Privacy Policy

We collect information you provide directly, information generated automatically when you use our Services, and (where permitted) information from third parties.

Account & profile data: When you create an account we collect your name, email address, password (stored as a salted hash, never in plain text), business name, and store URL (slug).

Billing data: Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or bank account details on our servers. We store a Stripe customer ID and subscription status.

Usage data: We may collect basic log data such as IP address and general usage patterns to diagnose issues and keep the platform running reliably. We collect only what is necessary for this purpose.

Communications: If you contact us by email or through our contact form, we retain the contents of that communication and your email address to respond and for quality assurance.

Cookies & local storage: We use cookies and browser storage to maintain your session, remember preferences, and measure platform performance. See the Cookies section for details.

We use the information we collect to:

• Create and maintain your account and store
• Process payments and manage subscriptions via Stripe
• Send transactional emails (account confirmation, password reset, billing receipts, trial expiry notices)
• Provide customer support and respond to enquiries
• Monitor, diagnose, and fix bugs and performance issues
• Detect and prevent fraud, abuse, and security breaches
• Comply with legal obligations (tax records, regulatory requirements)
• Improve and develop new features based on aggregated, anonymised usage patterns

We do not sell your personal data to third parties. We do not use your data to serve you third-party advertising.

We share your information only in the following circumstances:

Service providers: We engage trusted sub-processors to operate the Services. These include Microsoft Azure (cloud infrastructure), Stripe (payments), and our transactional email provider. Each sub-processor is contractually bound to process data only as directed by us and in accordance with applicable data protection law.

Legal requirements: We may disclose information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of zaaum, our customers, or the public.

Business transfers: If zaaum is acquired, merges with another company, or transfers substantially all its assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

With your consent: We may share information for any other purpose with your explicit consent.

We retain your personal data for as long as your account is active or as needed to provide the Services. When you cancel your account, we retain your data for 90 days to allow for re-activation, after which it is permanently deleted or anonymised.

Billing records are retained for 7 years to comply with financial and tax regulations. Server logs are retained for 30 days for security and diagnostics.

You may request earlier deletion of your data. See Your rights.

We take security seriously. Our measures include:

• All data in transit encrypted with TLS 1.2 or higher
• All data at rest encrypted using Azure's built-in encryption services
• Passwords stored as bcrypt-hashed values, never in plain text
• Tenant data isolation at the database schema level
• Role-based access control: staff can only access what their role permits
• Regular dependency and vulnerability audits

Despite these measures, no system is perfectly secure. If you discover a security vulnerability, please report it to hello@zaaum.com before disclosing it publicly.

We use the following categories of cookies:

Strictly necessary: Required for you to log in and use the platform. These cannot be disabled without breaking core functionality.

Functional: Remember your preferences (e.g. language, theme) so you don't have to re-enter them each session.

Analytics: Aggregate, anonymised data on how the platform is used (page views, error rates, feature adoption). We do not use third-party advertising trackers.

You can control cookies through your browser settings. For a full breakdown, see our Cookie Policy.

Depending on where you are located, you may have some or all of the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Ask us to correct inaccurate or incomplete data
• Deletion: Ask us to delete your personal data (right to erasure)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Ask us to stop processing your data in certain ways
• Objection: Object to processing based on our legitimate interests
• Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at hello@zaaum.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

zaaum is hosted on Microsoft Azure. Depending on your location, your data may be processed in data centres outside your country of residence. Where we transfer personal data outside the jurisdiction in which it was collected, we use appropriate safeguards such as Standard Contractual Clauses approved by the relevant regulatory authority.

Our Services integrate with third-party providers. Their privacy practices are governed by their own policies:

• Stripe Privacy Policy (payment processing)
• Microsoft Privacy Statement (Azure infrastructure)

We recommend reviewing these policies as they govern how those providers handle your data independently of zaaum.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and by posting a notice on our website at least 14 days before the change takes effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

The date at the top of this page always reflects the most recent revision.

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us: