ZPAYS INC — Privacy Policy

ZPAYS Privacy Policy

ZPAYS INC. and our affiliates (“ZPAYS”, “we”, or “us”) created this Privacy Policy because we know you care about how your information is used and shared. This Privacy Policy is designed to help you understand how we collect, use, process, and share information we collect via our website located at https://ZPAYS.io and other domain names offering or linking to the website (the “Site”), our services (including but not limited to Money Transmitting, Foreign Exchange, Payroll Services, Payable-Through-Accounts, Virtual Currency), and any corresponding mobile application (“App”). The Site, ZPAYS Platform, our services, and App are collectively the “Services.” There may be additional terms provided or additional information required when you access certain features.

1. Scope

This Privacy Policy applies to information processed by us, including in connection with our Services. For more information on how we process your nonpublic personal information as a financial institution, please see our Financial Information Privacy Notice at https://ZPAYS.io/privacy.

You do not need to provide personal information to access ZPAYS services and products (e.g., phone payments, phone orders, website, app, OTC requests); however, we may not be able to effectively serve you and certain portions of the Services may not be available if you choose not to share certain information. We collect personal information to facilitate the provision of the Services and to meet legal and specified purposes. Any information you provide that is not required is voluntary. We may be unable to open your account if requested information is not provided.

2. Personal Information We Collect

The categories of personal information we collect depend on how you interact with us, our Services, and applicable law. We collect information you provide directly, information we obtain automatically, and information from other sources.

A. Information You Provide to Us Directly

• Account Creation. We may collect identification information (name, DOB, gender, phone, email, government ID numbers, etc.), institutional information (for institutional clients), financial information (bank details, card numbers, routing number, transaction history, tax IDs), and Nonpublic Personal Information (NPI) as defined in this policy. We also collect transaction and employment information, and correspondence with our team.
• Public Posts. Information you post to message boards, chats, blogs, or similar Services may become public information.
• Wallet. To access some Services, you may provide information related to your digital asset wallet (“Wallet”). We do not host, custody, or take possession of your private key or wallet contents.
• Blockchain and Transfer-Related Information. We may collect details associated with transfers, names/emails of other users, preferences, wallet public addresses, and payment information related to fees.
• Your Communications with Us. Email, phone number, mailing address, newsletter sign-ups, support requests, job applications, etc.
• Sweepstakes/Contests, Events, Partnerships, Job Applications. Information provided in connection with these activities.

B. Information Collected Automatically

• Automatic Data Collection. IP address, user settings, device/browser info, location (incl. IP-derived), ISP, pages visited, links clicked, scroll activity, content interactions, frequency/duration of activities, etc.
• Cookies, Pixel Tags/Web Beacons, and Other Technologies. We and third parties may use these (“Technologies”) for operational necessity, performance, functionality, and advertising/targeting. We may also include web beacons in emails for engagement analytics.
• Analytics. We may use proprietary tools and third-party analytics (e.g., Google Analytics), KYC vendors, and banking partners as described in this policy.
• Social Media Platforms. Buttons/widgets (Twitter, Instagram, Facebook, LinkedIn) may collect certain data per their policies.

C. Information Collected from Other Sources

• Identity Verification Partners. We may obtain information for identity verification and AML compliance (e.g., name, address, public profiles, credit history, sanctions status).
• Other Sources. Third-party apps, app stores, login services, or social networking sites may provide information based on your privacy settings.

3. How We Use Your Information

A. Provide Our Services

• Manage information/accounts; provide access to features; support; communicate regarding accounts/activities/policy changes; process job applications; allow event registrations.

B. Administrative Purposes

• Legitimate interests (marketing, R&D, security, fraud prevention); detect/prosecute illegal activity; AML/due diligence; measure engagement; improve/enhance Services; develop new products; quality/safety; authenticate/verify identities; debug; audit; enforce agreements; comply with law.

C. Marketing and Advertising

We may tailor and provide content/ads as permitted by law (e.g., email campaigns, custom audiences). See “Your Privacy Choices and Rights.”

D. Other Purposes

• Consent. For clearly disclosed purposes at the time of collection.
• Blockchain Data. Analyze public blockchain data for policy/enforcement, research, and trends.
• De-identified/Aggregated Data. Create and use de-identified/aggregated information.
• Share Content with Friends/Colleagues. Referral tools/features (only share contact info of people you know).

4. How We Disclose Your Information

A. Disclosures to Provide our Services

• Collaborations and influencers;
• Service providers (IT, hosting, payments, customer service, messaging, professional/legal/accounting, etc.);
• Business partners (joint offerings);
• Affiliates (corporate family);
• Advertising partners (interest-based advertising);
• APIs/SDKs used within the Services.

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose information to comply with law enforcement/national security/legal process; protect rights/property/safety; enforce policies/contracts; collect amounts owed; or assist investigations.

C. Merger, Sale, or Other Asset Transfers

Personal information may be sold or transferred as part of transactions (merger, acquisition, financing, reorganization, bankruptcy, sale of assets, transition to another provider).

5. Your Privacy Choices and Rights

Your Privacy Choices

• Email/Telephone. Use unsubscribe links; you will still receive transactional emails and non-promotional notices (e.g., policy updates).
• Do Not Track. We do not respond to DNT signals.
• Cookies/Interest-Based Ads. Manage cookies via your browser/device; mobile app opt-outs via OS settings. See Network Advertising Initiative, Digital Advertising Alliance, EDAA, and DAA of Canada for additional choices. Opt-out per browser/device.

Your Privacy Rights (subject to applicable law)

• Access/Data Portability (access/copy/export or transmit in a structured, commonly used, machine-readable format).
• Correction of inaccurate/incomplete data.
• Deletion of personal information.
• Restriction/Object to processing.
• Withdraw Consent where applicable.

To exercise rights, see Contact Us. We will process requests per applicable laws.

6. Security Of Your Information

We take steps to protect your information, but no system is 100% secure. We maintain appropriate safeguards and require service providers to do the same. By using our Services or providing personal information, you agree we may communicate with you electronically about security, privacy, and administrative matters. If we learn of a breach, we may notify you via the Services, mail, or email.

ZPAYS maintains physical, technical, and administrative safeguards. We may store/process data in the U.S. and elsewhere. We use firewalls, encryption, physical access controls, and restrict access to authorized personnel. Credit card data is handled off-site by a PCI DSS-compliant vendor and is not accessible to ZPAYS staff.

7. International Data Transfers

Information may be transferred, processed, and stored anywhere globally, including countries with different data protection laws. If we transfer personal information outside the U.S., we implement appropriate safeguards. If you are outside the U.S. and use the Services, you do so at your own risk.

8. Retention of Personal Information

We store personal information for as long as needed for the purposes described, to provide Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce agreements, and comply with laws. We may retain information for several years to fulfill legal duties and obligations.

9. Supplemental Notice for California Residents

This notice applies to personal information subject to the CCPA. California residents have the right to know what categories of personal information ZPAYS collected and whether it was disclosed for a business purpose in the preceding 12 months.

Categories Collected & Disclosure (examples)

• Identifiers (name, alias, address, IP, email, account name/username, SSN, etc.) — may be disclosed to ISPs, analytics providers, government entities, platforms, blockchain networks, social networks, service providers, other users, affiliates.
• Customer Records (name, SSN, address, phone, passport/driver’s license, employment, financial info, etc.) — may be disclosed to government entities, service providers, affiliates.
• Commercial Information (transactions, histories) — may be disclosed to service providers, blockchain networks, other users, affiliates.
• Internet/Network Activity (browsing, search, interactions) — may be disclosed to advertising partners, analytics providers, service providers, affiliates.

CCPA Rights

• Right to Know categories/sources/purposes/third parties and specific pieces collected.
• Right to Delete (with statutory exceptions).
• No Sale of personal information; opt-out mechanisms provided if disclosures are deemed “sales.”
• Non-Discrimination for exercising CCPA rights.
• Authorized Agent process available (written authorization required).
• Verification required to protect privacy.

Accessibility: This Privacy Policy aims to meet WCAG 2.1 guidelines. You may print it via your browser or save as PDF.

10. Supplemental Notice for Nevada Residents

Nevada residents may opt-out of the sale of certain personal information to third parties by emailing legal@zpays.io with the subject “Nevada Do Not Sell Request” (include your name and account email). We do not currently sell personal information as defined by Nevada law.

11. Children’s Information

The Services are directed exclusively to individuals at least 18 years old (or the age of majority). We do not knowingly collect personal information from children. If you believe a child provided personal information, contact us (see Contact Us). If required, we will delete such information and terminate the account unless we have a legal obligation to retain it.

12. Other Provisions

Third-Party Websites/Applications

Our Services may link to third-party sites/apps that we do not control. Review their privacy policies. Providing personal information to third-party sites/apps is at your own risk.

Supervisory Authority

If you are in the United States, you may file a complaint with the Federal Trade Commission (FTC): FTC Privacy & Security.

Changes to this Privacy Policy

We may revise this Privacy Policy from time to time and will post changes when they take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about our privacy practices or this Privacy Policy, or wish to exercise your rights, please contact us: