Zipyra Logo

Privacy Policy for Zipyra.com

Effective Date: July 23, 2025

Spark of Madness LLC (referred to as “we”, “us” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit zipyra.com (the “Site”) or use our services. It also outlines your rights under applicable privacy laws (EU, UK, US, etc.) and how you can exercise those rights.

By using our Site, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Site. If you have any questions or concerns about this policy or your data, you can contact us at hello@zipyra.com.

1. Who We Are

Spark of Madness LLC is the company operating Zipyra.com. For the purposes of data protection laws, Spark of Madness LLC (registered in Hungary at Bocskai utca 28, 5630 Békés, Hungary) is the “data controller” of your personal data collected on the Site. This means we determine how and why personal data is processed. If you are located in the European Economic Area (EEA) or United Kingdom (UK), this also means we are responsible for ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR) and relevant UK laws.

2. Information We Collect

We aim to collect and process only the minimum personal information necessary to operate our website and provide our services (“Personal Data”). The types of data we may collect fall into two categories: (A) information you provide to us, and (B) information collected automatically. We do not require user registration or payment information at this time, so our data collection is limited primarily to usage data and contact inquiries.

A. Information You Provide to Us

You may choose to provide certain Personal Data to us when interacting with our Site:

  • Contact Form Data: If you fill out the contact form on our Site (for example, to inquire about our services or the “Zipfluencer” program), we will collect the information you submit. This typically includes your name, email address, and any message content or additional details you choose to provide. We require a name and email to respond to your inquiry. Please do not submit sensitive personal information in free-text fields.
  • Communications: If you contact us via email, social media, or other means, we will collect the information in those communications (such as your contact information and any other information you voluntarily provide). We will use this data to correspond with you and address your questions or requests.

B. Information Collected Automatically

When you visit Zipyra.com, certain data is collected automatically about your device and usage of our Site. This information may be considered personal data under some laws (for example, IP addresses can be personal data under the GDPR). The automatically collected data includes:

  • IP Address: We may log your device’s IP address when you visit the Site. The IP address is a unique number assigned to your device when it connects to the internet. We use IP addresses for purposes such as diagnosing server issues, managing the Site, and gathering broad geographic information (e.g., country or city level location) to understand our user base. Importantly, our analytics tools (described below) may anonymize or not store full IP addresses to protect your privacy. For instance, Google Analytics 4, which we use, does not log or store individual IP addresses of visitors, using the IP only momentarily to derive approximate location (e.g., city, region) before discarding it.
  • Device and Browser Information: We collect technical information about your device and Browse actions. This may include details like your browser type and version, operating system, device type (e.g., mobile or desktop), screen resolution, preferred language, and the date/time of your visit. This information helps us ensure the Site is optimized for different devices and improve user experience.
  • Usage Data: We gather information about how you navigate and interact with our Site. This includes the pages or content you view, the time spent on pages, links clicked, the page that referred you to our Site (referrer URL), and similar usage metrics. This data is collected in aggregate to analyze trends and performance of our Site. We do not use this information to identify you as an individual; it is used to understand overall engagement with our Site.
  • Cookies and Similar Technologies: Our Site uses cookies and similar tracking technologies (such as web beacons or pixels) to collect some of the above information. Cookies are small text files placed on your device to store preferences and record information about your visit. For example, cookies might be used to remember your language preference or to distinguish unique users for analytics purposes. We only use cookies that are necessary for our Site’s functionality and analytics/measurement; we do not use cookies for invasive tracking or advertising without your consent. Specifically:
    • Essential Cookies: Some cookies are necessary for the Site to function and cannot be switched off (for example, to enable page navigation or basic features). These cookies do not collect personal data.
    • Analytics Cookies: We use analytics tools (Google Analytics and Vercel Analytics) which may set cookies or use similar identifiers to collect usage data about our website. These analytics cookies gather information in an aggregated form to help us understand how the website is used and improve it. (See Section 4 on Analytics for more detail.)
    • Advertising/Tracking Cookies: We may use a Facebook Pixel or similar social media tracking tools for retargeting and advertising purposes (see Section 4 on Advertising). These tools use cookies or pixels to collect data about your activities on our Site and potentially correlate it with your profiles on those platforms, in order to show you relevant ads on those platforms. Such cookies will only be set if you have provided consent where required by law (e.g., in the EU/UK via a cookie consent banner).
  • You can control or delete cookies through your browser settings at any time. However, please note that disabling certain cookies (especially essential ones) may affect the functionality of our Site. For more details, see Section 8 (“Your Choices – Managing Cookies”).

3. How We Use Your Information

We use the collected information for the following purposes, and we always strive to do so in accordance with applicable data protection laws (GDPR, UK data protection law, CCPA/CPRA, etc.). We do not sell your personal data to third parties. We only use it as necessary to provide our services and operate/improve our Site, or as otherwise described in this Privacy Policy. The main purposes for which we process personal data are:

  • To Provide and Operate the Site: We process technical and usage data to present our Site to you and ensure it functions correctly on your device. This includes using your IP address and device information to load the site and adapt content (e.g., responsive design for mobile). It also includes ensuring security (for example, using IP addresses to detect and mitigate malicious activity or abuse of our services).
  • To Respond to Inquiries and Provide Customer Support: If you contact us via the contact form or email, we use your provided name, email, and message to respond to you. We will use this information to answer questions about our services, provide requested information, or assist you as needed. For example, if you inquire about our business solutions or the Zipfluencer service, we will use your contact data to communicate with you and follow up on your request. We consider this processing necessary to fulfill your request or to take steps at your request prior to potentially entering into a contract (inquiry about our services).
  • To Conduct Analytics and Improve Our Services: We use analytics data (which is mostly aggregated and does not directly identify you) to understand how our users interact with the Site. This helps us analyze what content is most popular, how users navigate the site, where they come from, and how long they stay. These insights are used to improve site content, design, and performance. For example, knowing which pages are frequently visited or how users find our Site (via search engines, referrals, etc.) helps us enhance our offerings. We use third-party analytics tools (Google Analytics 4 and Vercel Analytics) for this purpose, as described in Section 4 below. Our use of analytics in the EU/UK is based on user consent where required (via our cookie notice), or otherwise on our legitimate interest in understanding and improving user experience (to the extent such interest is not overridden by users’ privacy rights).
  • For Advertising and Marketing (with Consent): We may use certain data to conduct marketing, such as measuring the effectiveness of ads or reaching out to potential customers. For instance, if we use the Facebook/Meta Pixel on our Site, it will collect data about your visit (like which pages you viewed or actions taken) which can help us show you tailored advertisements on Facebook or Instagram. This is a form of retargeting — for example, if you visited our page about Zipfluencer, you might later see an ad on Facebook related to our influencer service. These activities, when involving cookies or tracking, are done only with your consent in jurisdictions that require it (e.g., GDPR). You can opt out of targeted advertising as described in Section 8 (“Your Choices”). If you have signed up to receive email updates or newsletters (currently, we do not offer a newsletter, but if we did in the future), we would use your provided contact info to send you such communications, and you would have the ability to opt out at any time.
  • To Comply with Legal Obligations: We may need to process and retain certain data to comply with our legal obligations. For example, if there are any legal claims, disputes, or requests from law enforcement, we may preserve data (like server logs) as required by law. We may also use your data to enforce our Terms of Service or to protect our rights, privacy, safety, or property, and/or that of you or others.
  • Other Operational Purposes: We will use information in other ways necessary to run our business and site, such as for backup and disaster recovery purposes, detecting and preventing fraud or technical issues, or in connection with a business transaction (e.g., if we ever undergo a merger, acquisition, or asset sale, personal data might be part of the transferred assets, subject to the same protections outlined here).

We do not use automated decision-making or profiling that has legal or similarly significant effects on you. Any profiling (such as analyzing Site usage or ad interactions) is done in aggregate or in a manner that does not produce decisions affecting individual rights.

4. Third-Party Services and Data Sharing

We share personal data with third parties only in limited circumstances, mainly to help us operate the Site and provide our services (service providers), or for analytics and advertising as described. We do not sell or rent your personal data to third-party companies for their independent marketing purposes. Any third parties that process data on our behalf are bound by data processing agreements and only use the data as we instruct, consistent with this policy. The key categories of third parties we work with include:

A. Service Providers (Processors)

We use trusted third-party companies to host our website, store data, and enable various features. These providers may process or store your personal data on our behalf for the following purposes:

  • Website Hosting and Backend Infrastructure: The Zipyra.com website is hosted by Vercel, Inc. (a US-based company). When you visit our Site, your requests (page visits, asset loading, etc.) are routed through Vercel’s servers. As a result, Vercel will process your IP address and possibly other technical data as part of web server logs and analytics. Vercel maintains high standards of security and compliance (including SOC 2 and ISO certifications) and supports GDPR compliance. We have a Data Processing Agreement (DPA) with Vercel to ensure your data is protected. Vercel also provides us with Vercel Web Analytics, which we use to gather anonymized usage statistics. According to Vercel, their analytics script collects anonymous aggregate data (such as page views, referrer, device info) without using cookies or collecting personal data. This means Vercel Analytics helps us track overall website trends without tracking individual users or storing identifiable information.
  • Database and Storage (Firebase by Google): We use Google Firebase, a cloud database and backend service provided by Google LLC, to store and manage certain data (for example, data submitted via contact forms might be stored in a Firebase database). Firebase is part of Google’s cloud platform; as such, Google acts as a data processor for us under GDPR, handling data on our behalf. Google has strict security measures in place and is certified under major privacy frameworks such as ISO 27001 and SOC 2. Firebase (and Google Cloud) also adheres to the EU-U.S. Data Privacy Framework for data transfers, as described later in this policy. We rely on Google’s safeguards and contractual clauses to protect any personal data stored in Firebase. The data you submit (e.g., your name, email, and message from the contact form) may be stored on Firebase servers. Google will not use this data for any purpose other than providing the Firebase services to us, as per their terms.
  • Email and Communications: If applicable, we may use third-party email service providers to send out responses or notifications. (For instance, if you receive an email from hello@zipyra.com, it might be sent via an email service or our hosting provider’s mail servers.) These providers would process your email address and any content needed to deliver the message. We ensure any such provider has appropriate privacy and security commitments. (Note: Currently, we use standard email services; we do not run mailing lists or marketing email campaigns. If this changes, we will update this policy.)

B. Analytics Services

As mentioned, we utilize third-party analytics services to understand our website traffic. The two analytics tools currently in use are:

  • Google Analytics 4: We use Google Analytics 4 (“GA4”), an analytics service provided by Google LLC. GA4 helps us analyze how visitors use our Site. It uses cookies and similar technologies to collect data such as your device identifiers, IP address (which GA4 does not store, as noted), and information on your Site usage (pages visited, actions taken, time spent, etc.). Google Analytics processes this information to provide us reports and insights. We have configured Google Analytics with privacy in mind: for example, GA4 by design does not log or store individual IP addresses, and for visitors from the EU, IP lookup is done on EU-based servers before anonymization. We do not enable more intrusive features of Google Analytics (like Advertising Features or User-ID tracking) without proper consent. Google Analytics data is aggregated and does not identify you by name or email. However, because Google may process analytics data on servers in the United States or other countries, it can be considered a data transfer (see Section 6 on International Transfers). Google is obligated to protect this data under its privacy commitments to us and we have accepted the Google Data Processing Terms. You can learn more about how Google handles data in Analytics in Google’s own privacy policy and documentation. If you wish, you can opt out of Google Analytics tracking by using a browser plugin (Google provides a GA opt-out add-on) or by adjusting your cookie preferences (where applicable).
  • Vercel Web Analytics: As described above, our hosting platform Vercel provides an analytics feature which we utilize. Vercel Analytics does not use cookies and does not collect personal data (such as names or emails). It captures aggregate metrics like page views, popular pages, referring sites, visitor device types, geographic distribution, and visit duration. The purpose is to gain statistical insight into website performance (for example, which pages are most visited, or what percentage of visitors use mobile devices) without profiling individual users. All data collected by Vercel Analytics remains anonymous and is presented to us in summary form. This helps protect your privacy while still allowing us to improve our site. If you have set your browser to send a “Do Not Track” signal, Vercel Analytics will still function since it does not track individuals across sites – it is purely on our site and aggregate.

C. Advertising and Marketing Partners

We currently target our services mainly to businesses (B2B). However, we do engage in some marketing efforts that might involve personal data, particularly through online advertising platforms. Specifically:

  • Facebook/Meta Pixel: We may use the Meta (Facebook) Pixel on our Site. This is a piece of code from Meta Platforms, Inc. (Facebook) that allows us to understand the effectiveness of our Facebook/Instagram advertisements and to reach audiences on those platforms who have visited our Site. The Facebook Pixel tracks certain actions you take on our Site (for example, visiting a certain page or clicking a button) and reports this to Facebook, linking it to your Facebook user ID if you are logged in to Facebook. This helps us and Facebook to show you tailored ads related to our services when you are on Facebook or Instagram. For example, if you visited our Zipfluencer page, you might later see a Zipyra ad on Facebook. The information collected through the Pixel may include your IP address, browser information, a unique identifier (Facebook cookie ID), and the specific actions you took on our Site. We use the Pixel in compliance with applicable laws – meaning we will obtain your consent before using it if you are in a jurisdiction (like the EU/UK) that requires prior consent for tracking cookies. You can also opt out of Facebook’s use of cookies and Pixel tracking through your Facebook account ad settings or through tools described in Section 8. We want to emphasize that no personal data like your name or email is shared with Facebook via the Pixel; Facebook matches Pixel data to your user account on their side, and provides us only aggregated analytics (e.g., how many users took a certain action) and advertising audiences. For more information on how Facebook handles data collected via the Pixel, see Facebook’s Data Policy.
  • Other Advertising Partners: Aside from Facebook, we currently do not directly integrate other advertising network trackers (such as Google Ads remarketing tags, etc.) on our Site. If in the future we do so (for example, Google Ads Conversion Tracking or LinkedIn Insight Tag), we will update this policy accordingly and ensure any necessary consents are obtained. Any such partners would similarly receive only limited data for the purpose of tracking our ad performance. We do not share your contact information with third-party advertisers without your explicit consent.

D. Other Third-Party Disclosures

We may also disclose your information in a few other circumstances:

  • Legal Requirements: If we are under a duty to disclose or share your information to comply with a legal obligation, valid subpoena/court order, or governmental request, we will do so. We will also disclose data if needed to enforce our terms, or protect the rights, property, or safety of Spark of Madness LLC, our customers, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction (though we currently handle no credit data).
  • Business Transfers: If Spark of Madness LLC or Zipyra.com is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your data may be transferred as part of that transaction. Should such an event occur, we would require that the new owner or combined entity follow this Privacy Policy with respect to your personal data (unless you’re notified otherwise). You would be informed of any ownership change or data transfer that could materially affect your privacy, so you can exercise your rights if desired.
  • With Your Consent: In cases where you have explicitly consented to some form of data sharing or disclosure, we may share your information accordingly. For instance, if you agree to let us post a testimonial on our Site with your name, or if you instruct us to share your information with a business partner, we will do so with your consent.

5. Legal Bases for Processing (EU/UK Users)

If you are an individual in the European Union, European Economic Area, or United Kingdom, we must have a valid “legal basis” under GDPR/UK GDPR for each use of your personal data. We generally rely on the following legal bases:

  • Performance of a Contract or Pre-Contractual Steps: When we respond to your inquiries or provide services you requested (e.g., replying to a contact form submission, or providing a quote), we process your personal data as necessary to fulfill our contract with you or to take steps at your request prior to entering into a contract.
  • Legitimate Interests: We process certain data for our legitimate business interests, in a manner that does not override your privacy rights. Our legitimate interests include: operating and securing our website, understanding and improving how users interact with our site (analytics), and marketing our services to interested business customers. For instance, analyzing Site traffic to improve content is a legitimate interest. When relying on this basis, we consider the potential impact on you and will not use your data for activities where our interests are outweighed by the risk to your rights. You have the right to object to processing based on legitimate interests (see Section 7 on your rights).
  • Consent: We will rely on your consent in certain cases, particularly for optional uses of data such as dropping non-essential cookies (analytics/advertising cookies) and using the Facebook Pixel for advertising targeting. Where we rely on consent, you have the right to withdraw it at any time. For example, if you consent via our cookie banner to analytics cookies, you can later withdraw that consent by adjusting your cookie settings (see Section 8). Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. Additionally, if in the future we send marketing emails, we would only do so with your consent or as otherwise permitted by law, and provide an unsubscribe option.
  • Legal Obligation: In some situations, we may need to process your data to comply with a legal obligation (e.g., retaining certain records for tax or accounting laws, or responding to lawful requests by public authorities). When this applies, it serves as our legal basis for that specific processing.

We will clarify the legal basis when required and ensure transparency with you. If you have questions about the specific basis for a particular processing activity, you can contact us for more information.

6. International Data Transfers

We are based in Hungary (within the European Union), but we use services and tools that may process your data in other countries, including the United States. Whenever your personal data is transferred outside of the EU/EEA or UK, we take steps to ensure it remains protected according to GDPR standards. This includes:

  • Standard Contractual Clauses (SCCs): We have entered into Data Processing Agreements that incorporate the European Commission’s Standard Contractual Clauses (and UK International Data Transfer Addendum, where applicable) with our service providers like Google (for Firebase and Analytics), Vercel, and Meta (Facebook). These clauses contractually require those parties to protect EU/UK personal data to EU GDPR standards when it is transferred to the US or another country lacking an EU adequacy decision.
  • EU-U.S. Data Privacy Framework (DPF): Some of our U.S.-based partners (such as Google) are certified under the new EU-U.S. Data Privacy Framework. For example, Google LLC has certified its compliance with the DPF principles for transfers of personal information from the EU/UK. This means that data transferred to Google in the U.S. is protected under this framework, which is recognized by the EU as providing adequate protection for personal data as of 2023. Similarly, if Meta (Facebook) and Vercel are certified under the DPF or other frameworks, those would apply. We keep updated on our providers’ certification status. (Note: As of the effective date of this policy, Google is DPF-certified, which adds an extra layer of assurance for EU data handled by Google.)
  • Appropriate Safeguards: In all cases, we only transfer data to third countries when appropriate safeguards are in place. Our providers also implement security measures (encryption, access controls, etc.) to further protect data in transit and at rest. If an EU or UK authority determined in the future that these safeguards are insufficient, we will cease or adjust the transfers and take additional measures as needed (for example, additional encryption or obtaining explicit consent from users for the transfer).

By using our Site or submitting information to us, you understand that your personal data may be transferred to and processed in countries outside your own. If you are in the EU/UK, this means your data might be processed in the United States. However, we assure you that we take your privacy seriously and have put in place mechanisms to protect your information in line with this Privacy Policy and applicable law.

7. Your Rights and Choices

You have certain rights regarding your personal data, depending on your jurisdiction. We are committed to honoring these rights. Below we outline the rights of individuals in various regions and how you can exercise them:

A. Rights of EU/EEA and UK Data Subjects (GDPR Rights)

If you are in the European Union, European Economic Area, or United Kingdom, you have the following data protection rights under GDPR/UK law:

  • Right of Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the data we hold about you, along with information on what we use it for, who we share it with, how long we store it, etc. This is commonly known as a “Data Subject Access Request.”
  • Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct or update it. We encourage you to contact us if you ever notice any inaccuracies in your information.
  • Right to Erasure: You can request that we delete the personal data we hold about you in certain circumstances – for example, if the data is no longer necessary for the purposes it was collected for, if you have withdrawn your consent and no other legal basis exists, or if you believe we have processed your data unlawfully. This is sometimes called the “right to be forgotten.” Please note this right is not absolute – sometimes we may have legal grounds to retain data (e.g., for legal compliance), but we will inform you if that is the case.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your data in certain situations. For instance, if you contest the accuracy of your data, you can request restriction while we verify the data’s accuracy; or if you object to our processing based on legitimate interests, you can request restriction pending our assessment of overriding interests. When processing is restricted, we will still store your data, but not use it for other purposes without your consent (except for storage or legal claims).
  • Right to Data Portability: For data you provided to us and which we process by automated means on the basis of your consent or to fulfill a contract, you have the right to request a copy of that data in a structured, commonly used, machine-readable format (for example, CSV or JSON file), and you have the right to transmit that data to another controller where technically feasible. In other words, you can ask us to help port your data to another service provider. (This likely applies mainly if you had an account or provided substantial data to us; with our current limited data collection, it may not be very applicable, but the right remains.)
  • Right to Object: You have the right to object to our processing of your personal data when that processing is based on legitimate interests (including profiling based on those interests). If you object, we must stop such processing unless we have compelling legitimate grounds that override your interests, rights, and freedoms, or unless it is needed for legal claims. You also have the right to object at any time to processing of your data for direct marketing purposes. If you object to marketing (for example, profiling related to direct marketing), we will cease processing your data for those purposes immediately. In practice, you can always opt out of marketing emails or targeted advertising as noted in Section 8.
  • Right to Withdraw Consent: If we rely on your consent for any processing (such as for analytics or marketing cookies), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing that was done based on consent before its withdrawal. You can withdraw consent by contacting us or by using any provided opt-out mechanisms (for instance, toggling off certain cookies via our cookie banner or preferences center).
  • Right to Lodge a Complaint: If you believe we have infringed your data protection rights or processed your data unlawfully, you have the right to file a complaint with a Data Protection Authority (DPA) in the country where you live or work, or where the alleged infringement occurred. For example, in Hungary (where we are based), the supervisory authority is the Hungarian National Authority for Data Protection and Freedom of Information (NAIH). In the UK, it is the Information Commissioner’s Office (ICO). We would appreciate the chance to address your concerns first by contacting us, but you have the right to go directly to the authorities as well.

How to Exercise These Rights: You can exercise any of your rights above by contacting us at hello@zipyra.com. Please clearly state what right you wish to exercise and provide relevant details to help us process your request (for example, the email address you used in a contact form so we can locate your data). We may need to verify your identity before fulfilling certain requests (to ensure we don’t disclose data to the wrong person). We will respond to your request within one month (30 days) as required by GDPR, or let you know if we need an extension or more information. There is generally no fee for exercising your rights, but if a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse it (permitted by law, but we would explain why).

B. California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you are protected by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). While Spark of Madness LLC (Zipyra) is not based in California, and we likely do not meet the thresholds that mandate compliance (e.g., we do not sell personal data and we handle relatively limited data), we still strive to honor the spirit of these laws for California users. Under CCPA/CPRA, California residents have rights similar to those listed for GDPR above, including:

  • Right to Know: You can request that we disclose what personal information we have collected about you in the past 12 months, including the categories of information, the sources of that information, the business purpose for collection, the categories of third parties with whom we shared it, and specific pieces of information we hold about you. This is similar to an access request.
  • Right to Delete: You can request that we delete personal information we have collected from you (with certain exceptions, such as if we need to keep it for legal reasons or internal business purposes allowed by law).
  • Right to Correct: Under CPRA, you can request correction of inaccurate personal information we hold about you.
  • Right to Opt-Out of Sale/Sharing: CCPA gives you the right to opt out of the “sale” of your personal information. Important: We do not sell personal information to third parties for monetary consideration. We also do not “share” personal information for cross-context behavioral advertising except via the use of the Facebook Pixel and similar tools, which could be considered “sharing” under CPRA’s broad definition. If you wish to opt out of such sharing (targeted advertising), you can do so by rejecting advertising cookies on our site or by using browser privacy signals (like the Global Privacy Control, GPC). We will honor such signals in a good-faith attempt to comply (treating them as opt-out of sale/sharing requests).
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. That means we won’t deny you services, charge you a different price, or provide a different level of service just because you exercised your privacy rights.

If you are a California resident and would like to exercise any of these rights, please contact us at hello@zipyra.com with the subject line “CCPA Request” and detail your request. We may need to verify your California residency and identity before processing certain requests. If you have an authorized agent making the request on your behalf, we will need proof of their authorization.

Disclosure of Categories (for CCPA): For transparency, in the last 12 months, we have collected the following categories of personal information (as defined by CCPA) from California consumers: identifiers (like name, email, IP address), internet or electronic activity information (Browse on our Site), and possibly geolocation (general location from IP). We collect these from you (the user) or automatically via cookies, and use them for the business purposes outlined in this Policy (which align with the CCPA-defined business purposes, such as providing services, analytics, security, debugging, advertising, etc.). We have disclosed some information to service providers (as detailed in Section 4) for our operational business purposes, but have not sold personal information for monetary gain. We have “shared” some identifiers and internet activity data with advertising partners (Facebook) for the purpose of targeted advertising, but only with consent where required.

C. Other U.S. State Privacy Laws

Other states (like Virginia, Colorado, Connecticut, Utah, etc.) have passed privacy laws providing similar rights (access, deletion, opt-out of certain processing, etc.). If you are a resident of one of these states, you may contact us to exercise your rights under those laws. We will treat such requests in accordance with the applicable state law. Generally, our practices of allowing access, deletion, and no selling of data mean we align well with these requirements.

D. Your Choices – Managing Cookies and Tracking

As a user, you have choices about how certain data is collected and used:

  • Cookie Controls: When you first visit our Site, you may be presented with a cookie consent banner (if required by law). You can choose to accept or reject non-essential cookies. Even after consent, you can change your preferences by clearing cookies or using a provided privacy settings link (if available on our Site). Through your browser settings, you can also block or delete cookies. Most browsers allow you to refuse new cookies or have notifications when you receive a new cookie. Please refer to your browser’s help documentation for instructions. Keep in mind, rejecting all cookies might make some websites (possibly ours) function sub-optimally, but you will still be able to read content on zipyra.com even if analytics cookies are blocked.
  • Google Analytics Opt-Out: If you want to completely prevent Google Analytics from collecting data from your browser, Google provides an Opt-Out Browser Add-on that you can install. This instructs GA’s script not to send your visit information. We also respect the “Do Not Track” setting: although GA and Vercel Analytics might still collect data if DNT is enabled, we interpret DNT as a signal to minimize tracking – note that Vercel’s analytics is already anonymous by design.
  • Facebook/Meta Opt-Out: If we are using the Facebook Pixel and you prefer not to be tracked for targeted ads, you have a few options. You can use the cookie controls to decline the Pixel (if you decline marketing cookies, the Pixel will not fire). You can also adjust your Facebook ad preferences (in your Facebook account settings) to control how your data is used for ads, or use the YourAdChoices opt-out websites (like the DAA’s opt-out or NAI opt-out) to opt out of interest-based advertising from participating companies. Additionally, browsers or extensions that support sending the Global Privacy Control (GPC) signal can communicate an opt-out preference for “sale/sharing” of data under CPRA – we will treat a received GPC signal as an opt-out of cookie-based tracking for advertising on our Site, and endeavor to disable the Pixel for that session.
  • Email Communications: As noted, we do not currently send mass marketing emails. But if you ever receive an email communication from us that you no longer wish to get, just reply requesting to unsubscribe or let us know, and we will remove you from the mailing. (For example, if in the future you sign up for a newsletter and then change your mind, you will be able to unsubscribe easily via a link in the email or by contacting us.)
  • Declining to Provide Data: You always have the option not to provide personal information. If you choose not to fill in the contact form or not to provide an email, you simply won’t receive a response from us. That is entirely your choice. The Site can be largely used without actively giving us personal data (aside from what is collected automatically). However, please understand that if you decline certain data collections (like all cookies or contact info), some features (like analytics insights for us, or our ability to contact you back) may be limited.

We will do our best to facilitate your choices and ensure you still have a good experience on our Site. If you have any trouble managing your privacy preferences, reach out to us at hello@zipyra.com and we will assist.

8. Data Security

We take data security seriously and implement reasonable and appropriate measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Our Site is served over HTTPS, which means data transmitted between your browser and our servers (or our providers’ servers) is encrypted in transit using TLS/SSL. This helps prevent eavesdropping on the content of your visits or submissions. We also rely on our service providers (Google, Vercel) who encrypt data at rest and in transit within their systems.
  • Access Controls: Personal data is accessible only to those in our organization or trusted contractors who need to process it for the purposes described (for example, our team member handling customer inquiries will access contact form submissions). Access to any administrative interfaces or databases is protected by authentication and, where possible, multi-factor authentication. We limit access privileges following the principle of least privilege.
  • Monitoring and Testing: We keep our software and website platform updated to protect against security vulnerabilities. Our hosting provider Vercel and other services apply security patches and monitor for intrusion attempts. We also monitor for any suspicious activity on our Site.
  • Organizational Policies: We ensure that anyone who handles personal data on our behalf is trained in confidentiality and data protection principles. We have policies in place to prevent unauthorized people from viewing or handling user data.
  • Data Minimization: We only collect data that we truly need. By limiting the scope of data collected (as described in Section 2), we reduce the risk exposure. For instance, because we don’t handle payment data or extensive personal details, certain security concerns are mitigated.
  • Anonymization/Pseudonymization: Where feasible, we anonymize data (like using aggregated analytics, or truncating IP addresses) or pseudonymize it, to lessen the chance that any data could be linked back to an individual without additional information.

Despite our efforts, it’s important to note that no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. However, we will promptly notify you and the relevant authorities of any data breach that we become aware of, as required by law. We also encourage you to take precautions on your side, such as using unique and strong passwords for your accounts (even though our site doesn’t require login, this is a general good practice) and not sharing sensitive information in channels that are not secure.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which we collected it, including for satisfying any legal, accounting, or reporting requirements. After that period, we will delete or anonymize the data, or if that’s not possible (for example, if data has been stored in backup archives), we will securely store and isolate it from further use until deletion is possible. Here are some specific retention practices:

  • Contact Form Submissions: If you submit a contact/inquiry form or email us, we will retain that correspondence and the personal data within it (name, email, message) for as long as necessary to address your inquiry and any follow-up. Typically, we might keep inquiry emails for a certain period (e.g., 1-2 years) in case you reach out again or we need reference to the prior communication. If such inquiries lead to a business relationship, data might be kept as part of our client records. If not, and once it’s clear no further follow-up is needed, we may delete the correspondence. You can request deletion of an inquiry at any time, and we will remove it unless we have a compelling reason not to (e.g., a legal need to retain it).
  • Analytics Data: Analytics information in Google Analytics is retained according to our settings in Google Analytics. We currently use GA4, which can retain aggregated data indefinitely but personal event data for a user is only retained for a limited period (e.g., 14 months by default, unless configured otherwise). However, since GA4 does not store personal identifiers like IP, the data is largely non-personal after collection. We regard analytics data as statistical. Vercel Analytics data is stored by us in aggregate form and may be kept for trend analysis over time. Because it’s not personal data, retention length is not a legal concern; we typically would look at roughly the last 12-24 months of analytics for year-over-year comparisons.
  • Server Logs: Our web servers (via Vercel) may automatically log requests, which could include IP addresses, timestamps, and requested URLs. These logs are generally kept for a short period by our hosting provider for debugging and security (often 30 days, but this is managed by Vercel). We do not separately archive those unless needed for investigation of security incidents.
  • Advertising Data: Data collected via the Facebook Pixel on our site is subject to Facebook’s retention policies. Typically, website custom audience data on Facebook (used for retargeting) is retained for a certain window (e.g., 180 days) before expiring. We do not receive personal data from Facebook about these events, just aggregated metrics. Any internal data we might derive (like the fact that a certain number of users visited a page) can be kept for as long as it’s useful, but it doesn’t identify individuals.
  • Legal Retention: If any personal data is required to be kept for legal reasons (such as transaction records, though we have none at the moment), we will keep that data for the duration required by law (for example, some laws require keeping contracts or invoices for a number of years). Also, if we are involved in a legal dispute or investigation, we may retain relevant information until it is resolved.

Once the retention period is over, we will ensure the data is either securely deleted or anonymized (so that it can no longer be associated with you). For example, deletion involves removing data from our active databases and from our service providers (by requesting deletion through their tools or APIs), and from any readily accessible backups. Note that backups might have some residual data for a short time until they are rotated out; we have policies to ensure that data is fully expunged from backups within a reasonable period, or that it remains protected until deletion.

If you would like us to delete your personal information sooner, you can request that (as outlined in Section 7), and we will do so as long as we have no legal obligation or overriding interest in keeping it.

10. Children’s Privacy

Protecting the privacy of young children is especially important. Our Site and services are not directed to children under the age of 13. We do not knowingly collect personal information from anyone under 13 years of age. If you are under 13, please do not use the Site or send any personal data to us (even if our site has content like Zipfluencer that might appeal to younger audiences, you must be at least 13 to contact us, and ideally 18 or older to engage in business with us). If you are between 13 and 18 (or the age of majority in your jurisdiction), you should only use our Site and provide personal data with the permission of a parent or guardian.

In the event that we learn that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you believe we might have any information from or about a child under 13, please contact us at hello@zipyra.com so that we can promptly investigate and address the issue.

For parents and guardians: if you have any concerns about your child’s personal data in connection with our Site, please reach out to us. We encourage parents to supervise their children’s online activities and educate them about safe practices. While our Zipfluencer service could potentially be used by younger content creators, any formal engagement would require appropriate consent and compliance with youth privacy laws (such as COPPA in the United States and GDPR provisions for children in the EU). We reiterate that our primary audience is business professionals and adult influencers/content creators; any features targeting minors (if ever introduced) will be accompanied by specific safeguards and parental consent mechanisms.

11. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the “Effective Date” at the top of the policy. If the changes are significant, we may also provide a more prominent notice (such as on our homepage or via an email notification, if appropriate).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal data we collect. Your continued use of the Site after any modifications to this Policy will constitute your acknowledgment of the changes and consent to abide by the updated terms. If you do not agree with any updates or changes, you should stop using the Site and can request us to remove your data as described in Section 7.

12. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, or if you wish to exercise your rights regarding your personal data, please contact us:

Email: hello@zipyra.com

Postal Mail: Spark of Madness LLC, Attn: Privacy Officer, 1065 SW 8th St #2374, Miami, FL 33130, United States

Thank you for trusting Zipyra.com with your information. We are committed to keeping that trust by treating your data with care and transparency.