Zip Privacy Policy

Here at Zip, we highly value your trust, and as a result, we are committed to protecting the privacy and security of your personal data. The purpose of this Privacy Policy is to inform you about our privacy practice, including how we collect, store, protect, use, and share your personal information when you use our services. We kindly request that you dedicate time to read and review this Privacy Policy.

Overview

This Privacy Policy describes Zip Co US, Inc.'s and any of our U.S. affiliates’ (collectively, “Zip,” “we”, “us”, or “our”) practices and the privacy rights of users of Zip Services (“you”, “our customer”) regarding our collection, use, storage, sharing and protection of your personal information. It applies to the Zip website, https://zip.co/us, and all related sites, applications, products, services, content, features, technologies and tools, including the Zip App, regardless of how you access or use them (collectively “Zip Services”). We may offer you the ability to connect with Zip Services using a mobile device, either through a mobile application or via a mobile-optimized website. The provisions of this Privacy Policy apply to all such mobile access and use of mobile devices.

This Privacy Policy applies U.S. law and is intended to govern the use of Zip Services by our users in the U.S. unless otherwise agreed through contract. This Privacy Policy is incorporated into, and is subject to the Terms of Service.

Our corporate affiliates maintain their own privacy policies, which govern the data they gather from the products, services, and applications they offer. Any information collected in accordance with this Policy and shared with our affiliates will continue to be treated in accordance with the principles outlined in this Policy.

Your Acceptance of this Privacy Policy

By accessing or using this website or any other Zip Services, you confirm that you have read and understood the entirety of this Privacy Policy, and you consent to adhere to its terms. You accept this Privacy Policy when you sign up for, access, or use our products, services, content, features, technologies, or functions offered on our website and all related sites, applications, and services (collectively “Zip Services”).

We may amend this Privacy Policy at any time by posting a revised version on our website. The revised version will be effective as of the published effective date, indicated at the top of this Privacy Policy, in which case you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect. If we make material changes to the way we process your personal information, we will notify you by sending you a notification or by other means consistent with applicable law.

If you do not agree to this Privacy Policy in its entirety, you must refrain from using this website or any other Zip Services. Note that if you become a Zip customer, your personal information and privacy rights will be subject to Zip’s Privacy Notice, and Zip’s use of such information will be consistent with that privacy notice. For customers using the Zip Anywhere Service and/or Zip Checkout, your personal information and privacy rights will also be subject to the WebBank Privacy Notice, and use of such information will be consistent with that privacy notice. Please read this WebBank Privacy Notice carefully. By accessing and using the Zip Anywhere Service and/or Zip Checkout, you confirm that you have read and understood this Privacy Notice in its entirety. You understand and acknowledge that WebBank reserves the right to change or amend this Privacy Notice at any time.

If you are a resident of California, you may have additional rights, described in our Provisions Applicable to California Consumers section below.

This Privacy Policy does not apply to information submitted or collected through websites maintained by other companies or organizations to which we may link or who may link to us. We are not responsible for the actions and privacy policies of third-party websites.

Collection of Personal Information

The personal information that we collect or otherwise receive about you depends on the context of your interactions with Zip, how you configure your account, and the choices you make, including your privacy settings. We collect information from various sources including information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.

We collect two basic types of information from you in conjunction with your use of Zip Services (collectively your “personal information”):

• Personally identifiable information;
• and non-personally identifiable information;

When we say "personally identifiable information" we mean any information related to an identified or identifiable natural person. Non-personally identifiable information is information that does not identify you directly but may be linkable to you.

Personal information does not include information that has been anonymized or aggregated in such a way that there is no serious possibility it can be used to identify an individual, whether on its own or in combination with other information. However, if non-personally identifiable information is directly linked to personally identifiable information, it will be considered personally identifiable information while it is linked. For example, if your payment history and transaction history are linked to your name, then that information will be considered personally identifiable information and subject to heightened privacy and security restrictions, as reflected in this Privacy Policy.

What Personal Information Do We Collect?

The following are the categories and specific types of personal data or information we may collect:

Account Profile Data and Identity Verification Information

When you create an account, we may collect certain personal information that can be used to identify you, such as your full name, email address, date of birth, telephone number, postal address, IP address, Social Security Number (SSN), password and account preferences.

Financial Information

Including your financial account details that you provide, such as credit/ debit card numbers or your ACH banking details. We may directly collect or store payment card or financial information entered through our Services including the last four digits of your payment card or financial information. We may receive other data associated with your financial information such as your billing details, account types and balances or limits, income, bank statements and transaction and purchase history details.

Audio, Electronic, Visual and Similar Information

We gather data that you share during your interactions with our customer service representatives and channels. This information may include: telephone conversation recordings and call monitoring records, social media messaging/ posting, chat and text records (including chatbots), email correspondence, voicemails, photographs, and video images. By communicating with Zip, unless otherwise provided by applicable law, you acknowledge that your communication may be overheard, monitored, or recorded without further notice or warning.

Marketing and Communications Data

Such as your preferences for receiving our marketing communications and details about your engagement with them. Occasionally, we may extend to you the opportunity to take part in our contests, sweepstakes, surveys or other similar campaigns. Participation in sweepstakes, contests or surveys is voluntary, and users have the choice whether to participate or not. If you participate, we may request certain personally identifiable information from you which may include details such as name, residential address, age range, or postal address. This information may be used to distribute and collect surveys, notify contest winners and award prizes, improve our products and services, conduct market research including to provide demographic insights.

Geolocation Information

If you grant permission in your device settings, we may collect your approximate or precise geolocation data and use your geolocation information to operate and customize the Service for you. We may use this information for fraud prevention and security purposes and to provide you with location-based services, such as advertising, help you find nearby stores, speed up your in-store checkout process and get access to other personalized content and offers. Most mobile devices allow you to control or disable location services in the device's setting's menu. If you have questions about how to disable your device's location services, we recommend you contact your mobile service carrier or the manufacturer of your particular device.

Professional or Employment-Related Information

If you apply for a job at Zip, you may provide us with certain personal information about yourself, such as information contained in a resume/CV, cover letter, or similar employment-related materials. For more information on how we handle Applicant and Candidate personal data, please refer to Zip Co US. Inc., Applicant and Candidate Privacy Notice.

Internet or other Electronic Network activity and analytics

Including data about the pages you access, computer IP address, device ID or unique identifier, device type, computer and connection information, mobile network information, mobile device type, statistics on page views, traffic to and from the sites, referral URL, ad data, and standard web log data and other information.

Cookies and similar technologies

When you access our website or use Zip Services, we (including companies we work with) may place small data files on your computer or another device. These data files may be cookies, pixel tags, e-tags, “Flash cookies,” or other local storage provided by your browser or associated applications (collectively “Cookies”). We use these technologies to recognize you as a customer; customize Zip Services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud, and to promote trust and safety across our sites and Zip Services.

Sensitive Personal Information

It may be necessary in some circumstances for us to collect some forms of sensitive information about you in order to provide specific services to you. Sensitive information such as government-issued identifiers including Social Security Numbers (SSN), Driver’s License, etc; account credentials; financial information; precise location; contents of certain types of messages; and criminal history. We will only collect and use sensitive information with your consent, in accordance with applicable laws or in a de-identified aggregated manner.

How do we collect your Personal Information?

Directly from you

We collect personal data you provide, such as when you use our Service, create an account, contact us, make a purchase or repayment, respond to a survey, interact with us at events, participate in a sweepstakes, contest, or other similar campaign or promotion, post a review, interact with us on social media, apply for an employment opportunity, sign up to receive emails, text messages, and/or postal mailings and any information you include in any webforms that you complete and submit.

Information we collect automatically

When you use Zip Services, we may collect information sent to us by your computer, mobile phone, or another access device using technologies such as cookies, web beacons, clear GIF, pixels, internet tags, web server logs, and other data collection tools. Certain Zip features may collect your approximate or precise geolocation information, device motion information, or both, if you grant us permission to do so through your device settings.

Information from other sources

We may obtain information about you from other sources, such as credit bureaus, consumer reporting agencies, merchant partners you interact with, payment service providers, data analytics providers, marketing or advertising service providers, social media platforms or networks, fraud prevention or identity verification service providers, electronic databases, vendors that provide services on our behalf with whom we have contractual relationships, or publicly available sources.

The information we may receive varies by site and is controlled by that site. By associating an account managed by a third party with your Zip account and authorizing Zip to have access to this information, you agree that Zip may collect, store and use this information in accordance with this Privacy Policy.

How we use the Personal Information we collect

Our primary purpose in collecting your personal information is to provide you with a secure, smooth, efficient, and customized experience with Zip Services. We use your personal information with your consent or as permitted or required by law, and for the following purposes:

Service delivery and operations. We may use your personal information to:

• Provide Zip Services and Products and for other customer support purposes in relation to your Zip account.
• Process transactions and send notices about your transactions.
• Resolve disputes and collect payments and/or fees.
• Verify the accuracy of and authenticate your information.
• Detect, investigate, and prevent potentially prohibited or illegal activities, such as fraud.
• Communicate changes to our policy.
• To evaluate your eligibility for pre-selection offers of our products
• Improve the services you receive from us.
• For auditing purposes to ensure our internal processes function as intended and comply with legal, regulatory and contractual obligations.
• Share information with third parties as needed to provide Zip Services.
• Conduct any other legitimate business activities not otherwise prohibited by law.
• We also utilize the data to manage our business operations, which includes analyzing our performance, enhancing our workforce, and conducting research.

Marketing and advertising. We may use your personal information to:

• Market services and products including product recommendations and other non-transactional communications via email, post, telephone, SMS or push notifications, in accordance with your marketing preferences.
• Personalize content and experiences, including advertising based on your use of the Zip Services and their purchasing patterns.
• Send offers or promotions for Zip services.
• Provide you with location-based advertisements, offers, and content tailored to your geographic area.
• We may combine your personal information with information we collect from other companies and use it to improve and personalize Zip Services, content, and advertising delivered to you and other users.

Communications. We may use your personal information to contact you in order to:

• Notify you regarding your account,
• To troubleshoot problems with your account,
• To resolve a dispute,
• To collect fees or monies owed,
• To poll your opinions through surveys or questionnaires
• To contact you to offer coupons, discounts, and promotions, and inform you about Zip Services and the services of our corporate family.
• Finally, we may contact you as necessary to enforce our policies, applicable law, or any agreement we may have with you.

To reach you as efficiently as possible, we may contact you via phone and may use auto-dialed or prerecorded calls and text messages. Where applicable and permitted by law, you may decline to receive certain communications.

Compliance and Legal Obligations. We may use your personal information to:

• Comply with legal and regulatory requirements.
• Exercise our rights in the course of judicial, administrative, or arbitration proceedings.
• In connection with a corporate transaction such as a divestiture, merger, acquisition, consolidation, asset sale, or in the unlikely event of bankruptcy.
• Protect against misuse or abuse of our Services and protect the rights and interests of our customers, merchants, site visitors, and the general public, as well as to ensure compliance with our Terms of Service and this Privacy Policy.

Employment and Recruiting. We may use your personal information to:

• Verify your information and carry out background and reference checks, where applicable
• Communicate with you about the recruitment process.
• Refer to please refer to Zip Co US. Inc., Applicant and Candidate Privacy Notice for more details on how we use your personal information for employment and recruitment purposes.

Machine Learning: We may use your personal information to:

• Analyze, develop, and improve Zip products and services, and for security and compliance purposes.
• Assess your creditworthiness and determine your eligibility for Zip services

Artificial Intelligence (AI): We may use your personal information to:

You may provide certain information to us when you interact with an automated assistance chatbot on the Zip Website or App, which our service provider enables on our behalf. Note that your conversations with any chatbot present on these platforms may be monitored and recorded and any personal information you provide will be handled by us and our service provider in accordance with this Privacy Policy. We may use AI to process your interactions with features on the Zip website such as chatbots, digital assistants, or other digital conversational experiences powered by artificial intelligence.

Our contracts with our AI Service Providers require that they do not collect, use or disclose any information provided to them, except to provide the services we specifically request. Also, we may process your personal information using automated and manual (human) methods.

Non-Personal Information

We may also use Non-Personal Information such as aggregate and anonymized data for the following purposes:

Statistical Analysis and Service Enhancement

We analyze non-personal information to gain insights into the overall usage patterns of our services. This analysis helps us identify areas for improvement, optimize system performance, and enhance the functionality of our platforms. By understanding how users interact with our services on a broader scale, we can make data-driven adjustments to deliver a better experience for all customers.

Product Development and Innovation

Our commitment to innovation drives us to develop new financial products and services that meet the evolving needs of our customers. Non-personal information serves as a foundational element in this process. By analyzing non-personal data, we can identify market trends, preferences, and emerging financial needs. This, in turn, informs the development of innovative financial solutions designed to benefit our customers and the broader community.

Marketing and Advertising

Non-personal information also plays a role in tailoring our marketing and advertising efforts. Through aggregated data analysis, we create audience segments based on demographic information, usage patterns, and geographic location. These segments help us develop more targeted marketing campaigns, ensuring that our communications and promotions are relevant and valuable to our customers.

How do we share your Personal Information

We may disclose personal data, including sensitive personal data, to the following categories of recipients, for the business purposes described in this Privacy Policy and below:

Disclosures with Subsidiaries and Affiliates

We may share your personal information with affiliates under common ownership or control of Zip to help detect and prevent potentially illegal acts and violations of our and their policies, and to guide decisions about their products, services, and communications. Members of our corporate family will use this information to send you marketing communications only if you have requested their service.

Disclosures to Merchants

When transacting with merchants of goods and services (“Merchants”), we provide those parties with information about you that is necessary to complete the transaction, such as your name, account ID, contact details, shipping and billing address, or other information needed to promote the reliability and security of the transaction. If a transaction is held, fails, or is later invalidated, we may also provide details of the unsuccessful transaction. Merchants may also share personal information about you with us, which can include transactional details that allow for an expedited and enhanced Identity Verification and Fraud check process during your onboarding with Zip.

We do not share your bank account information or card account information with any Merchants. We work with third parties, including Merchants, to enable them to accept or send payments from or to you using Zip. In doing so, a third party may share information about you with us, such as your email address or mobile phone number. We use this information to confirm that you are a Zip customer and that Zip as a form of payment can be enabled, or to send you notification of payment status. Also, if you request that we validate your status as a Zip customer with a third party, we will do so.

Please note that Merchants and other third parties from whom you buy or with whom you contract will have their own privacy policies, and although Zip’s User Agreement does not allow the other transacting party to use any personal information we give them for anything other than providing Zip’s Services, Zip is not responsible for their actions, including their information protection practices.

Regardless, we will not disclose your credit card number or bank account number to anyone you have paid or who has paid you using Zip, or with the third parties that offer or use Zip Services, except with your express permission or if we are required to do so to comply with applicable credit card association rules, a subpoena, or another legal process.

Disclosures to other Third Parties

We may share your personal information with other parties including:

• Financial institutions that we partner with to jointly create and offer a product. These financial institutions may only use this information to market Zip-related products unless you have given consent for other uses.
• Banking partners as required by credit card association rules for inclusion on their list of terminated merchants.
• Persons or companies who may invest or have invested in us, or with which we plan to merge, or with which we are considering acquiring or being acquired by. (Should such a combination transaction occur, we will require that the new combined entity follow this Privacy Policy with respect to your personal information. If your personal information could be used contrary to this policy, you will receive prior notice.)
• Law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to Zip or one of its affiliates; when we need to do so to comply with law or credit card association rules; or when we believe, in our sole discretion, that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our User Agreement.

We may also share your personal information in the following circumstances:

• With Service Providers: to enable service providers under contract with us to support our business operations, such as fraud prevention, bill collection, marketing, customer service and technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.
• For Advertising and Analytics: Zip may share nonpublic personal information with nonaffiliates to market to you. This may include your name, e-mail address, telephone number, or postal address.
• For Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk.
• For Customer Service: for customer service purposes, including to help service your accounts or resolve disputes (e.g., billing or transactional).
• For Legal and Compliance Reasons: to help them comply with anti-money laundering and counter terrorist financing verification requirements.
• With other third parties with your consent or direction to do so.

Please note that these third parties may be in other countries where the laws on processing personal information may be less stringent than in your country.

We currently do not - but reserve the right in the future to - share your information with credit bureaus and collection agencies to report account information, as permitted or required by law.

If you open a Zip account directly on a third-party website or via a third-party application, any information that you enter on that website or application (and not directly on a Zip website) will be shared with the owner of the third-party website or application. These websites are governed by their own privacy policies and you are encouraged to review their privacy policies before providing them with personal information. Zip is not responsible for the content or information practices of such third parties.

How we protect and store Personal Information

Data Minimization and Privacy by Design

We strictly adhere to the principle of Data Minimization by collecting and retaining only the data necessary to fulfill the purposes outlined in this policy. We routinely review the data we collect to ensure its continued relevance and necessity. We have also integrated Privacy by Design principles into every aspect of our services. This means that we’ve built our products and services with your privacy in mind from the very beginning.

Security Measures

Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, the use of third-party service providers. We, and third-party service providers on our behalf, store and process your personal information in the United States and elsewhere in the world. If your information is transferred to other countries, including countries that may not have data protection laws that provide the same level of protection that exists in your country, we will protect the information as described in this Privacy Policy. Where we use service providers who might have access to your Personal Information, we require them to have privacy and security standards that are comparable to ours. We use contracts and other measures with our service providers to maintain the confidentiality and security of your Personal Information and to prevent it from being used for any other purpose.

We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to data centers, and information access authorization controls.

Data Breaches

A data breach generally refers to the unauthorized access and retrieval of information that may include corporate and personal data. Managing data breaches is important to protect the personal data of our customers when a data breach occurs. In the event of a data breach, in certain circumstances we are legally obliged to report the breach to relevant regulatory authorities or government agencies. In accordance with privacy legislation, we will also notify the individuals directly affected by the breach.

How long we keep your Personal Information

Personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Privacy Policy, unless a longer retention period is permitted or required by applicable law.

The retention period for personal information is determined based on the following criteria:

• Legal and Regulatory Requirements: We retain personal information for the period required by applicable laws and regulations, including but not limited to financial, tax, and consumer protection laws.
• Business and Operational Needs: We retain personal information for as long as necessary to fulfill the purposes outlined in our Privacy Policy and to meet our legitimate business and operational needs.
• Customer Relationship: We may retain personal information for the duration of our relationship with you, including the provision of ongoing services and account management.
• Contractual Obligations: Personal information may be retained to fulfill contractual obligations, including the management of customer accounts and transaction processing.
• Statute of Limitations: In some cases, personal information may be retained for the period necessary to defend against legal claims, such as the statute of limitations.

At the end of the respective retention periods, we take appropriate measures to securely dispose of or anonymize your personal data in compliance with relevant laws and regulations. Data disposal methods may include deletion, encryption, or anonymization to ensure that the information cannot be retrieved or identified.

Protecting the Privacy of Children

We comply with the requirements of the Children's Online Privacy Protection Act. We do not knowingly or intentionally collect or sell personal information from children under the age of 13. Our website, products, and services are directed to individuals who are at least 13 years of age or older.

If you learn that your child has provided us with personal information without your consent, you may contact us as set forth herein. If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child's account.

Your Personal Information rights and choices

How you can access, correct or delete your personal information

You may request to access, delete or correct the personal information that you have provided to us. Depending on where you live and the type of information you have provided to Zip, you may have different rights and choices for managing your personal data. For example, certain state laws do not apply to personal data collected, processed, or disclosed by a financial institution according to federal laws, such as the Gramm Leach-Bliley Act. Accordingly, the ability to access, correct or delete data is not absolute and is subject to Zip's internal policies.

To submit a request: - Submit a “Data Access Request” or “Data Deletion Request” through our Help Center; - Email us at privacy.usa@zip.co; Or - Call our toll free number at 1-888-322-5037

You can review and edit your personal information at any time by logging in to your account and reviewing your account settings and profile. You can also close your account by submitting a request with Customer Service through the Zip website. If you close your Zip account, we will mark your account in our database as “Closed,” but may retain personal information from your account for a certain period of time and disclose it in a manner consistent with our practices under this Privacy Policy for accounts that are not closed. We also may retain personal information from your account to collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud, enforce our User Agreement, or take other actions as required or permitted by law.

How you can restrict us from using/sharing your Personal Information

We respect your privacy and provide you with the ability to make certain choices about how we use your personal information, as described below.

Marketing and Promotional Communications

If you no longer wish to receive notifications via our application, you can adjust your preferences by visiting the settings in the Account tab of your application or your device settings.

You may wish to unsubscribe from marketing emails by clicking the “Unsubscribe” link in the email footer or by contacting Zip Customer Service. Note that even if you opt out of receiving marketing and promotional communications from us, you will still receive non-marketing or transactional messages from us, including messages about your account and responses to your inquiries/requests.

Mobile Devices

We may send you push notifications through our mobile application. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.

Text Messages

You may opt out of receiving text messages (including SMS) from us by following the instructions in the text message you have received from. You will also have the ability to resubscribe at a later date if you wish.

Cookies and Tracking Technology

You are free to decline our cookies if your browser or browser add-on permits unless our Cookies are required to prevent fraud or ensure the security of websites we control. However, declining our Cookies may interfere with your use of our website and Zip Services.

In addition to session-based cookies, we utilize third-party cookies from vendors that have been thoroughly vetted for analytics and marketing purposes. These third-party cookies help us better analyze and customize our users' experience as well as deliver interest-based and retargeting advertisements on websites throughout the Internet. These third parties may collect personally identifiable information about your online activities over time and across different websites when you use Zip Services. You have the right to control behavioral and interest-based marketing. For example, some browsers can be set to notify you when you receive a cookie, giving you the chance to decide whether to accept it. In addition, you may be able to opt out of some third party cookies by using the following websites: https://www.aboutads.info/choices or https://www.networkadvertising.org/choices.

We also use Google Analytics to generate statistical and other information about the use of Zip Services by means of cookies. To learn more about Google's privacy policy, please visit: https://www.google.com/policies/privacy/. You can also learn more about how to opt-out of the collection and processing of such information by Google by visiting this website: https://tools.google.com/dlpage/gaoptout.

Even if you disable tracking, keep in mind that you may still receive interest-based advertising, including from third parties with whom your information had been previously disclosed, or advertising from third parties that is not based on your interests and preferences.

Do Not Track Signals

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not currently respond to DNT signals. We do, however, provide you notice of the tracking by advertisers and other third parties in our Privacy Policy.

Your Right to Opt-Out of Information Sharing

If you prefer that we not disclose your Personal Information to unaffiliated third parties, you may opt out of those disclosures. You may opt-out by:

• Calling our toll free number at 1-888-322-5037 and following the menu prompts
• Visiting our Help Center and submitting a “Do Not Sell or Share my Personal Information” request.

Please note that certain exceptions may apply under applicable laws and regulations that allow us to share your information without your consent for specific purposes, such as processing transactions and servicing your accounts. These exceptions are permitted by law and are not affected by your decision to opt-out

Other Privacy Protections and Exemptions

Vermont residents: We will not share information we collect about you with nonaffiliates, except as permitted by law, including with your consent or to service your account. We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.

California residents: The California Consumer Privacy Act describes your privacy rights and explains how to exercise those rights. Please review the Provisions Applicable to California Consumers section in this policy.

Please note there may be situations where we cannot grant your request, for example, where retention of your data is required by an overriding federal law.

Provisions applicable to California consumers

California Privacy Rights

This section supplements the information contained in our Privacy Policy and applies to our consumers who reside in the State of California. Our privacy practices are aligned with the requirements of the California Consumer Privacy Act of 2018 (CCPA) and the California Consumer Privacy Act (CPRA).

Under the CCPA, “personal information” is defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household,” and we use that meaning in this section.

Notice at Collection

California Consumers have the right to receive notice of our practices, including the categories of personal information and sensitive information we collect, the purposes for which information is collected or used, with whom we may share your personal information with and how long such information is retained. You may find those details within this Privacy Policy.

Use and Disclosure of Sensitive Personal Information

As detailed in the section “What Personal Information We Collect”, we may collect certain “sensitive personal information” (as defined under CPRA). However, we do not use or disclose sensitive personal information for any purpose outside of the limited permissible purposes set forth in the regulations implementing the CCPA. These purposes include providing the Services and preventing, detecting, and investigating security incidents.

Your Legal Rights

Opt-out of Sales and/or Sharing

In the 12 months preceding the date of this Privacy Policy, we "sold" and/or "shared" personal information for "cross-context behavioral advertising", with respect to California residents covered by the CPRA. We do not knowingly "sell" or "share" for "cross-context behavioral advertising" personal information of minors under 16 years of age.

Please refer to the “Your Right to Opt-Out of Information Sharing” section for instructions on how to submit a “Do not sell or share my personal information” request.

Right to equal service

Zip will not discriminate against California Consumers on the basis of the exercise or non-exercise of any rights hereunder, including, but not limited to, by:

• Denying goods or services on such basis;
• Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties, on such basis;
• Providing differing levels of quality of goods or services on such basis; or
• Suggesting that California Consumers will receive a different price or rate for goods or services or a different level or quality of goods or services.

Right to know/access Personal Information

California Consumers have the right to request that we disclose to them the categories of personal information we have collected about them, the categories of sources from which the personal information has been collected, the business or commercial purpose for collecting or selling personal information, the categories of third parties with whom we share the personal information, the specific pieces of personal information we have collected about them, and the categories of personal information that was disclosed for a business purpose.

Please refer to the “How you can access, correct or delete your personal information” section for instructions on how to submit a Data Access Request.

Right to request deletion of Personal Information

California Consumers have the right to request that Zip and our Service Providers delete any personal information about them that we have collected from the California Consumers. To protect our customers' personal information, we are required to verify the requestor's identity before we can act on any such request. The right of deletion may be subject to certain CCPA/ CPRA exceptions.

Please refer to the “How you can access, correct or delete your personal information” section for instructions on how to submit a Data Deletion Request.

Right to correct inaccurate Personal Information

You have the right to request that we correct inaccurate consumer information about you that we maintain, taking into account the nature of the consumer information and the purposes of the processing of the consumer information. You may update your personal information by logging in to your account and reviewing your account settings and profile. You can also submit a request to our Customer Service through the Zip website.

Exercising Your Rights

Please note these disclosures are not required to include any information about activity that occurred prior to January 1, 2022. Please also note that a covered business is not required to honor more than two (2) of these requests from the same consumer during any 12-month period.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such a decision and provide you with a cost estimate before completing your request.

Verification of Identity

In order to protect your personal information from unauthorized access or deletion, we may require you to verify your credentials before you can submit a privacy rights request. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in such a request to verify the requestor's identity. Please be prepared to provide us with your full name, your email, your date of birth, and billing zip code.

Authorized Agents

You may also designate an authorized agent to make such requests on your behalf by sending us an email with your designated authorized agent's information. We reserve the right to take additional steps as necessary to verify the identity of California Consumers where we have reason to believe a request is suspect or fraudulent.

How you can contact us about privacy questions

If you have questions or concerns regarding this Privacy Policy, you should contact us at privacy.usa@zip.co.