Last Updated and Effective as of October 5, 2023
Our corporate affiliates maintain their own privacy policies, which govern the data they gather from the products, services, and applications they offer. Any information collected in accordance with this Policy and shared with our affiliates will continue to be treated in accordance with the principles outlined in this Policy.
If you are a resident of California, you may have additional rights, described in our Provisions Applicable to California Consumers section below.
Collection of Personal Information
The personal information that we collect or otherwise receive about you depends on the context of your interactions with Zip, how you configure your account, and the choices you make, including your privacy settings. We collect information from various sources including information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.
We collect two basic types of information from you in conjunction with your use of Zip Services (collectively your “personal information”):
- Personally identifiable information;
- and non-personally identifiable information;
When we say "personally identifiable information" we mean any information related to an identified or identifiable natural person. Non-personally identifiable information is information that does not identify you directly but may be linkable to you.
What Personal Information Do We Collect?
The following are the categories and specific types of personal data or information we may collect:
Account Profile Data and Identity Verification Information
When you create an account, we may collect certain personal information that can be used to identify you, such as your full name, email address, date of birth, telephone number, postal address, IP address, Social Security Number (SSN), password and account preferences.
Including your financial account details that you provide, such as credit/ debit card numbers or your ACH banking details. We may directly collect or store payment card or financial information entered through our Services including the last four digits of your payment card or financial information. We may receive other data associated with your financial information such as your billing details, account types and balances or limits, income, bank statements and transaction and purchase history details.
Audio, Electronic, Visual and Similar Information
We gather data that you share during your interactions with our customer service representatives and channels. This information may include: telephone conversation recordings and call monitoring records, social media messaging/ posting, chat and text records (including chatbots), email correspondence, voicemails, photographs, and video images. By communicating with Zip, unless otherwise provided by applicable law, you acknowledge that your communication may be overheard, monitored, or recorded without further notice or warning.
Marketing and Communications Data
Such as your preferences for receiving our marketing communications and details about your engagement with them. Occasionally, we may extend to you the opportunity to take part in our contests, sweepstakes, surveys or other similar campaigns. Participation in sweepstakes, contests or surveys is voluntary, and users have the choice whether to participate or not. If you participate, we may request certain personally identifiable information from you which may include details such as name, residential address, age range, or postal address. This information may be used to distribute and collect surveys, notify contest winners and award prizes, improve our products and services, conduct market research including to provide demographic insights.
If you grant permission in your device settings, we may collect your approximate or precise geolocation data and use your geolocation information to operate and customize the Service for you. We may use this information for fraud prevention and security purposes and to provide you with location-based services, such as advertising, help you find nearby stores, speed up your in-store checkout process and get access to other personalized content and offers. Most mobile devices allow you to control or disable location services in the device's setting's menu. If you have questions about how to disable your device's location services, we recommend you contact your mobile service carrier or the manufacturer of your particular device.
Professional or Employment-Related Information
If you apply for a job at Zip, you may provide us with certain personal information about yourself, such as information contained in a resume/CV, cover letter, or similar employment-related materials. For more information on how we handle Applicant and Candidate personal data, please refer to Zip Co US. Inc., Applicant and Candidate Privacy Notice.
Internet or other Electronic Network activity and analytics
Including data about the pages you access, computer IP address, device ID or unique identifier, device type, computer and connection information, mobile network information, mobile device type, statistics on page views, traffic to and from the sites, referral URL, ad data, and standard web log data and other information.
Cookies and similar technologies
When you access our website or use Zip Services, we (including companies we work with) may place small data files on your computer or another device. These data files may be cookies, pixel tags, e-tags, “Flash cookies,” or other local storage provided by your browser or associated applications (collectively “Cookies”). We use these technologies to recognize you as a customer; customize Zip Services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud, and to promote trust and safety across our sites and Zip Services.
Sensitive Personal Information
It may be necessary in some circumstances for us to collect some forms of sensitive information about you in order to provide specific services to you. Sensitive information such as government-issued identifiers including Social Security Numbers (SSN), Driver’s License, etc; account credentials; financial information; precise location; contents of certain types of messages; and criminal history. We will only collect and use sensitive information with your consent, in accordance with applicable laws or in a de-identified aggregated manner.
How do we collect your Personal Information?
Directly from you
We collect personal data you provide, such as when you use our Service, create an account, contact us, make a purchase or repayment, respond to a survey, interact with us at events, participate in a sweepstakes, contest, or other similar campaign or promotion, post a review, interact with us on social media, apply for an employment opportunity, sign up to receive emails, text messages, and/or postal mailings and any information you include in any webforms that you complete and submit.
Information we collect automatically
When you use Zip Services, we may collect information sent to us by your computer, mobile phone, or another access device using technologies such as cookies, web beacons, clear GIF, pixels, internet tags, web server logs, and other data collection tools. Certain Zip features may collect your approximate or precise geolocation information, device motion information, or both, if you grant us permission to do so through your device settings.
Information from other sources
We may obtain information about you from other sources, such as credit bureaus, consumer reporting agencies, merchant partners you interact with, payment service providers, data analytics providers, marketing or advertising service providers, social media platforms or networks, fraud prevention or identity verification service providers, electronic databases, vendors that provide services on our behalf with whom we have contractual relationships, or publicly available sources.
How we use the Personal Information we collect
Our primary purpose in collecting your personal information is to provide you with a secure, smooth, efficient, and customized experience with Zip Services. We use your personal information with your consent or as permitted or required by law, and for the following purposes:
Service delivery and operations. We may use your personal information to:
- Provide Zip Services and Products and for other customer support purposes in relation to your Zip account.
- Process transactions and send notices about your transactions.
- Resolve disputes and collect payments and/or fees.
- Verify the accuracy of and authenticate your information.
- Detect, investigate, and prevent potentially prohibited or illegal activities, such as fraud.
- Communicate changes to our policy.
- To evaluate your eligibility for pre-selection offers of our products
- Improve the services you receive from us.
- For auditing purposes to ensure our internal processes function as intended and comply with legal, regulatory and contractual obligations.
- Share information with third parties as needed to provide Zip Services.
- Conduct any other legitimate business activities not otherwise prohibited by law.
- We also utilize the data to manage our business operations, which includes analyzing our performance, enhancing our workforce, and conducting research.
Marketing and advertising. We may use your personal information to:
- Market services and products including product recommendations and other non-transactional communications via email, post, telephone, SMS or push notifications, in accordance with your marketing preferences.
- Personalize content and experiences, including advertising based on your use of the Zip Services and their purchasing patterns.
- Send offers or promotions for Zip services.
- Provide you with location-based advertisements, offers, and content tailored to your geographic area.
- We may combine your personal information with information we collect from other companies and use it to improve and personalize Zip Services, content, and advertising delivered to you and other users.
Communications. We may use your personal information to contact you in order to:
- Notify you regarding your account,
- To troubleshoot problems with your account,
- To resolve a dispute,
- To collect fees or monies owed,
- To poll your opinions through surveys or questionnaires
- To contact you to offer coupons, discounts, and promotions, and inform you about Zip Services and the services of our corporate family.
- Finally, we may contact you as necessary to enforce our policies, applicable law, or any agreement we may have with you.
To reach you as efficiently as possible, we may contact you via phone and may use auto-dialed or prerecorded calls and text messages. Where applicable and permitted by law, you may decline to receive certain communications.
Compliance and Legal Obligations. We may use your personal information to:
- Comply with legal and regulatory requirements.
- Exercise our rights in the course of judicial, administrative, or arbitration proceedings.
- In connection with a corporate transaction such as a divestiture, merger, acquisition, consolidation, asset sale, or in the unlikely event of bankruptcy.
Employment and Recruiting. We may use your personal information to:
- Verify your information and carry out background and reference checks, where applicable
- Communicate with you about the recruitment process.
- Refer to please refer to Zip Co US. Inc., Applicant and Candidate Privacy Notice for more details on how we use your personal information for employment and recruitment purposes.
Machine Learning: We may use your personal information to:
- Analyze, develop, and improve Zip products and services, and for security and compliance purposes.
- Assess your creditworthiness and determine your eligibility for Zip services
Artificial Intelligence (AI): We may use your personal information to:
Our contracts with our AI Service Providers require that they do not collect, use or disclose any information provided to them, except to provide the services we specifically request. Also, we may process your personal information using automated and manual (human) methods.
We may also use Non-Personal Information such as aggregate and anonymized data for the following purposes:
Statistical Analysis and Service Enhancement
We analyze non-personal information to gain insights into the overall usage patterns of our services. This analysis helps us identify areas for improvement, optimize system performance, and enhance the functionality of our platforms. By understanding how users interact with our services on a broader scale, we can make data-driven adjustments to deliver a better experience for all customers.
Product Development and Innovation
Our commitment to innovation drives us to develop new financial products and services that meet the evolving needs of our customers. Non-personal information serves as a foundational element in this process. By analyzing non-personal data, we can identify market trends, preferences, and emerging financial needs. This, in turn, informs the development of innovative financial solutions designed to benefit our customers and the broader community.
Marketing and Advertising
Non-personal information also plays a role in tailoring our marketing and advertising efforts. Through aggregated data analysis, we create audience segments based on demographic information, usage patterns, and geographic location. These segments help us develop more targeted marketing campaigns, ensuring that our communications and promotions are relevant and valuable to our customers.
How do we share your Personal Information
Disclosures with Subsidiaries and Affiliates
We may share your personal information with affiliates under common ownership or control of Zip to help detect and prevent potentially illegal acts and violations of our and their policies, and to guide decisions about their products, services, and communications. Members of our corporate family will use this information to send you marketing communications only if you have requested their service.
Disclosures to Merchants
When transacting with merchants of goods and services (“Merchants”), we provide those parties with information about you that is necessary to complete the transaction, such as your name, account ID, contact details, shipping and billing address, or other information needed to promote the reliability and security of the transaction. If a transaction is held, fails, or is later invalidated, we may also provide details of the unsuccessful transaction. Merchants may also share personal information about you with us, which can include transactional details that allow for an expedited and enhanced Identity Verification and Fraud check process during your onboarding with Zip.
We do not share your bank account information or card account information with any Merchants. We work with third parties, including Merchants, to enable them to accept or send payments from or to you using Zip. In doing so, a third party may share information about you with us, such as your email address or mobile phone number. We use this information to confirm that you are a Zip customer and that Zip as a form of payment can be enabled, or to send you notification of payment status. Also, if you request that we validate your status as a Zip customer with a third party, we will do so.
Please note that Merchants and other third parties from whom you buy or with whom you contract will have their own privacy policies, and although Zip’s User Agreement does not allow the other transacting party to use any personal information we give them for anything other than providing Zip’s Services, Zip is not responsible for their actions, including their information protection practices.
Regardless, we will not disclose your credit card number or bank account number to anyone you have paid or who has paid you using Zip, or with the third parties that offer or use Zip Services, except with your express permission or if we are required to do so to comply with applicable credit card association rules, a subpoena, or another legal process.
Disclosures to other Third Parties
We may share your personal information with other parties including:
- Financial institutions that we partner with to jointly create and offer a product. These financial institutions may only use this information to market Zip-related products unless you have given consent for other uses.
- Banking partners as required by credit card association rules for inclusion on their list of terminated merchants.
- Law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to Zip or one of its affiliates; when we need to do so to comply with law or credit card association rules; or when we believe, in our sole discretion, that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our User Agreement.
We may also share your personal information in the following circumstances:
- With Service Providers: to enable service providers under contract with us to support our business operations, such as fraud prevention, bill collection, marketing, customer service and technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.
- For Advertising and Analytics: Zip may share nonpublic personal information with nonaffiliates to market to you. This may include your name, e-mail address, telephone number, or postal address.
- For Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk.
- For Customer Service: for customer service purposes, including to help service your accounts or resolve disputes (e.g., billing or transactional).
- For Legal and Compliance Reasons: to help them comply with anti-money laundering and counter terrorist financing verification requirements.
- With other third parties with your consent or direction to do so.
Please note that these third parties may be in other countries where the laws on processing personal information may be less stringent than in your country.
We currently do not - but reserve the right in the future to - share your information with credit bureaus and collection agencies to report account information, as permitted or required by law.
If you open a Zip account directly on a third-party website or via a third-party application, any information that you enter on that website or application (and not directly on a Zip website) will be shared with the owner of the third-party website or application. These websites are governed by their own privacy policies and you are encouraged to review their privacy policies before providing them with personal information. Zip is not responsible for the content or information practices of such third parties.
How we protect and store Personal Information
Data Minimization and Privacy by Design
We strictly adhere to the principle of Data Minimization by collecting and retaining only the data necessary to fulfill the purposes outlined in this policy. We routinely review the data we collect to ensure its continued relevance and necessity. We have also integrated Privacy by Design principles into every aspect of our services. This means that we’ve built our products and services with your privacy in mind from the very beginning.
We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to data centers, and information access authorization controls.
A data breach generally refers to the unauthorized access and retrieval of information that may include corporate and personal data. Managing data breaches is important to protect the personal data of our customers when a data breach occurs. In the event of a data breach, in certain circumstances we are legally obliged to report the breach to relevant regulatory authorities or government agencies. In accordance with privacy legislation, we will also notify the individuals directly affected by the breach.
How long we keep your Personal Information
The retention period for personal information is determined based on the following criteria:
- Legal and Regulatory Requirements: We retain personal information for the period required by applicable laws and regulations, including but not limited to financial, tax, and consumer protection laws.
- Customer Relationship: We may retain personal information for the duration of our relationship with you, including the provision of ongoing services and account management.
- Contractual Obligations: Personal information may be retained to fulfill contractual obligations, including the management of customer accounts and transaction processing.
- Statute of Limitations: In some cases, personal information may be retained for the period necessary to defend against legal claims, such as the statute of limitations.
At the end of the respective retention periods, we take appropriate measures to securely dispose of or anonymize your personal data in compliance with relevant laws and regulations. Data disposal methods may include deletion, encryption, or anonymization to ensure that the information cannot be retrieved or identified.
Protecting the Privacy of Children
We comply with the requirements of the Children's Online Privacy Protection Act. We do not knowingly or intentionally collect or sell personal information from children under the age of 13. Our website, products, and services are directed to individuals who are at least 13 years of age or older.
If you learn that your child has provided us with personal information without your consent, you may contact us as set forth herein. If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child's account.
Your Personal Information rights and choices
How you can access, correct or delete your personal information
You may request to access, delete or correct the personal information that you have provided to us. Depending on where you live and the type of information you have provided to Zip, you may have different rights and choices for managing your personal data. For example, certain state laws do not apply to personal data collected, processed, or disclosed by a financial institution according to federal laws, such as the Gramm Leach-Bliley Act. Accordingly, the ability to access, correct or delete data is not absolute and is subject to Zip's internal policies.
How you can restrict us from using/sharing your Personal Information
We respect your privacy and provide you with the ability to make certain choices about how we use your personal information, as described below.
Marketing and Promotional Communications
If you no longer wish to receive notifications via our application, you can adjust your preferences by visiting the settings in the Account tab of your application or your device settings.
You may wish to unsubscribe from marketing emails by clicking the “Unsubscribe” link in the email footer or by contacting Zip Customer Service. Note that even if you opt out of receiving marketing and promotional communications from us, you will still receive non-marketing or transactional messages from us, including messages about your account and responses to your inquiries/requests.
We may send you push notifications through our mobile application. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.
You may opt out of receiving text messages (including SMS) from us by following the instructions in the text message you have received from. You will also have the ability to resubscribe at a later date if you wish.
Cookies and Tracking Technology
You are free to decline our cookies if your browser or browser add-on permits unless our Cookies are required to prevent fraud or ensure the security of websites we control. However, declining our Cookies may interfere with your use of our website and Zip Services.
In addition to session-based cookies, we utilize third-party cookies from vendors that have been thoroughly vetted for analytics and marketing purposes. These third-party cookies help us better analyze and customize our users' experience as well as deliver interest-based and retargeting advertisements on websites throughout the Internet. These third parties may collect personally identifiable information about your online activities over time and across different websites when you use Zip Services. You have the right to control behavioral and interest-based marketing. For example, some browsers can be set to notify you when you receive a cookie, giving you the chance to decide whether to accept it. In addition, you may be able to opt out of some third party cookies by using the following websites: https://www.aboutads.info/choices or https://www.networkadvertising.org/choices.
Even if you disable tracking, keep in mind that you may still receive interest-based advertising, including from third parties with whom your information had been previously disclosed, or advertising from third parties that is not based on your interests and preferences.
Do Not Track Signals
Your Right to Opt-Out of Information Sharing
If you prefer that we not disclose your Personal Information to unaffiliated third parties, you may opt out of those disclosures. You may opt-out by:
- Calling our toll free number at 1-888-322-5037 and following the menu prompts
- Visiting our Help Center and submitting a “Do Not Sell or Share my Personal Information” request.
Please note that certain exceptions may apply under applicable laws and regulations that allow us to share your information without your consent for specific purposes, such as processing transactions and servicing your accounts. These exceptions are permitted by law and are not affected by your decision to opt-out
Other Privacy Protections and Exemptions
Vermont residents: We will not share information we collect about you with nonaffiliates, except as permitted by law, including with your consent or to service your account. We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.
California residents: The California Consumer Privacy Act describes your privacy rights and explains how to exercise those rights. Please review the Provisions Applicable to California Consumers section in this policy.
Please note there may be situations where we cannot grant your request, for example, where retention of your data is required by an overriding federal law.
Provisions applicable to California consumers
California Privacy Rights
Under the CCPA, “personal information” is defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household,” and we use that meaning in this section.
Notice at Collection
Use and Disclosure of Sensitive Personal Information
As detailed in the section “What Personal Information We Collect”, we may collect certain “sensitive personal information” (as defined under CPRA). However, we do not use or disclose sensitive personal information for any purpose outside of the limited permissible purposes set forth in the regulations implementing the CCPA. These purposes include providing the Services and preventing, detecting, and investigating security incidents.
Your Legal Rights
Opt-out of Sales and/or Sharing
Please refer to the “Your Right to Opt-Out of Information Sharing” section for instructions on how to submit a “Do not sell or share my personal information” request.
Right to equal service
Zip will not discriminate against California Consumers on the basis of the exercise or non-exercise of any rights hereunder, including, but not limited to, by:
- Denying goods or services on such basis;
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties, on such basis;
- Providing differing levels of quality of goods or services on such basis; or
- Suggesting that California Consumers will receive a different price or rate for goods or services or a different level or quality of goods or services.
Right to know/access Personal Information
California Consumers have the right to request that we disclose to them the categories of personal information we have collected about them, the categories of sources from which the personal information has been collected, the business or commercial purpose for collecting or selling personal information, the categories of third parties with whom we share the personal information, the specific pieces of personal information we have collected about them, and the categories of personal information that was disclosed for a business purpose.
Please refer to the “How you can access, correct or delete your personal information” section for instructions on how to submit a Data Access Request.
Right to request deletion of Personal Information
California Consumers have the right to request that Zip and our Service Providers delete any personal information about them that we have collected from the California Consumers. To protect our customers' personal information, we are required to verify the requestor's identity before we can act on any such request. The right of deletion may be subject to certain CCPA/ CPRA exceptions.
Please refer to the “How you can access, correct or delete your personal information” section for instructions on how to submit a Data Deletion Request.
Right to correct inaccurate Personal Information
You have the right to request that we correct inaccurate consumer information about you that we maintain, taking into account the nature of the consumer information and the purposes of the processing of the consumer information. You may update your personal information by logging in to your account and reviewing your account settings and profile. You can also submit a request to our Customer Service through the Zip website.
Exercising Your Rights
Please note these disclosures are not required to include any information about activity that occurred prior to January 1, 2022. Please also note that a covered business is not required to honor more than two (2) of these requests from the same consumer during any 12-month period.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such a decision and provide you with a cost estimate before completing your request.
Verification of Identity
In order to protect your personal information from unauthorized access or deletion, we may require you to verify your credentials before you can submit a privacy rights request. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in such a request to verify the requestor's identity. Please be prepared to provide us with your full name, your email, your date of birth, and billing zip code.
You may also designate an authorized agent to make such requests on your behalf by sending us an email with your designated authorized agent's information. We reserve the right to take additional steps as necessary to verify the identity of California Consumers where we have reason to believe a request is suspect or fraudulent.
How you can contact us about privacy questions