Zora Direct, Inc

Privacy Policy

Summary in Plain English

The document below is a detailed privacy policy for Zora’s services, which all Zora users are governed by. Please read the full policy below, since you are agreeing to it by using our services. 

The bullet points below are intended to be a statement of our principles, not a replacement for understanding the full document.

  • We take our responsibilities around your data seriously, and we want you to understand how we use it

  • We store data about you in our application - for example, your name, contact information, etc.

  • We will not sell or rent this data to other parties - we do not sell your contact information to lead gen companies or other financial services businesses

  • We do share data with service providers that make Zora work - for example we use Plaid to connect your bank account to our application

  • We also check your name, ID and contact details against sanctions lists, money laundering lists and other bad actor checks to prevent illegal activity on our platform

  • We are a US company and comply with US law. We will cooperate with legal requests from law enforcement agencies.

  • We use marketing platforms to grow our business - for example, we may advertise on Google, Meta and LinkedIn, which means they know when you arrive at our site after visiting their site

If you have any questions about this Policy, please contact support@zora.direct


Last updated:  April 8, 2024

This Privacy Policy (“Policy”) describes how information about you is collected, used, and disclosed by Zora Direct, Inc. and its subsidiaries and affiliated companies (“Company,” “we,” “us,” “our”) when you visit our websites and use our services (“Services”).


Acceptance of Privacy Policy

By accessing and using our Services, you signify your acceptance of the terms of this Privacy Policy and consent to the collection, use and disclosure of your personal information as described below. If you do not agree with any aspect of this Privacy Policy, you should immediately discontinue access or use of our Services.


Collection of Information


Personal Information

“Personal information” is data that can be used to identify an individual, either directly or indirectly, or which could be used to contact that individual. Our Privacy Policy applies to personal information that you provide to us, or that we obtain from a third party. This Privacy Policy does not apply to information that cannot be used to individually identify you.

Information You Provide to Us

We may collect information you provide directly to us. For example, we collect information when you join our First Wave program or sign up for our waitlist. We collect this personal information to provide you with our Services.

We collect personal information when you access our Services, and when you complete a survey, request information about our Services, subscribe to marketing communications, request support, or offline.

The types of information we may be required to collect include, but are not limited to:  your name, physical address, telephone number(s), email address, date of birth, government-issued photo identification or other identification, bank and/or credit card account numbers, gender, nationality, and country of residence.

Our third-party payment service providers collect your payment method information for use in connection with your payments.

Information We Collect Automatically

When you access our Sites, we automatically collect information about you, including but not limited to:

Log information:  We may collect log information about your use of our Site. Such information may include: the type of browser you are using, access times, pages viewed, your IP address, and the pages you visited before or after navigating to our Site.

Device information:  We may collect information about the device you use to access our Site.  Such information may include: the hardware model, operating system and version, unique device identifiers, and mobile network information.

Usage information:  We may collect information contained in or relating to any communication that you send to us or send through our Site, as well as meta-data associated with the communication.

Location information:  We may collect information about the location of your device each time you access or use one of our mobile applications or otherwise consent to the collection of this information.

Information Collected by Cookies and Other Tracking Technologies:  We and our third-party vendors may use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that helps us improve the Site and your experience, see which features of the Site are popular, and count visits. Web beacons are electronic images that may be used on our Site or in emails to help deliver cookies, count visits, and understand usage and campaign effectiveness. We may later associate the usage and other information we collect with personal information about you, as permitted or required by law.

Information We Collect From Other Sources

We may also collect information about you from additional online and offline sources including commercially available third-party sources such as consumer reporting agencies.  We may combine this information with other information we have collected about you under this Policy.


Use of Information

We may use information about you to create, develop, operate, deliver and improve our Services, content and advertising, and for loss prevention and anti-fraud purposes. Examples of how we use your information includes:

  • To comply with our legal obligations;

  • To provide you with the Services;

  • To verify your identity by comparing your personal information against third-party databases;

  • To send you notices, updates, security alerts, and support and administrative messages;

  • To respond to your comments, questions, and requests and provide customer service;

  • To detect, investigate, and prevent fraudulent transactions or other unlawful activities, and protect the rights and property of the Company and others;

  • To communicate with you about our marketing, service updates, promotional offers (where in accordance with the law); and

  • Carry out any other purpose for which the information was collected.


We may also use data that we collect on an aggregate or de-identified basis for various business purposes, where permissible under applicable laws and regulations.


Sharing of Information

We may share information about you as follows, or as otherwise described in this Policy:

  • With service providers who need access to such information to carry out work on our behalf;

  • In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, or legal process;

  • If we believe your actions are inconsistent with our terms or policies, or to protect the rights, property, and safety of the Company or other parties;

  • In connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business by another company;

  • Between and among the Company and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership; and

  • With your consent or at your direction.


We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.


We do not sell your information to third parties

We will not rent or sell your personally identifiable information to third parties, marketing companies or other unrelated businesses.


Transfer of Information to and from the United States

The Company is based in the United States and the information we collect is governed by United States law. By communicating with us you consent to the transfer of information to and from the United States and other countries in which Zora Direct, Inc.. operates, where you might not have the same rights as under United States law.


Security

We take our responsibility to protect the privacy and confidentiality of your information, including personal information, seriously. We take reasonable measures to help protect information about you from loss, theft, misuse, and unauthorized access, disclosure alteration, and destruction.

We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in the United States and elsewhere in the world where our facilities or our service providers are located. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.

However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.

Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us at the email address, mailing address or telephone number listed at the end of this Privacy Policy.


Changes

We may change this Policy from time to time. If we make changes, our notification will consist of changing the date on the top of the policy. While in some cases, and at our discretion, we may provide you with additional notice, we encourage you to review the most up-to-date Policy whenever you access our Site. All changes will become effective when posted unless indicated otherwise.


Your Choices

You may request that the Company update or correct information about you at any time by emailing us at support@zora.direct. We may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time. This is necessary in order to deter fraud. However, if you close your account, your personal information will not be used by us for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement as required by law or in accordance with this privacy policy.


Minors

We do not knowingly request or collect personal information from any person under the age of 18. If a user is suspected of being younger than 18 years of age, we will require that user to close their account. We will take steps to delete their information as quickly as possible. Please notify us at support@zora.direct if you know of any individual under the age of 18 using our Services.


California Privacy Rights

If you are a California resident, you have the right to request information from us regarding the manner in which we share certain categories of your personal information with third parties for the third parties' direct marketing purposes. California law provides that you have the right to submit a request to us at our designated address and receive the following information: (a) the categories of information we disclosed to third parties for the third parties' direct marketing purposes during the preceding calendar year; and (b) the names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.

You are entitled to receive a copy of this information in a standardized format and the information will not be specific to you individually. You may make such a request by emailing support@zora.direct