Privacy Policy

Plain‑English summary
We only collect your name,email address, andsimple analytics about how you use our website (via cookies/analytics). We don’t sell your data, we don’t do behavioral ads, and you can ask us to delete your data.

Effective date: September 1, 2025
Controller: Zolplay LLC ("Zolplay", "we", "us", "our")
Products covered: Beacon (the “Service”)
Contact: contact@zolplay.com | Postal: 1021 E Lincolnway, Cheyenne, WY, Laramie County, US, 82001

1) What we collect

We collect the minimum necessary to operate Beacon:

• Identifiers: name, email address (when you sign up, request a demo, join a waitlist, or contact us).
• Usage & device analytics: page views, pages visited, time on page, referrer, approximate location based on IP, device/browser type, operating system, language, and basic session metrics.
• Cookies/Similar technologies: strictly necessary cookies for site functionality and analytics cookies. See Cookies & Analytics below.

We do not collect sensitive categories (e.g., government IDs, precise geolocation, health) and we do not use data for behavioral advertising.

2) How we use your information

• Provide, maintain, and improve the Service.
• Respond to inquiries, support, onboarding, and product updates you request.
• Communicate about changes to features, terms, or policies.
• Monitor performance, debug, and prevent abuse or fraud.
• Comply with legal obligations and enforce our Terms.

3) Legal bases (EEA/UK users)

If you are in the EEA/UK, we process your personal data under these legal bases:

• Contractual necessity (to provide the Service you request).
• Legitimate interests (analytics, security, improving the Service). We balance these interests against your rights.
• Consent (where required for non‑essential cookies/analytics; you can withdraw at any time).

4) Cookies & analytics

• Essential cookies enable core site functionality (e.g., session management). These cannot be switched off.
• Analytics cookies help us understand site usage in aggregate. We use them to improve performance and UX.

You can control cookies in your browser settings and—if implemented—through our Cookie Settings link on the site. If you block cookies, some features may not work as intended.

Analytics provider: PostHog. Where supported, we enable IP truncation/aggregation and respect available opt‑out mechanisms.

5) Retention

• Account/contact info: kept while you have an account or up to 24 months after your last interaction, unless we need to keep it longer to comply with law or resolve disputes.
• Analytics data: kept in aggregate form; raw event data typically 12–24 months depending on provider settings. We’ll delete or anonymize data when it’s no longer needed.

6) How we share information

We share only with:

• Service providers/Processors who help us run the Service (hosting, analytics, email delivery). They act under contract and can’t use your data for their own purposes.
• Legal and safety: when required by law, or to protect rights, safety, and security.
• Business transfers: if we undergo a merger, acquisition, or asset sale, your data may transfer as part of that transaction.

Wedo not sell personal information and wedo not share it for cross‑context behavioral advertising.

7) International data transfers

We may process and store data in countries other than where you live. When we transfer personal data internationally, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) or other lawful transfer mechanisms.

8) Your rights

Depending on where you live, you may have rights to:

• Access the data we hold about you.
• Correct inaccurate data.
• Delete your data.
• Port your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.

To exercise rights, email contact@zolplay.com. We’ll verify your request and respond within applicable timelines. You can also lodge a complaint with your local data protection authority.

California (CPRA): We collect categories: Identifiers and Internet/Network activity. We do not sell or share personal information for cross‑context behavioral advertising. You have rights to know, delete, correct, and limit certain uses.
Singapore (PDPA): You can withdraw consent at any time; we’ll inform you of likely consequences.
EEA/UK (GDPR): You have the rights described above; contact details for your authority are available at https://edpb.europa.eu.

9) Security

We use administrative, technical, and organizational measures proportional to risk (e.g., encryption in transit, access controls, least‑privilege). No method of transmission or storage is 100% secure.

10) Children

The Service is not directed to children under 13 (or the age of digital consent in your region). We do not knowingly collect data from children. If you believe a child provided data, contact us and we’ll delete it.

11) Changes to this policy

We may update this policy to reflect changes to our practices. If we make material changes, we’ll provide notice (e.g., by posting here or via email). The updated policy takes effect on posting unless stated otherwise.