Privacy policy

Effective as of January 22nd 2022


This Privacy Policy describes how KAHA GmbH and our subsidiaries and affiliates (collectively "zezam," "we", “us” or "our") handle personal information that we collect through our digital properties that link to this Privacy Policy, including our website and applications integrated on other websites (collectively, the “Service”), as well as through social media, our marketing activities, and other activities described in this Privacy Policy.


Table of Contents

  • About zezam
  • Personal information we collect
  • How we use your personal information
  • How we share your personal information
  • Your choices
  • Other sites and services
  • Security
  • International data transfer
  • Children
  • Changes to this Privacy Policy
  • How to contact us
  • Deletion
  • Personal Information we collect in each category

About zezam

zezam connects content creators with their audiences. We help content creators make websites that curate their content from different platforms for their audiences, sell digital goods, allow audiences to submit requests to them and support them, and facilitate partnerships with merchants to sell products.  Merchants can work with content creators through the zezam platform, such as by joining affiliate marketplaces.


Personal information we collect


Information you provide to us

Personal information you may provide to us through the Service or otherwise includes:

  • Contact data, such as your first and last name, email address, and mailing address
  • Profile data, such as your username and password that you set to establish an online account with us, social network handles, biographical details, photographs (we use a content creator’s public Instagram photo as their default profile photo), links and descriptions that you add to your profile, interests, preferences, and any other information that you add to your account profile.
  • Communications that we exchange, including when you contact us with questions or feedback, through social media, or otherwise, and that you exchange with others on or through the Service.
  • Payments and transactional data needed to complete your orders, Requests, Support, or payments on or through the Service (such as payment card information, billing and shipping information, payment processor information).
  • Marketing data, such as your preferences for receiving communications about our or our partners’ products, services, activities, and events, and details about how you engage with our communications.
  • Content that you upload or share to the Service, including text, photos, and videos in connection with Requests, products, digital goods and your profile.
  • Product data, such as the description of a product or digital good for sale, its price, and its commission.
  • Other information that we may collect which is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise described at the time of collection.

Third party sources

We may combine personal information we receive from you with personal information we obtain from other sources, such as:

  • Public sources such as social media platforms.
  • Business partners such as companies that have entered into joint marketing relationships or other joint ventures with us, merchants, and affiliate marketplaces.

Automatic data collection

We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, your activity over time on our sites and other online services, and your interactions with our marketing communications such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

Cookies

Some of our automatic data collection is facilitated by cookies and similar technologies.  For more information, see our Cookie Notice.


Data about others

Users of the Service may have the opportunity to refer friends or other contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have their permission to do so.


How we use your personal information

We use your personal information for the following purposes or as otherwise described at the time we collect it:


Service delivery

We use your personal information to:

  • provide, operate and improve the Service and our business;
  • process and track your orders;
  • facilitate payments;
  • establish and maintain your user profile on the Service;
  • enable security features of the Service, such as by sending you email verification, and remembering devices from which you have previously logged in;
  • communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
  • understand your needs and interests, and personalize your experience with the Service and our communications; and
  • provide support for the Service, and respond to your requests, questions and feedback.

Research and development

We may use your personal information for research and development purposes, including to analyze and improve the Service and our business.  As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect.  We make personal information into anonymous data by removing information that makes the data personally identifiable to you.  We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.


Marketing

We may send you zezam-related or other direct marketing communications as permitted by law.  You may opt-out of our marketing communications as described in the Opt-out of marketing section below.


Compliance and protection

We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements and internal policies;
  • enforce the terms and conditions that govern the Service; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:


Affiliates

Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.


Service providers

Companies and individuals that provide services on our behalf or help us operate the Service or our business (such as information technology, hosting, customer relationship management and support, payment processing, email delivery, advertising, marketing, and website analytics).


Professional advisors

Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.


Authorities and others

Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.


Business transferees

Acquiring and other relevant parties to business transactions (or potential transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, zezam or our affiliates (including, in connection with a bankruptcy or similar proceedings).


Other users and the public

You may choose to make publicly visible some of the information on your profile. If you submit a Request to a content creator, you choose to make the Request public to the creator.  Any information that is not private may be associated with your profile and can be collected and used by others.  We cannot control who reads the information that you make viewable or what they may choose to do with it.


Your choices

You have the following choices with respect to your personal information.


Access or update your information

If you have registered for an online account with us, you may review and update certain account information from your account.


Opt-out of marketing communications

You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us.  You may continue to receive service-related and other non-marketing emails.


Cookies

For information about cookies employed by the Service and how to control them, see our Cookie Notice.


Declining to provide information

We need to collect personal information to provide certain services.  If you do not provide the information we identify as mandatory, we may not be able to provide those services.


Third party platforms

If you choose to connect to the Service through your social media account, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third party platform, that choice will not apply to information that we have already received from that third party.


Privacy settings

In your account’s privacy settings, you may choose to make certain profile information publicly visible and whether you want third parties to be able to find or contact you through the Service.


Other sites and services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or other online services that are not associated with us. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions.


Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect.  However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.


International data transfer

We are headquartered in Germany and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.


Children

The Service is not intended for use by children under 18 years of age. If we learn that we have collected personal information through the Service from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.


Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Service.  Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.


How to contact us

Deletion

You can ask us to delete the Personal Information that we have collected from you.


Personal Information we collect in each category:

(See the “Personal information we collect” section above for description)

As a visitor of a public zez.am page

The privacy of our website visitors is important to us so we do not track any individual people. As a visitor of any public zez.am pages (for example zez.am/zezam):


  • No personal information is collected
  • No information such as cookies is stored in the browser
  • No information is shared with or sold to advertising companies
  • No information is mined and harvested for personal and behavioural trends
  • No information is monetized


If the page owner opts into it, we run Plausible Analytics to collect anonymous usage data for statistical purposes. The data is aggregated and shared with the page owner. Each page owner only has access to usage data for their own zezam page. No personal data is collected and no individual visitors are tracked. Importantly, we never use any invasive tracking tool like Google Analytics on public zez.am pages.


We also store the anonymized IP address (the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses are set to zeros) of all requests for 30 days in our access logs. This is necessary to detect malicious activity and prevent abuse and/or attacks on our systems.

As a zezam customer and/or owner of a page

Our guiding principle is to collect only what we need and that we will solely process this information to provide you with the service you signed up for.


  • Email address - A valid unique email address is required to create an account. This email address is not shared with other users or third parties, except our email provider to send transactional emails.
  • Cookies - We only store a persistent first-party cookie to remember if you’re logged in along with your user identifiers. We do not employ any third party or advertising cookies.
  • IP address - The anonymized IP address (the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses are set to zeros) are stored for 30 days in our access logs. This is necessary to detect malicious activity and prevent abuse and/or attacks on our systems.
  • Page and product content - When creating a page or products, the owner can choose to provide page content like name, bio text, social links, images and sections with content. All this information is public and is thus visible to anonymous users on the public page.
  • PayPal account - To be able to receive payments from end-customers, page owners have the ability to connect their PayPal account by sharing these account details with us: merchant ID, client ID and secret key. These values are stored in the system until the customer decides to disconnect their PayPal account, at which point all values are fully deleted. The secret key is encrypted with AES128 EAX in the application and thus encrypted in-transit and at-rest. The account details are never shared with any other users or any third parties.

As an end-customer of products on a zezam page

Our guiding principle is to collect only what we need and that we will solely process this information to provide you with the service you signed up for.


  • Email address - A valid unique email address is required to create an account. This email address is not shared with other users or third parties, with the following two exceptions:
  • The email provider to send transactional emails.
  • The owner of a purchased product so they’re able to contact the customer.
  • Cookies - We only store a persistent first-party cookie to remember if you’re logged in along with your user identifiers. We do not employ any third party or advertising cookies.
  • IP address - The anonymized IP address (the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses are set to zeros) are stored for 30 days in our access logs. This is necessary to detect malicious activity and prevent abuse and/or attacks on our systems.

External service providers

We use a select number of trusted external service providers for certain service offerings. These service providers are carefully selected and meet high data protection, data privacy and security standards.


  • Transactional emails - We use Postmark to send all transactional emails. For each email sent, we only share the recipient’s email address and the email content (typically name and product or page content) with the provider. We do not create or store any mailing lists. We track opening and clicks on links in the email via the provider.
  • Subscription management - We use Chargebee to handle paid subscriptions for the zezam platform. The following data is shared with and stored by the provider: credit card number, the expiration date of your credit card, your billing address, and your shipping information
  • Analytics - We use Plausible Analytics to collect anonymous usage data for statistical purposes. The data is aggregated and shared with the page owner. Each page owner only has access to usage data for their own zezam page. No personal data is collected and no individual visitors are tracked. Importantly, we never use any invasive tracking tool like Google Analytics on public zez.am pages.
  • System monitoring and observability - We use Grafana Cloud to process and store system level metrics like resource utilisation (e.g. CPU, memory, network bandwidth,...) and aggregated operation statistics (e.g. requests latency or request throughput). We also use Sentry to process and store operation metrics from the client-side applications, like device details (e.g. screen size, browser version) and session duration. No personal data is sent to or stored in any third party monitoring/observability providers.
  • Hosting and infrastructure - All compute infrastructure and data storage is provided by Amazon Web Services. All resources and data are located in the Frankfurt (Europe) region, with static assets (no customer data) being distributed and cached globally via a CDN.