Contact

Zumigo Global Privacy Policy

Effective Date: March 26, 2025

1.   INTRODUCTION

Zumigo, Inc., Zumigo India Private Limited, and all current and future affiliates and subsidiaries (hereinafter “Zumigo”, “we”, “our”, or “us”) provide digital identity verification, authentication, monitoring, and related fraud prevention solutions (our “Solutions”) to businesses and their affiliates (our “Clients”). Our Solutions help Clients prevent fraud, including by helping Clients verify and authenticate consumers when they engage with Clients through mobile and online channels.

2.   CONTACT INFORMATION

We are committed to protecting your privacy. If you have any questions, comments, or concerns about your information, this Privacy Policy (“Policy”), your privacy, or any of our privacy practices, please contact our Data Protection Officer by email us at privacy@zumigo.com. You can also contact our Data Protection Officer by writing to:

Zumigo, Inc.
Attn: Data Protection Officer
1187 Starling Ridge Court
San Jose, CA 95120

3.   DEFINITIONS

We use certain terms in this Policy, including “Controller,” “Personal Information,” “Processing” and “Processor” that are defined under various data privacy laws, including the European General Data Protection Regulation and the United Kingdom General Data Protection Regulation (collectively referred to as “GDPR”) and the Swiss Data Protection Act (the “Swiss DPA” and together with GDPR, the “European Data Protection Laws”).

Zumigo may be considered either a Controller (responsible for controlling the processing of your Personal Information”) or a Processor (responsible for processing your Personal Information) and in some circumstances, we may act as both a Controller and a Processor.

If the European Data Protection Laws apply to you, please see the “Data Transfers From Outside the United States” section below for further information about your rights.

4.    WHAT DOES THIS PRIVACY POLICY COVER?

This Policy applies when Zumigo is the Controller of your Personal Information. This includes your use of our website and branded social media pages, as well as when you receive emails, texts, faxes or have other communications with us (collectively, our “Sites”).

Zumigo acts in different roles with respect to your Personal Information depending on the nature of the Processing. Zumigo acts as a Data Controller when we conduct business through the Sites or when we communicate with Clients. At those times we may process Personal Information (as defined below) such as name, business email, business phone number, business names, and business titles. Zumigo does not share or resell any of this information with third parties.

Zumigo acts as a Data Processor when we offer our Solutions to Clients. At those times our Clients are the data controllers collecting Personal Information from their own products and services offered to their consumers. Zumigo does not store Personal Information and only acts as an agent to process such information on behalf of our Clients.

There may be certain circumstances where more than one Controller Processes your Personal Information, When this occurs, we act as an independent Controller only over our Processing activities. Each Controller is responsible for meeting their own obligations under applicable global privacy and data protection laws.

Zumigo is not responsible for other Controllers’ Processing activities, including our Clients and other Joint Controllers.

5.   PERSONAL INFORMATION WE PROCESS

When you access the or use our Solutions, we may process the following personal information (also known as personal data or PII) (“Personal Information”):

    • Real name or alias
    • Postal address
    • Email address
    • Account name
    • Social Security number
    • Driver’s license or state identification card number
    • Telephone number
    • Bank account number
    • Credit Card number
    • Debit card number
    • Other financial information

We may also process information on how the Site is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (“IP address”), user agent, browser type, browser version, operating system, the pages of our Site that you visit, search queries you perform, information you may post to the Site, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data, and configuration input provided using the Site’s forms, such as keywords, categories, and search terms.

We may also receive and process employment-related information, such as employment history, resumes, background information, recordings of interviews, and other relevant information to help us to recruit new employees and independent contractors, and to manage our interactions with current employees and independent contractors.

6.   COOKIES AND WEB BEACONS

A cookie is a small file of letters and numbers that is stored on your internet browser or on the hard drive of your computer. Cookies contain information that can then be transferred from your computer’s hard drive to a third party. Unless you have blocked the use of cookies, Zumigo may set cookies on your computer or mobile device in accordance with the Cookie Preferences.

First-party cookies

First-party cookies are those cookies set by a website that is being visited by the user at the time (e.g. cookies placed by this website).

Third-party cookies

Third-party cookies are those cookies that are set by a domain other than that of the website being visited by the user. If a user visits a website and another entity sets a cookie through that website, that cookie would be a third-party cookie.

Session cookies

Session cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when the user closes the browser window. Session cookies are temporary in nature. Once a user closes a browser, all session cookies are deleted.

Required cookies

These cookies enable core website functionality in providing services and allow users to navigate websites and use essential features (like secure areas and shopping baskets). Without these cookies, requested services cannot be provided. Required cookies are not intended to nor do they gather any information about users that could be used for marketing or remembering where you have been on the internet.

We may use these required cookies to:

    • Identify you as being logged into our Sites;
    • Make sure you connect to the right service on our Sites when we make any changes to the way our Sites work; and
    • Route users to specific applications of a service.

Accepting required cookies is a condition of using our Sites; if you block or disable these cookies through your browser settings, your use of our Sites may be negatively impacted, including how our Site security features will perform during your visit.

Functional cookies

Functional cookies allow us to analyze website usage and measure Site performance in order to improve the user’s experience and understand users’ interests. Functional cookies collect information about how you use our Sites including which pages you visit and if you experience any errors while visiting our Sites.

We use functional cookies for:

    • Web Analytics: To provide statistics on how our Sites are used;
    • Error Management: To help us improve our Sites’ performance by tracking and measuring any errors that occur;
    • Testing Designs: To test different designs of our Sites; and
    • Remembering preference settings you have applied, such as layout, text size, preferences and colors.

You can control whether or not these cookies are launched through the Cookie Preferences or your browser settings, but preventing them may impact some services and targeted advertising.

Advertising cookies

Advertising cookies are linked to services provided by third parties, such as “Like” and “Share” buttons. Third parties provide these services in return for recognizing that you have visited our Sites. Third-party vendors, such as Google, may use these cookies and/or device identifiers to offer ads based on your past user activity. You can use your settings to control the use of device identifiers as noted below.

We use Advertising cookies to:

    • Link to social media networks (such as Facebook), who may subsequently use information about your visit to our Sites to target advertisements to you on other websites; and
    • Provide advertising agencies with information on your visit to our Sites so that they can present you with advertisements that you may be interested in.

Deleting and blocking cookies

You may block cookies through your internet browser settings by refusing the setting of all or some cookies on your computer or mobile device. However, if you use your internet browser settings to block all cookies (including those cookies that are required for the operation of the website(s)), you may not be able to access all or parts of our Sites. Unless you have adjusted your internet browser setting so that it will refuse cookies, our Site will automatically launch required cookies as soon as you visit it as noted above.

You can control the types of cookies permitted through the Cookie Preferences as noted below.

How to turn cookies off

The main internet browsers allow you to change your cookie settings. These settings will typically be found in the ‘options’ or ‘preferences’ menu of your internet browser. Use the ‘Help’ option in your internet browser for more details.

Beacons

Pages of the Site and our electronic communications (e.g., e-mails) may contain small electronic files known as web beacons (also referred to as clear gifs. pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

7.   CHILDREN

Zumigo does not knowingly process Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to Zumigo through the Sites or Solutions, please contact us at privacy@zumigo.com and we will endeavor to delete that information from our databases.

8.   “DO NOT TRACK” SIGNALS

Zumigo may, and we may allow our vendors and other third parties to, use cookies or other technologies on our Sites or in our Solutions that collect information about your browsing activities over time and across different websites following your use of the Sites or Solutions. We currently do not respond to “Do Not Track” (DNT) signals and operate as described in this Policy whether or not a DNT signal is received.

9.   LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION

If you are from the European Economic Area (“EEA”), Switzerland or the United Kingdom (“UK”), our legal basis under the General Data Protection Regulation for processing and using the Personal Information described in this Policy depends on the Personal Information we process and the specific context in which we process it. We may process your Personal Information because:

    • We need to perform a contract with you;
    • You have given us permission to do so;
    • The processing is in our legitimate interests and it’s not overridden by your rights;
    • For payment processing purposes; and/or
    • To comply with the law.

10.   HOW WE USE PERSONAL INFORMATION

Zumigo may use your Personal Information to:

    • Operate, maintain, improve, and provide to you the features and functionality of our Sites and/or Solutions
    • Enhance our Sites, as your information helps us to more effectively respond to your customer service requests and support needs
    • Contact you, including about the information you have provided through our Sites
    • Set up and administer accounts for our Sites and/or Solutions
    • Process transactions for our Sites and/or Solutions
    • Deliver marketing and events communication
    • Prevent fraud and abuse using our Solutions
    • Enable identity authentication and otherwise operate, maintain, and provide our Sites and/or Solutions
    • Perform any other action we may describe when you provide the information

In cases where our legal basis to Process your Personal Information is based on your consent, that consent may be revoked at any time by contacting us (see Contact Information). Please note that if you withdraw your consent, we may not be able to provide you with an optimal user experience with our Sites and/or Solutions. We will explain the impact to you at the time to help you with your decision.

11.  HOW WE SHARE YOUR PERSONAL INFORMATION

Zumigo may share Personal Information in the following circumstances:

    • Vendors and Trusted Sources: In our continuing efforts to provide our Site in a manner that is convenient and helpful to a growing number of customers, we use the services of trusted service providers (“Trusted Sources”) to help us host and secure the Site, perform Site-related services, analyze how the Site is used, and manage our These services, which include but are not limited to companies that provide cloud services, infrastructure, analytics services, and software to help us host and maintain the Site, and manage our business and customer relationships, may process Personal Information. We take commercially reasonable steps to ensure that these Service Providers are secure and, do not sell or disclose the Personal Information to other parties, or use Personal Information for any purposes other than the services they are providing to us.
    • Clients: We may share Personal Information we receive from our vendors and Trusted Sources with a Client to whom you interact in order to provide Solutions to that We do not share this Personal Information between Clients. Our Clients may have their own privacy policies which govern their use of Personal Information.
    • Business Transfers: We may share Personal Information with other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company of a third party, or in the event of a bankruptcy or related or similar proceedings.
    • Legal Requirements: We may share Personal Information with law enforcement, regulatory authorities, courts, and governmental agencies to comply with subpoenas or other legal orders, legal or regulatory requirements, and government requests. We may also disclose Personal Information in order to verify or enforce compliance with other agreements or policies governing the Sites or Solutions, applicable laws, rules, and regulations, or whenever we believe disclosure is necessary to limit our legal liability or to protect or enforce the rights, interests, or safety of the Sites, Solutions, consumers, or other third parties. We reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.

We may also share Personal Information with others in an aggregated or otherwise anonymized form that does not identify you directly as an individual.

12.  HOW WE PROTECT YOUR PERSONAL INFORMATION

Keeping information safe. Zumigo maintains reasonable administrative, technical, and physical security measures to protect your Personal Information, including unauthorized access and use. However, no security system is impenetrable. In the event that any Personal Information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised, and take other steps, in accordance with any applicable laws and regulations. In the event Personal Information in our possession is affected by a security event, we will notify our Clients (and where appropriate, consumers directly) in accordance with our contractual obligations and applicable law.

Data retention. We may retain your Personal Information as long as appropriate for business purposes, unless we are required by law, regulation or for litigation and regulatory investigations to keep it for longer periods of time. Any Personal Information that we have acquired, either directly or from third parties, and that is no longer needed for any business or record-keeping purposes, is disposed of securely and in compliance with established best practices for secure data destruction and/or de-identification.

Personal Information that we have processed on behalf of our Clients may be retained, stored, and deleted but only in accordance with our contractual obligations and in compliance with applicable law.

13.  LINKS TO OTHER WEBSITES

Our Sites may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media websites which are not Zumigo-branded and other services. Personal Information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Policy. By providing Third Party Site links on our Sites, Zumigo does not imply that we endorse or have reviewed the privacy policies of these sites. Please contact the Third Party Sites directly for information on their privacy policies and practices.

14.  DATA TRANSFERS FROM OUTSIDE THE UNITED STATES

Your information, including Personal Information, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

Personal Information received on behalf of Clients are processed on servers based in the United States. Your Personal Information, if stored, may also be transferred to locations outside Europe from vendors or Trusted Sources we use.

Zumigo complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension to the EU-U.S. DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), as administered by the U.S. Department of Commerce and is committed to upholding the rights of EU, UK and Swiss Individuals.

Zumigo has certified to the U.S. Department of Commerce that it adheres to (1) the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the Processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF, and (2) the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the Processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zumigo commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

When we transfer your Personal Information outside Europe, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:

    • The country to which we send the Personal Information may be approved by the European Commission; or
    • The recipient may have signed a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal information.

In other circumstances, the law may permit us to otherwise transfer your Personal Information outside Europe. In all cases, however, any transfer of your Personal Information will be compliant with applicable data protection law.

In the event your Personal Information is transferred to a third-party under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Zumigo shall remain liable if a third-party acting as an agent on our behalf processes your Personal Information in a manner that is inconsistent with the DPF Principles, unless we are able to prove that we are not responsible for the event giving rise to the damage.

You also have the ability, under the EU-U.S. DPF, the UK extension to the EU-U.S., under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance that is not resolved by any of the other DPF mechanisms. To do so, you must deliver notice to us and follow the procedures and subject to the conditions set forth in Annex I.

Note that the Federal Trade Commission has jurisdiction over Zumigo’s compliance the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

You can request more details of the protection given to your Personal Information when it is transferred outside Europe (including a sample copy of the model contractual clauses) by using the details set out above in the “Contact Information” section.

15.  HOW TO EXERCISE YOUR PRIVACY RIGHTS

Contact our Data Protection Officer using the contact information provided below to exercise any of your privacy rights. We commit to grant them within 30 days after receipt or less.

16.  OTHER ITEMS

Notification requirements. We commit to notify you, when it is needed under the law, within a reasonable period of time and your data protection authority within the timeframe specified in applicable law about data breaches related to your Personal Information.

Data Protection Authorities. Subject to applicable laws, you may have the right to lodge a complaint with your local data protection authority about any of our activities that you deem are not compliant with applicable law.

Cross-Border Data Transfers. If we transfer your Personal Information from the EEA, Switzerland or UK to another country that is not deemed by the European Commission, Switzerland and/or UK Government, as applicable, to provide an adequate level of protection to Personal Information, that transfer will be performed subject to appropriate safeguards and otherwise in accordance with applicable European data protection legislation. For example, we may use specific appropriate safeguards, which are designed to give Personal Information effectively the same protection it has in Europe – such as standard- form contracts approved by relevant authorities for this purpose. Please contact us for further information about any such transfers or the specific safeguards applied.

17.   YOUR RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT (“CCPA”)

If you are a California resident, then under the CCPA, you have certain rights regarding the Personal Information that we may have processed about you. These rights may include the following:

    • You can request the following information about how we have processed and used your Personal Information during the past 12 months:
      • The categories of Personal Information that we have processed;
      • The categories of sources from which we processed Personal Information;
      • The business or commercial purpose for processing, selling and/or sharing Personal Information;
      • The categories of third parties with whom we disclose Personal Information;
      • The categories of Personal Information that we sold, disclosed, or shared for a business purpose, and
      • The categories of third parties to whom the Personal Information was sold, shared or disclosed for a business purpose;
    • You can request a copy of the Personal Information that we have processed about you during the past 12 months;
    • You can ask us to delete the Personal Information that we have processed from you;
    • You can ask us to correct inaccurate Personal Information that we have processed about you;
    • You can request to opt-out of disclosures of your Personal Information that constitute “selling” or “sharing” of your Personal Information as defined in the CCPA; and
    • You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA

Please note that your rights to have Personal Information deleted are subject to several exceptions, specifically the Personal Information that is necessary for us to:

    • Complete your transaction;
    • Provide you a good or service;
    • Perform a contract between us and you;
    • Protect your security and prosecute those responsible for breaching it;
    • Fix our system in the case of a bug;
    • Protect the free speech rights of you or other users;
    • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code 1546 et seq.);
    • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
    • Comply with a legal obligation; or
    • Make other internal and lawful uses of the information that are compatible with the context in which you provided it.

How to Exercise Your Privacy Rights

Contact our Data Protection Officer using the contact information above. We commit to respond to your request within 30 days after receipt or less. We may require you to prove your identity in some cases as noted in further detail below. This is made to ensure that no rights of third parties are violated by your request.

Please keep in mind that in the case of a vague request we may engage in a dialogue so as to better understand the motivation and content of the request. We reserve the right to reject requests that are unduly burdensome or repetitive in nature, or if there are legal obligations to maintain the data due to a dispute, compliance, audit, or other investigation.

Verification of Identity

To verify your identity, we may require receipt of an email from an account that matches the email we have on record for you (if one exists), authentication into an online account with us (if you have one), information that we match against information we maintain about you, government identification, a declaration under penalty of perjury or other information, where permitted by law. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with written confirmation that you have given the authorized agent permission to submit the request.

Sharing or Sale of Your Personal Information

We may share your Personal Information under the circumstances outlined in the How We Share Your Personal Information section above.

Notice of Right to Opt-Out of the “Selling” or “Sharing” of Your Personal Information

Like many companies, we use services that help deliver interest-based ads to you. Our use of some of these services may be classified under California law as a “selling” or “sharing” your Personal Information (including your business and personal contact information, device data, and online activity data described above in “Personal Information We Process” section above) with the advertising partners that provide the services. You can submit requests to opt-out of this “selling” or “sharing” as noted above. We have no actual knowledge that we have sold or shared the Personal Information of any California residents under the age of 18.

Anonymized Data

Anonymized Data, which cannot be re-identified and does not identify you or any individual person, is exempted under the CCPA (e.g., see Section 1798.145. Exemptions) and may be shared with third parties as summarized above.

Shine the Light

California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about businesses’ practices related to disclosing Personal Information to third parties for the third parties’ direct marketing purposes. Alternatively, such businesses may have in place a policy not to disclose Personal Information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information- sharing. We do not participate in the sharing of your Personal Information with third parties for the third parties’ direct marketing purposes, so there is no need to opt-out.

18.  YOUR RIGHTS IN VARIOUS OTHER JURISDICTIONS

Various other states, including but not limited to, Colorado, Connecticut, Virginia, and Utah, have passed laws providing their state residents rights that are the same or similar to those afforded under the CCPA and the GDPR. These rights, which we honor in the same fashion as outlined above, include without limitation rights to:

    • Confirm whether we process their Personal Information
    • Access and delete certain Personal Information
    • Data portability
    • Opt-out of Personal Information processing for targeted advertising and sales

Some states also provide their state residents with rights to:

    • Correct inaccuracies in their Personal Information, taking into account the information’s nature processing purpose
    • Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects

Outside of the US, if you are a resident of another country, state, or province with applicable data privacy laws and regulations that afford you with privacy rights similar to those afforded by the GDPR, CCPA, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), or other similar laws or regulations, we will honor any requests from you to exercise those privacy rights in accordance with those data privacy laws and regulations to the extent possible.

19.  COMMUNICATION OPT-OUT

You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us using the information above. Note that you may continue to receive service-related and other non-marketing emails.

Declining to provide information

We need to process certain Personal Information to provide the Site. If you do not provide the Personal Information we identify as required or mandatory, we may not be able to provide the Site.

20.  CHANGES TO OUR PRIVACY POLICY

We reserve the right to change this Policy from time to time in our sole discretion. Since we may modify this Policy from time to time, we recommend that you check the current version of this Policy periodically. If we make any modifications to this Policy, we will update the “Effective Date” at the top of this Policy. By continuing to use the Sites and Solutions or providing us with information after we have posted any updates to this Policy, you consent to the revised Policy and practices described in it.

 

Updated March 26, 2025