Privacy Policy

Effective Date: June 3, 2025

Thank you for visiting and using Zephyr (the “Website,” “we,” “us,” or “our”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Website and/or purchase our products or services. It also describes your rights under the European Union’s General Data Protection Regulation (“GDPR”) and U.S. privacy laws (including the California Consumer Privacy Act, “CCPA”).

Please read this Privacy Policy carefully. By accessing or using our Website, you agree to the terms herein. If you do not agree with the terms of this Privacy Policy, please do not access the Website.

1. Information We Collect

We do not directly collect sensitive or financial information on our end. However, to provide you with an account, membership access, purchases, and a personalized experience, we collect or process the following categories of information:

  1. Information You Provide Voluntarily
    • Account Registration Data
      • Name (first and last)
      • Email address
      • Password (encrypted; stored and managed by Memberstack via secure hashing)
    • Social Login Data (if you sign up via Google OAuth)
      • Basic profile information provided by Google (name, email, profile picture)
    • Billing and Purchase Information
      • When you purchase one-time products or subscribe to monthly plans, Memberstack (and its payment processors, such as Stripe or PayPal) collects your billing details (credit/debit card number, billing address). We do not store or have direct access to full credit card information.
    • Newsletter Subscription
      • By entering your email in sign-up forms or during account creation, you consent to receive our daily/occasional newsletter called AI Boost.
    • Customer Support Correspondence
      • Any messages, emails, or chat transcripts you send to our support team for troubleshooting or inquiries.
  2. Automatically Collected Information
    • Device & Technical Data
      • IP address, browser type and version, operating system, device type, and screen resolution.
    • Usage & Analytics Data
      • Pages visited, time and date of access, time spent on pages, interactions (e.g., button clicks), referring/exit pages, and unique device identifiers. We collect this via industry-standard analytics tools (e.g., Google Analytics) to improve the Website experience.
    • Cookies & Similar Technologies
      • Cookies, web beacons, local storage, and similar technologies that allow us to recognize your browser or device. See Section 9 for details.
  3. Information Collected by Third Parties on Our Behalf
    • Memberstack (“Data Processor”)
      • Manages your account data (username, encrypted password, subscription status) and payment processing. Memberstack securely stores personal data on their servers (SOC 2 compliant).
    • Payment Processors (e.g., Stripe, PayPal)
      • Handle your credit/debit card information, billing address, and transaction history. We do not retain full card numbers or CVV codes; these are processed and stored by the payment processors under their own PCI-DSS compliance.
    • Email Marketing Provider (e.g., Mailchimp, Beehiiv, etc.)
      • Manages our AI Boost newsletter list, unsubscribes, and delivery. When you subscribe, your email is added to our newsletter database.
    • Google OAuth (if used)
      • Provides authentication tokens and basic profile info. We do not receive your Google password.
    • Analytics Providers (e.g., Google Analytics)
      • Track usage and performance data as described above.

2. How We Use Your Information

We use your information for the following purposes:

  1. To Provide and Maintain Our Services
    • Create and manage your account, authenticate you, and allow access to member-only pages.
    • Process your purchases, subscriptions, upgrades, and cancellations via Memberstack and payment processors.
    • Send transactional emails (e.g., order confirmations, billing receipts, password-reset instructions, and important notices).
  2. To Communicate with You
    • Send our AI Boost newsletter if you opt in (you may unsubscribe at any time via the link in any newsletter email).
    • Respond to your inquiries, feedback, or requests made to our support team.
  3. To Improve User Experience
    • Analyze usage trends and preferences through aggregated analytics data.
    • Conduct A/B testing or site-enhancement experiments to deliver a more personalized experience (e.g., customizing content or recommendations).
  4. To Comply with Legal Obligations
    • Maintain records for tax, accounting, or other legal compliance.
    • Respond to lawful requests by public authorities (such as court orders or subpoenas).
  5. For Marketing & Promotional Purposes (where you have provided valid consent)
    • Send you updates about new products, offers, promotions, and events (you can opt out at any time).

3. Legal Bases for Processing (GDPR)

If you reside in the European Economic Area (“EEA”), we rely on the following lawful bases under the GDPR when processing your personal data:

  1. Contractual Necessity
    • We process personal data to perform our obligations under our Terms of Service (e.g., creating your account, processing your purchase).
  2. Consent
    • For sending newsletters (AI Boost) and marketing communications, we rely on your explicit opt-in consent. You can withdraw this consent at any time by unsubscribing.
  3. Legitimate Interests
    • To improve and secure our Website, detect and prevent fraud or abuse, and personalize content (so long as those interests are not overridden by your fundamental rights).
  4. Legal Obligation
    • To comply with applicable laws (e.g., tax, accounting, anti-money-laundering).

4. Your Rights Under GDPR (EEA Residents)

If you are located in the EEA, you have the following rights regarding your personal data:

  1. Right of Access
    • You may request a copy of the personal data we hold about you.
  2. Right to Rectification
    • You may ask us to correct or complete any inaccurate or incomplete personal data.
  3. Right to Erasure (“Right to be Forgotten”)
    • You may request that we delete your personal data if there is no overriding legitimate interest for us to retain it (e.g., to complete a pending transaction or comply with legal obligations).
  4. Right to Restrict Processing
    • You may request that we suspend processing of your personal data if you contest its accuracy, the processing is unlawful, or we no longer need it but you need us to establish, exercise, or defend legal claims.
  5. Right to Data Portability
    • You may request a machine-readable copy of the personal data you provided to us for the purposes of transmitting it to another controller (where technically feasible).
  6. Right to Object
    • You may object to our processing of your data on grounds relating to your particular situation, where we rely on legitimate interest.
  7. Right to Withdraw Consent
    • Where we rely on your consent (e.g., for marketing), you can withdraw your consent at any time without affecting processing performed before withdrawal.
  8. Right to Lodge a Complaint
    • You may file a complaint with a competent supervisory authority (e.g., your local data protection authority).

To exercise any of these rights, please contact us at support@zephyr-hq.com (or the email address provided at the end of this Policy).

5. California Privacy Rights (CCPA & CPRA)

If you are a resident of California, you have certain rights under the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”), including:

  1. Right to Know
    • You can request details about the categories and specific pieces of personal information we have collected about you in the past 12 months, as well as how we have used or shared that information.
  2. Right to Delete
    • You can request that we delete the personal information we have collected from you, subject to certain exceptions (e.g., to complete a transaction or comply with a legal obligation).
  3. Right to Opt Out of Sale
    • We do not sell personal information for monetary consideration. Therefore, this does not apply.
  4. Right to Non-Discrimination
    • We will not discriminate against you for exercising your CCPA/CPRA rights (e.g., by denying service or charging different prices).

To submit a request under the CCPA/CPRA, please email us at support@zephyr-hq.com, and include “CCPA Request” in the subject line. We will verify your request by matching the information you provide (e.g., email address) to your account records. Once verified, we will respond within the timeframes required by law.

6. Children’s Privacy

Our Website is not intended for individuals under the age of 16. We do not knowingly collect or maintain personal information from anyone under 16. If you are under 16, please do not use or provide any information on this Website. If we learn that we have collected personal data from a child under 16, we will delete that data as soon as possible.

7. How We Share Your Information

We may disclose your personal information in the following circumstances:

  1. With Service Providers & Third-Party Partners
    • Memberstack (account management and payment processing).
    • Payment Processors (e.g., Stripe, PayPal) for billing and transaction handling.
    • Email Marketing Provider for sending AI Boost newsletters and related campaigns.
    • Analytics Providers (e.g., Google Analytics) to analyze Website usage.
    • Customer Support Platforms (e.g., Intercom, Zendesk) for support requests.
  2. For Legal Compliance
    • If required by law (e.g., to comply with a subpoena, court order, or similar legal process).
    • To establish or defend our legal rights (e.g., in response to claims, disputes).
  3. Business Transfers
    • In the event of a merger, acquisition, reorganization, or sale of all or substantially all our assets, your personal data may be transferred as a business asset.
  4. With Your Consent
    • If you have provided us your explicit consent to share your information for a specific purpose not covered above.

We require all third-party service providers to only process personal information on our behalf and to implement reasonable security measures.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required to comply with legal and regulatory obligations. Specifically:

  • Account Information & Transaction Records
    • Retained for the duration of your membership/account, plus up to five (5) years thereafter for auditing and tax compliance.
  • Newsletter Email Addresses & Marketing Preferences
    • Retained until you unsubscribe or specifically request deletion, subject to applicable laws.
  • Support Correspondence
    • Retained for up to three (3) years to allow us to resolve issues or questions and comply with recordkeeping requirements.
  • Analytics & Log Data
    • Aggregated or anonymized data is retained indefinitely; specific, identifiable log data is retained for up to two (2) years.

When we no longer need your personal data, we will securely delete or anonymize it.

9. Cookies & Similar Technologies

Our Website uses cookies and similar tracking technologies to recognize you when you visit, collect information about your browsing behavior, and enhance your experience. Below is an overview:

  1. Types of Cookies
    • Essential Cookies: Necessary for core functionality (e.g., logging in, maintaining session state).
    • Performance & Analytics Cookies: Collect anonymous data about how visitors use the Website (e.g., Google Analytics).
    • Preference Cookies: Remember your site preferences (e.g., language, region).
    • Marketing Cookies: Track your browsing habits to deliver targeted advertisements or measure ad performance (e.g., Facebook Pixel, Google Ads).
  2. Your Choices
    • Most browsers allow you to block or delete cookies via settings. However, blocking essential cookies may prevent you from using certain features of the Website.
    • We provide a cookie banner/consent manager upon your first visit so you can accept or decline non-essential cookies.

10. Security of Your Information

We implement industry-standard security measures to safeguard your personal data, including:

  • Encryption:
    • All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
    • Passwords are hashed using secure algorithms (e.g., bcrypt) on Memberstack’s servers.
  • Access Controls:
    • Access to personal data is restricted to authorized personnel who need it to perform their job functions.
    • We enforce unique user accounts, strong password requirements, and two-factor authentication (2FA) for administrative access.
  • Data Minimization & Segregation:
    • We only collect data necessary for the specified purposes.
    • We segregate production data from development or test environments.
  • Regular Audits & Penetration Testing:
    • We conduct periodic security assessments and vulnerability scans to identify and remediate potential risks.

Despite these precautions, no system is completely secure. In the event of a data breach, we will notify affected individuals and relevant supervisory authorities as required by law.

11. Your Rights & Choices

  1. Managing Your Account Information
    • You can update your name, email address, and password by logging into your account settings.
  2. Opting Out of Marketing Communications
    • At any time, you may unsubscribe from our AI Boost newsletter via the “unsubscribe” link included at the bottom of every email, or by contacting @zephyr.com.
  3. Do Not Track (“DNT”)
    • Our Website does not currently respond to “Do Not Track” signals. However, you may disable certain automated data collection via your browser settings or cookie preferences.

12. Third-Party Links & Embedded Content

Our Website may contain links to third-party websites, apps, or services that are not owned or controlled by Zephyr. We are not responsible for the privacy practices or content of those sites. For example:

  • Embedded Videos (e.g., YouTube, Vimeo)
  • Social Media Features (e.g., Twitter embeds, Facebook “Like” buttons)
  • Partner or Affiliate Sites

When you click on a third-party link, you will be directed to that third party’s site, whose privacy policy may differ from ours. We encourage you to review their privacy notices.

13. Changes to This Privacy Policy

We may update this Privacy Policy as our business, applicable law, or industry practices evolve. When we make changes, we will:

  1. Update the “Effective Date” at the top of this Privacy Policy.
  2. If the change is material, we will notify you via a prominent notice on the Website (e.g., a banner) or by sending you an email if you have provided us with your email address.

Your continued use of the Website after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue use of the Website and request deletion of your personal data (see Section 8).

14. Contact Us

If you have questions, comments, or requests regarding this Privacy Policy or our data practices, you may contact us at:

Company Name: DRBK

Address: Denmark, 8361 Hasselager Kildeagersøvej 99

Email: support@zephyr-hq.com

We will respond to your inquiry as soon as reasonably practicable, and in any event within the timeframes required by applicable law.

Last Updated: June 3, 2025

Thank you for trusting Zephyr. We are committed to protecting your privacy and ensuring the security of your personal information.