance:
AppChoices mobile app, available at, which will allow you to opt-
out of interest-based ads in mobile apps served by participating members
of the Digital Advertising Alliance.
Mobile settings. Using your mobile device settings to limit use of the advertising
ID associated with your mobile device for interest-based advertising purposes.
You will need to apply these opt-out settings on each device from which you wish to opt-out.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to
the online services that you visit. We currently do not respond to “Do Not Track” or similar
signals. To find out more about “Do Not Track,” please visit
Declining to provide information. We need to collect personal information to provide certain
services. If you do not provide the information we identify as required or mandatory, we may not
be able to provide those services.
Other sites and services
The Service may contain links to websites and other online services operated by third
parties. In addition, our content may be integrated into web pages or other online services that are
not associated with us. These links and integrations are not an endorsement of, or representation
that we are affiliated with, any third party. We do not control websites or online services operated
by third parties, and we are not responsible for their actions. We encourage you to read the privacy
policies of the other websites and mobile applications and online services you use.
We employ a number of technical, organizational, and physical safeguards designed to protect
the personal information we collect. However, security risk is inherent in all internet and
information technologies and we cannot guarantee the security of your personal information.
International data transfer
We are headquartered in the United States and may use service providers that operate in other
countries. Your personal information may be transferred to the United States or other locations
where privacy laws may not be as protective as those in your state, province, or country.
Additional disclosures for California residents
Zip has not sold personal information as defined under the California Consumer Privacy Act of 2018
in the preceding 12 months.
California law requires that we detail the categories of personal information that we disclose for
certain “business purposes,” such as to service providers that assist us with securing our services or
marketing our products, and to such other entities as described above in this Privacy Policy. We
disclose the following categories of personal information for our business purposes:
Commercial information;
Internet activity information;
Financial information;
Professional and employment-related information;
Education information; and
Inferences drawn from any of the above information categories.
If you are an authorized agent wishing to exercise rights on behalf of a California resident, please
contact us using the information in the “How to contact us” section below and provide us with a
copy of the consumer’s written authorization designating you as their agent.
The Service is not intended for use by children under 16 years of age. If we learn that we have
collected personal information through the Service from a child under 16 without the consent of the
child’s parent or guardian as required by law, we will delete it.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this
Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the
Service. If required by law we will also provide notification of changes in another way that we
believe is reasonably likely to reach you, such as via email or another manner through the Service.
Any modifications to this Privacy Policy will be effective upon our posting the modified version (or
as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective
date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.
How to contact us
Email: [email protected]
Mail: 33 New Montgomery St, Suite 1420, San Francisco, CA 94105
Last updated: February 23, 2022