Privacy Policy

4.1 Service Providers and Business Partners

We share information with trusted third-party service providers who assist us in operating our platform and providing our Services. These service providers are contractually obligated to:

• Use your information only for the specific purposes we authorize
• Implement appropriate security measures to protect your data
• Comply with applicable privacy laws and regulations
• Delete or return data when no longer needed for the specified purposes

Categories of service providers:

• Cloud Hosting: Amazon Web Services (AWS), Google Cloud Platform, Microsoft Azure, or similar providers for infrastructure and data storage
• Payment Processing: Stripe, PayPal, or other payment processors for billing and transactions
• Analytics: Platform analytics tools for usage analysis and service improvement
• Customer Support: Support platforms for ticket management and customer service
• Email Services: Email service providers for transactional and marketing emails
• Security: Authentication, monitoring, and security services
• API and Integration Partners: Services that facilitate connections to advertising and e-commerce platforms

4.2 Third-Party Platform Integrations

When you connect third-party platforms (Meta Ads, Google Ads, Shopify, etc.) to our Services:

• We share authentication tokens and API credentials with those platforms to access your data
• Data flows between our platform and third-party platforms according to their respective APIs and policies
• You should review the privacy policies of those third-party platforms to understand how they handle your data

We do not control and are not responsible for the privacy practices of third-party platforms.

4.3 Legal Requirements and Law Enforcement

We may disclose your information when required by law or when we believe disclosure is necessary to:

• Comply with legal processes, court orders, subpoenas, or government requests
• Enforce our Terms of Service, Privacy Policy, or other agreements
• Protect the rights, property, or safety of Zaplane, our users, or the public
• Investigate and prevent fraud, security issues, or illegal activities
• Respond to claims of rights violations or harmful content
• Comply with regulatory obligations and audits

We will notify you of legal requests for your information unless:

• We are legally prohibited from doing so
• Notification would compromise an investigation or endanger safety
• The request involves emergency circumstances

4.4 Business Transfers and Corporate Transactions

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets:

• Your information may be transferred to the acquiring or successor entity
• The acquiring entity will be bound by the terms of this Privacy Policy unless you consent to a new privacy policy
• We will provide notice before your information is transferred and becomes subject to a different privacy policy
• You will have the right to delete your information before the transfer

4.5 With Your Consent

We may share your information with third parties when you explicitly consent to or request such sharing, including:

• Integrating with additional third-party tools or services you choose to connect
• Sharing data with business partners as part of collaborative features
• Participating in case studies or testimonials (only with explicit permission)

4.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

• Industry benchmarks and performance metrics
• Market trends and insights
• Research and analytics
• Product improvement and development

This anonymized data is not subject to the restrictions in this Privacy Policy as it does not identify you personally.

5.1 Technical Security Measures

5.2 Administrative Security Measures

5.3 Physical Security Measures

Data Center Security:

• Tier III or higher data centers with physical access controls
• 24/7 security personnel and surveillance
• Biometric access controls
• Environmental controls (fire suppression, climate control)
• Redundant power and network connectivity

5.4 Incident Response

In the event of a data breach or security incident:

• Detection and Response: We have incident response procedures to quickly detect, contain, and remediate security incidents
• Notification: We will notify affected users and relevant authorities as required by applicable laws (typically within 72 hours of discovery)
• Investigation: We conduct thorough investigations to determine cause, scope, and impact
• Remediation: We implement corrective measures to prevent future incidents
• Transparency: We communicate openly about incidents and our response

5.5 Important Security Disclaimers

No system is 100% secure. While we implement industry-leading security measures, we cannot guarantee absolute security. You acknowledge that:

• Internet transmission is inherently not completely secure
• Unauthorized access or security breaches may occur despite our efforts
• You are responsible for maintaining the security of your account credentials
• You should use strong, unique passwords and enable multi-factor authentication
• You should not share your account credentials with anyone

You are responsible for:

• Keeping your password secure and confidential
• Logging out after each session on shared devices
• Notifying us immediately of any unauthorized account access
• Using updated and secure devices and browsers

6.1 Access and Data Portability

Right to Access:

• Request confirmation of whether we process your personal information
• Obtain a copy of your personal information in our possession
• Receive information about how we use and share your data

Right to Data Portability:

• Receive your personal information in a structured, commonly used, machine-readable format (JSON, CSV)
• Transfer your data to another service provider

How to Exercise: Contact us at privacy@zaplane.io or use the data export feature in your account settings.

6.2 Rectification and Correction

Right to Correction:

• Request correction of inaccurate or incomplete personal information
• Update your account information and preferences

How to Exercise: You can update most information directly in your account settings or contact privacy@zaplane.io for assistance.

6.3 Erasure and Deletion

Right to Deletion ("Right to be Forgotten"):

• Request deletion of your personal information under certain circumstances
• Request removal of data that is no longer necessary for the purposes collected
• Withdraw consent for data processing based on consent

Limitations: We may retain certain information when required by law, necessary to resolve disputes, enforce agreements, or for legitimate business purposes (such as fraud prevention).

How to Exercise: See Section 10 below for our comprehensive data deletion process.

6.4 Restriction and Objection

Right to Restrict Processing:

• Request limitation of how we process your personal information in specific situations
• Object to processing based on legitimate interests

Right to Object:

• Object to processing of your personal information for direct marketing purposes
• Object to automated decision-making or profiling

How to Exercise: Contact privacy@zaplane.io with specific details about your objection or restriction request.

6.5 Withdraw Consent

If we process your information based on your consent:

• You have the right to withdraw consent at any time
• Withdrawal does not affect the lawfulness of processing before withdrawal
• We will inform you of consequences of withdrawal, if any

How to Exercise: Contact privacy@zaplane.io or adjust consent settings in your account preferences.

6.6 Marketing Communications Opt-Out

Email Marketing:

• Unsubscribe from promotional emails using the "unsubscribe" link in any marketing email
• Opt-out through your account notification settings
• Contact privacy@zaplane.io to opt-out

Important: You cannot opt-out of transactional emails necessary for the Services (e.g., password resets, billing notifications, critical account alerts).

6.7 Cookie Preferences

You can control cookies through:

• Your browser settings (block, delete, or manage cookies)
• Our cookie preference center (if available)
• Third-party opt-out mechanisms

See Section 12 for detailed cookie information.

6.8 Connected Platform Access

Revoke Platform Connections:

• Disconnect any third-party platform at any time through your account settings
• Revoke OAuth permissions directly in your platform account settings (Google, Meta, LinkedIn, etc.)
• Revoking access will stop data synchronization but will not automatically delete previously collected data (request deletion separately if desired)

6.9 Exercising Your Rights

How to Submit Requests:

• Email: privacy@zaplane.io
• Account Settings: Many rights can be exercised directly through your account dashboard
• Support Portal: Submit a privacy request through our support system

Response Timeline:

• We will respond to verified requests within 30 days (may extend to 60 days for complex requests with notification)
• We will verify your identity before processing requests to protect your information
• No fee for requests unless excessive or repetitive (we may charge reasonable administrative costs)

Verification Process:

To protect your privacy, we may require:

• Confirmation of email address associated with your account
• Additional identifying information to verify your identity
• Verification that you are authorized to make requests on behalf of another user (if applicable)

6.10 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to:

• Contact us directly at privacy@zaplane.io to resolve concerns
• Lodge a complaint with your local data protection authority or supervisory authority

EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en

California Privacy Rights: California Attorney General at https://oag.ca.gov/

7.1 Account Data

Active Accounts:

• Account information is retained while your account is active
• Connected platform data is retained for as long as platforms are connected
• Usage and activity logs are retained to provide ongoing services

Inactive Accounts:

• Accounts inactive for 24 months may be flagged for deletion
• We will notify you before deleting inactive accounts
• You can reactivate your account before deletion occurs

7.2 Retention Periods by Data Type

7.3 Legal and Regulatory Requirements

We may retain information beyond standard retention periods when:

• Required by applicable law, regulation, or legal obligation
• Necessary for litigation, investigations, or dispute resolution
• Required to comply with tax, accounting, or regulatory requirements
• Necessary to enforce our Terms of Service or protect our rights

7.4 Deletion After Retention Period

When retention periods expire:

• Data is permanently deleted from our active systems
• Backups containing expired data are deleted during normal backup cycles (within 90 days)
• Aggregated and anonymized data may be retained indefinitely for analytics

8.1 Legal Basis for International Transfers

For Users in the European Economic Area (EEA), UK, and Switzerland:

We transfer your personal data to the United States based on the following legal mechanisms:

8.2 Data Protection Standards

Regardless of where your data is processed:

• We apply the same high standards of data protection globally
• We comply with applicable data protection laws in the jurisdictions where we operate
• We implement technical and organizational measures to protect your data
• We conduct regular assessments of our data transfer mechanisms

8.3 Third-Party Service Providers

Our third-party service providers may be located in various countries. We ensure that:

• Service providers implement appropriate data protection measures
• Data Processing Agreements (DPAs) are in place with all processors
• Transfers comply with applicable data transfer mechanisms (SCCs, Privacy Shield alternatives, etc.)

8.3 Data Deletion Process and Timeline

8.4 Data Export Before Deletion

We strongly recommend exporting your data before requesting deletion. Once deletion is complete, data cannot be recovered.

To Request Data Export:

• Navigate to Settings → Privacy & Data → Export My Data
• Or email privacy@zaplane.io with subject line "Data Export Request"

Your export will include:

• Account profile and settings (JSON format)
• Connected platform information (excluding sensitive OAuth tokens)
• Campaign performance metrics and analytics (CSV format)
• Historical reports and dashboard configurations (JSON format)
• Custom settings and preferences
• Activity logs and usage data

Export Processing Time:

• Small accounts: 1-3 business days
• Large accounts: 5-7 business days
• You will receive a secure download link via email when ready
• Export files are available for 14 days after generation

8.5 Important Deletion Considerations

8.6 Canceling a Deletion Request

During the 30-day grace period, you can cancel your deletion request:

How to Cancel:

• Click the "Cancel Deletion" link in your confirmation email
• Email privacy@zaplane.io with subject line "Cancel Data Deletion"
• Log into your suspended account (if accessible) and click "Restore Account"

What Happens After Cancellation:

• Your account is immediately reactivated
• All data is restored to its previous state
• You must reactivate any canceled subscriptions separately
• Platform connections may need to be re-authorized

Important: After the 30-day period expires, cancellation is not possible and deletion proceeds automatically.

8.7 Alternative to Full Deletion

If you're unsure about permanent deletion, consider these alternatives:

Contact Us: Email privacy@zaplane.io to discuss alternatives to deletion.

10.1 What Are Cookies

Cookies are small text files stored on your device (computer, tablet, phone) when you visit websites. Cookies allow websites to remember your actions and preferences over time.

Types of Cookies We Use:

10.2 Why We Use Cookies

10.3 Specific Cookies We Use

10.4 Other Tracking Technologies

10.5 Managing Cookies and Your Choices

10.6 Impact of Disabling Cookies

If you disable cookies:

• Some features may not work properly
• You may need to re-enter login credentials on each visit
• Your preferences and settings may not be saved
• You may see less relevant content and advertisements

Essential cookies cannot be disabled without preventing access to our Services.

10.7 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. There is currently no industry standard for responding to DNT signals. Our platform does not respond to DNT signals at this time. We will update this policy if we adopt a DNT protocol in the future.

Our Policy:

• We do not knowingly solicit data from or market to children under 18
• Our Services are designed for business use by adults
• Users must be at least 18 years old to create an account
• We do not knowingly process personal information of minors

If We Learn of Children's Data:

• If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible
• If you believe a child has provided us with personal information, please contact us immediately at privacy@zaplane.io

Parental Rights:

Parents or guardians who believe their child has provided information to us may contact us to request access to and deletion of that information.

12.1 Your California Privacy Rights

12.2 Categories of Personal Information We Collect

Under CCPA, we collect the following categories:

12.3 How to Exercise California Rights

12.4 Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

13.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

13.2 Your GDPR Rights

All rights outlined in Section 6 apply, including:

• Right of access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision-making and profiling

13.3 Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer:

13.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

14.1 Notification of Changes

14.2 Your Choices After Changes

If you do not agree with updated Privacy Policy:

• You may terminate your account before changes take effect
• Continued use of Services after effective date constitutes acceptance
• We will treat your information according to the policy in effect at the time of collection unless you consent otherwise

15.1 Privacy Inquiries

15.2 Mailing Address

15.3 Support