Zipto Privacy Policy

Effective Date: March 25, 2025 • Version: 1.1

1. Scope & Applicability

This policy applies to Zipto Pvt. Ltd. ("Zipto", "we", "us") across all services and integrations, including those with Meta/Facebook/Instagram (Pixel, SDKs, Lead Ads). It governs how we collect, use, and share user and ad-related data. This does not override privacy rules enforced by Meta or other platforms.

2. Contact Information

Zipto Pvt. Ltd

Mohakhali, Dhaka‑1213, Bangladesh

Email: info@zipto.io | Phone: +880 1834 341444

3. Information We Collect

3.1 User-Provided Data

  • Account registration: name, email, phone
  • Social login data (e.g. Facebook/Instagram ID)
  • Lead Ad form fields (e.g. name, email, phone)

3.2 Automatically Collected Data

  • Usage data (IP, device, browser, pages visited)
  • Cookies and tracking data
  • Meta Pixel or SDK event data (conversion, engagement metrics)

3.3 Third-Party Sources

  • Meta-generated audience data (custom/lookalike)
  • Analytics and marketing service data in aggregated or anonymized form

4. How We Use Your Information (Purposes & Legal Basis)

We use collected data for:

  • Service delivery & support (contractual necessity)
  • Personalization & optimization (legitimate interest)
  • Advertising, lead generation, remarketing via Meta tools (with consent where required)
  • Analytics & performance tracking (legitimate interest)
  • Marketing communications (consent or legitimate interest)

5. Advertising & Ad Account Data

5.1 Lead Ad Data

If you submit information via a Meta Lead Ad form, Zipto will collect, use, and store this data (e.g., name, email, phone) only for the purposes stated in the ad, such as follow-up messaging or onboarding. We clearly disclose any onward sharing to third parties (e.g., CRM providers) and do not resell or augment this data beyond what you consent to.

5.2 Campaign Performance Metrics

We collect Meta ad-account data such as impressions, clicks, conversions, CPC/CPM, and spend for campaign analytics and optimization. This data is used only internally, not for building separate user profiles or targeting outside Meta's ecosystem, and is not shared with unauthorized third parties.

5.3 Audience & Tracking Tools

Using Meta Pixel or Conversions API, we construct custom and look-alike audiences based on hashed/anonymous identifiers. We comply with Meta's Custom Audience Terms, and all usage is limited to internal campaign optimization. We do not combine data across different clients or platforms, nor do we transfer it to external brokers.

5.4 Ad Data Usage Restrictions

In alignment with Meta's policies, we:

  • Do not sell or rent Meta-derived data
  • Do not build personal profiles using ad data outside of Meta tools
  • Do not combine data across different advertisers unless authorized

6. Data Sharing & Disclosure

  • Meta Platforms: We share hashed user identifiers and event data with Meta for ad targeting and measurement.
  • Service Providers: Providers like email platforms or CRM systems may receive data only as needed and under non-disclosure agreements.
  • Aggregated Data: We may share anonymized, aggregated insights (e.g. age group, location trends) that cannot identify individuals.
  • Legal Reasons & Transfers: We may disclose as required by law or during mergers, acquisitions, or asset sales—with notice given.

We do not sell or rent personal or Meta-derived data.

7. Data Retention & Minimization

  • Lead Ad and profile data retained up to 24 months or until account deletion.
  • Pixel and campaign logs stored for 12 months, then purged automatically.
  • We collect only data necessary to fulfill stated purposes.

8. Your Rights & Choices

EU (GDPR)

Access, correct, delete, portability, object to processing, or withdraw consent.

California (CCPA/CPRA)

Opt-out of sale/sharing, or request disclosure of collected/shared data.

Requests can be made via info@zipto.io or in-app controls. We aim to respond within 30 calendar days. No charge for exercising rights.

9. Consent & Cookie Controls

  • Explicit consent is obtained via cookie banners or unchecked checkboxes in Lead Ads forms.
  • Cookies and tracking are explained transparently, and users can manage them via browser or in-app cookie settings.
  • Withdrawing consent may limit personalization or remarketing functionality.

10. Security & Privacy by Design

We use encryption, access controls, secure storage, and staff training to protect your data. We incorporate privacy principles throughout development. In case of breach, relevant users and authorities are informed within 72 hours when required by law.

11. Data Deletion Policy (Meta & User-Initiated)

  • Users can request full deletion via info@zipto.io or in-app. We permanently erase related data and notify you with a confirmation.
  • If access is revoked via Facebook, Zipto handles the Data Deletion Callback URL per Meta's guidelines—responding with a confirmation code and optional tracking URL.
  • Routine automatic deletion applies per retention timelines.

12. Children's Privacy

We do not knowingly collect data from children under 13. Any such data discovered is deleted promptly. Contact us if you believe a minor's data has been submitted.

13. Changes to This Policy

Updates will be noted by date and version, and shared via website notice, email, or in-app. Continued use after changes indicates acceptance.

14. Version History

  • v1.0 – March 25, 2025: Initial release