PRIVACY POLICY
Effective Date: January 11, 2026
This Privacy Policy explains how Zori.bio ("we," "us," or "our"), operated by Slobodskyi Oleksandr Mykolayovych (FOP - Фізична особа-підприємець), Tax ID: 3432501553, collects, uses, shares, and protects your personal information when you use our Service.
We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and Ukrainian data protection law.
1. Data Controller
The data controller responsible for your personal data is:
Slobodskyi Oleksandr Mykolayovych
Kerchenska 118, Odesa, 65069, Ukraine.
Email: hello@zori.bio
Tax ID (IPN): 3432501553
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, username, password, profile picture
- Profile Content: Links, text, images, and other content you add to your Zori.bio page
- Payment Information: Billing details processed by Paddle (we do not store payment card numbers)
- Communications: Messages you send to us via email or support channels
- Survey Responses: Information you provide in surveys or feedback forms
2.2 Information Collected Automatically
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Information: Pages visited, features used, click patterns, time spent on pages
- Analytics Data: Page views on your Zori.bio profile, link clicks, referral sources
- Cookies and Similar Technologies: Information collected through cookies, pixels, and similar tracking technologies (see Section 8)
2.3 Information from Third Parties
- Social Media Platforms: If you connect third-party accounts, we may receive basic profile information
- Payment Processor: Paddle provides transaction confirmations and billing status
3. How We Use Your Information
We use your personal information for the following purposes and legal bases:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and operating the Service | Contract performance |
| Processing payments and subscriptions | Contract performance |
| Communicating about your account | Contract performance |
| Providing analytics on your link performance | Contract performance |
| Sending service updates and security alerts | Legitimate interest |
| Improving and developing the Service | Legitimate interest |
| Preventing fraud and ensuring security | Legitimate interest |
| Responding to support requests | Contract performance |
| Sending marketing communications (with consent) | Consent |
| Complying with legal obligations | Legal obligation |
4. How We Share Your Information
We share your personal information only in the following circumstances:
4.1 Payment Processor
We use Paddle.com as our Merchant of Record. When you make a purchase, Paddle collects and processes your payment information, including name, email, billing address, and payment card details. Paddle processes this data in accordance with their Privacy Policy (https://www.paddle.com/legal/privacy).
4.2 Service Providers
We engage trusted third-party service providers to perform functions on our behalf, including:
- Cloud hosting and infrastructure
- Email delivery services
- Analytics services
- Customer support tools
These providers are contractually bound to protect your data and use it only for the specific services we request.
4.3 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety, or that of others.
4.4 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
4.5 With Your Consent
We may share your information for other purposes with your explicit consent.
We do not sell your personal information. We do not share your information with third parties for their direct marketing purposes.
5. International Data Transfers
Zori.bio is operated from Ukraine. If you access our Service from the European Union, United Kingdom, or other regions with data transfer restrictions, your information will be transferred to and processed in Ukraine and potentially other countries.
For transfers from the EU/UK:
We rely on the following mechanisms to ensure adequate protection for your data:
- Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our service providers
- Your explicit consent: Where applicable, you consent to the transfer when creating an account
Ukraine is a signatory to the Council of Europe's Convention 108 on data protection, providing baseline data protection safeguards.
6. Data Retention
We retain your personal information for as long as:
- Your account is active
- Necessary to provide you with the Service
- Required to comply with legal obligations
- Needed to resolve disputes and enforce agreements
Specific retention periods:
- Account data: Retained until account deletion, then deleted within 30 days
- Analytics data: Retained for 26 months
- Transaction records: Retained for 7 years for tax and legal purposes
- Support communications: Retained for 3 years
After the applicable retention period, we securely delete or anonymize your data.
7. Your Rights and Choices
7.1 For All Users
You have the right to:
- Access your personal data through your account settings
- Update your information through your account dashboard
- Delete your account and associated data
- Opt-out of marketing communications using unsubscribe links
7.2 For EU/UK Residents (GDPR)
Under the GDPR, you have additional rights:
- Right of Access: Obtain a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where consent is our legal basis
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise these rights, contact us at hello@zori.bio. We will respond within 30 days (extendable to 90 days for complex requests).
7.3 For California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how we use it
- Access your personal information
- Delete your personal information
- Non-Discrimination: We will not discriminate against you for exercising your rights
Categories of personal information collected in the past 12 months:
- Identifiers (name, email, IP address, account name)
- Commercial information (purchase history, subscription details)
- Internet activity (browsing history, interactions with our Service)
- Geolocation data (derived from IP address)
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
To submit a request, email hello@zori.bio with "California Privacy Request" in the subject line. You may also designate an authorized agent to submit requests on your behalf.
8. Cookies and Tracking Technologies
8.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Required for Service functionality (login, security) | Session |
| Analytics | Understanding usage patterns and improving the Service | Up to 2 years |
| Preferences | Remembering your settings and choices | Up to 1 year |
8.2 Your Cookie Choices
For EU/UK users: We display a cookie consent banner. You can manage your preferences or withdraw consent at any time through the cookie settings link in our footer.
For all users: You can control cookies through your browser settings:
- Chrome: Settings > Privacy and Security > Cookies
- Firefox: Settings > Privacy & Security > Cookies
- Safari: Preferences > Privacy > Cookies
- Edge: Settings > Privacy > Cookies
Do Not Track: We currently do not respond to browser "Do Not Track" signals, but we honor Global Privacy Control (GPC) signals where required by law.
8.3 Analytics
We use analytics services to understand how users interact with our Service. These services may collect information about your device, browser, and usage patterns. You can opt-out of analytics through your cookie preferences or by using browser extensions like Privacy Badger or uBlock Origin.
9. Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit (TLS/SSL)
- Secure password hashing
- Access controls and authentication
- Regular security assessments
- Employee training on data protection
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
10. Children's Privacy
Zori.bio is not intended for users under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a user under 18, we will delete that information immediately. If you believe a minor has provided us with personal information, please contact us at hello@zori.bio.
11. Third-Party Links
Your Zori.bio page may contain links to third-party websites and services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you visit.
12. Data Breach Notification
In the event of a data breach that poses a high risk to your rights and freedoms, we will:
- Notify affected users without undue delay (within 72 hours where feasible)
- Notify relevant supervisory authorities as required by law
- Provide details about the breach and steps we are taking
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Effective Date" at the top
- Sending an email notification for significant changes
Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
14. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Zori.bio - Data Protection Inquiries
Slobodskyi Oleksandr Mykolayovych
Kerchenska 118, Odesa, 65069, Ukraine
Email: hello@zori.bio
For EU/UK residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.