Last updated January 31, 2024
Thank you for visiting Zora! Zora Labs, Inc. ("Zora", “Company”, “we”, “us”, or “our”) is committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at [email protected]
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us:
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when registering with our Services and expressing an interest in obtaining information about us or our products and services. This includes:
Your Account Information - To access the Services, users must either create a Digital Wallet (“Wallet”) or connect an external Wallet, such as MetaMask, to the Services. When you create or connect your Wallet, depending on which product you are using, you may be asked to verify your email address and create an account and profile. You may also voluntarily add additional information in your user profile. If you create an account, sign up to receive blogs or newsletters we offer, or request notifications about certain NFT collections available on our Services, we may also retain your email address. You can also verify your social media accounts (e.g. Twitter) by connecting them to your Wallet, and we may store this verification.
Your Transactions - Zora maintains a record of the transactions your Wallet engages in on the Zora platform (including bids, mints, and purchases). These transactions are connected with your connected wallet’s public key address.
Customer Support - We may collect additional information you may disclose to our customer support team.
User-Generated Content - This includes photos, images, music, videos, comments, questions, messages, works of authorship, and other content or information that you generate, transmit, or otherwise make available on the Services, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
Onchain Content - Users have the opportunity to create personalized web pages for User-Generated Content ("Mint Pages") and to display your created or collected art ("Profile Pages"). You can also comment on other creators' NFTs and Mint Pages. NOTE - Mint Pages, Profile Pages, comments, and NFTs you mint are stored onchain, and while we may be able to remove some of this content from our Services, we cannot edit or delete any information that is stored on a blockchain. You will be prompted to confirm a transaction in your Wallet for any User-Generated Content that will be stored onchain.
Job Applications. We may post job openings and opportunities on our Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use your information to assess your qualifications.
Automatically collected information:
In Short: Some information — such as IP address and/or browser and device characteristics — is collected automatically when you use our Services.
We automatically collect certain information when you visit, use or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information that is used primarily to maintain the security and operation of our Site, applications, and for our internal analytics and reporting purposes. This includes:
Metrics and Performance Data - We may collect service-related, diagnostic, and performance information. This includes high level information about your activity (such as how you use our Services and how you interact with others using our Services), clickstream data, and diagnostic, crash, website, application, and performance logs and reports.
Device and Connection Information - We may collect device-specific information when you install, access, or use our Services. This may include your IP address, device ID, browser type, operating system, and general location information (such as city, state, or geographic area).
Status Information - We may collect information about your online status on our Services, such as when you last used our Services.
Location Data - We may collect precise location data if you authorize the Services to access your device’s location.
2. HOW DO WE USE YOUR INFORMATION
In Short: We use your information to provide you with services, protect your security, communicate with you, make improvements, to market to you, and for any other purposes you have consented to.
We may use your personal information for the following purposes or as otherwise described at the time of collection:
To provide the Services. We may use your information to:
Provide, operate and improve the Services and our business;
Enable security features of the Services, including to combat spam, malware, and other security risks;
Assess your eligibility for the Services;
Communicate with you about the Services, including by responding to your support inquiries, and sending announcements, updates, and security alerts; and
Understand your needs and interests, and personalize your experience with our Services.
Research and development. This includes to:
Track and analyze your and your device’s interactions with our Services to better understand how to improve performance and customer experience;
Measure interest in our Services;
Improve and develop new products and Services; and
Ensure quality control.
Compliance, fraud prevention, and safety. To protect you and our Services, we may use your information to:
Comply with applicable laws, regulatory requirements, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
Prevent potentially prohibited or illegal activities;
Protect the safety of any person, to address fraud, security, or technical issues, or to protect the Company’s rights or property.
Marketing and advertising. We may use information to market and advertise our products to you directly based on your communications settings. This includes marketing via email campaigns and notifications within the Services. Our marketing will be conducted in accordance with your advertising marketing preferences and as permitted by applicable law.
With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?
In Short: Yes, we may share your information with service providers, business partners, government agencies, and others in order to provide our services, protect you and our business, and to comply with applicable laws.
We may need to process your data or share your personal information in the following situations:
Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: data analysis, anti-money laundering and compliance service providers, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Services, which will enable them to collect data about how you interact with the Company over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Law Enforcement and other Authorities. We may share information with with law enforcement, government officials, or other third parties when: (1) we are compelled to do so by a subpoena, court order, or similar legal procedure; or (2) We believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our Terms.
Business Partners. We may share your information with our business partners to offer you certain products, services or promotions.
Like many online services, we may use tracking technologies, such as cookies and similar technologies (such as web beacons and pixels) in order to automatically collect and store information (see the “Automatically Collected Information” section above for more information). Specifically, we may use the following technologies:
Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating analytics and online advertising.
Local storage technologies, like HTML5 and Flash, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email address was accessed or opened, or that certain content was viewed or clicked.
You can follow the instructions provided by your browser or device (usually located under "Settings" or "Preferences") to modify your cookie or pixel data settings. Please note that if you set your browser or device to disable cookies, certain of our Services may not function properly.
5. HOW IS YOUR INFORMATION PROTECTED?
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
In Short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in the United States. If you are accessing our from outside, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information (see "WILL YOUR INFORMATION BE SHARED WITH ANYONE?" above), in and other countries.
7. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?
In Short: We are not responsible for the safety of any information that you share with third-party providers who advertise, but are not affiliated with, our websites.
8. HOW LONG DO WE KEEP YOUR INFORMATION?
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
9. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor over the age of 13 and consent to such minor dependent’s use. If you become aware of any data we have collected from children under age 13 or under the age of 18 without parental or guardian consent, please contact us at [email protected]
10. WHAT IF I AM A EUROPEAN USER?
In short: We comply with applicable European data protection legislation and only process your personal information if we have an appropriate legal basis to do so.
We may process or share your personal information based on the following legal basis:
Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
Category(ies) of personal information involved
Why do we do this
Our legal basis for this use of data
Operate the Service
To operate, maintain, administer and improve the Service.
To better understand your needs and interests, and personalize your experience with the Service.
To respond to your Service-related requests, questions and feedback.
We have a legitimate interest in providing you with the Services, with updates on our Services and related offers where you have purchased or shown interest in similar services from us.
Compliance, Fraud Prevention and safety
To keep our Services and associated systems operational and secure.
To enforce the terms and conditions that govern the Services.
We have a legitimate interest in ensuring the ongoing security and proper operation of our Services, Site, applications, and associated IT services and networks.
To track issues that might be occurring on our systems, provide support and maintenance for the Service.
To manage and communicate with you regarding your relationship with us, if you have one, including by sending you Service announcements, technical notices, updates, security alerts, and support and administrative messages.
It is in our legitimate interests that we can monitor and ensure the proper operation of our Service and associated systems and Services.
To track and analyze your use of and performance of our Services in order to update and improve Services.
We have a legitimate interest in reviewing the ongoing performance of our Services and identifying improvements and new business opportunities.
To form a view on what we think you may want or need, or what may be of interest to you. You will have the ability to opt out of such communications. If you have consented to receive marketing communications from our third-party partners, you may withdraw your consent by contacting those partners directly.
You may opt-out of our marketing communications as described in “Your Controls and Choices” section above.
To manage our recruiting and process employment applications.
To facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.
We have a legitimate interest in considering your job application.
11. WHAT ARE YOUR PRIVACY RIGHTS?
If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you have certain rights regarding your personal information and may ask us to take the following actions in relation to your personal information that we hold:
Access. Provide you with information about our processing of your personal information and give you access to your personal information.
Correct. Update or correct inaccuracies in your personal information.
Delete. Delete your personal information.
Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict. Restrict the processing of your personal information.
Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You also have the right to complain to your local data protection supervisory authority.
You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you are a resident of the United States, you may also have certain rights under the laws of your state. For example, if you are a California resident, you may have certain rights under the California Consumer Privacy Act (“CCPA”) with respect to information collected by us during the 12 months preceding your request. These include the right to (i) request access to, details regarding, and a copy of the personal information we have collected about you and/or shared with third parties; (ii) request deletion of the personal information that we have collected about you; and (iii) the right to opt-out of sale of your personal information. As the terms are defined under the CCPA, we do not “sell” your “personal information.”
California residents may also request the following information (to the extent we share your personal information in this way):
the categories of information we disclosed to third parties for the third parties' direct marketing purposes during the preceding calendar year; and
the names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.
To exercise your privacy rights, please contact us at [email protected].
Notwithstanding the above, we cannot edit or delete any information that is stored on a blockchain.
Opting out of email marketing: You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list.
12. YOUR CONTROLS AND CHOICES
You have the following choices with respect to your personal information:
“Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly. Please note you must separately opt out in each browser and on each device. Instructions on how to edit your cookie settings on various browsers and platforms are listed as follows: Internet Explorer, Google Chrome, Mozilla Firefox, Safari Desktop, Safari Mobile, and Android browser. You can find more information about how to change your browser cookie settings at http://www.allaboutcookies.org.
There are also additional tools available to manage third party cookies. Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI), both of which maintain websites where individuals can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by each organization’s respective participating companies, visit the DAA’s opt-out portal available at http://optout.aboutads.info/, the DAA of Canada’s opt-out portal available at https://youradchoices.ca/en/tools, or visit the NAI’s opt-out portal available at http://optout.networkadvertising.org/?c=1. Residents of the European Union may opt-out of online behavioral advertising served by the European Interactive Digital Advertising Alliance’s participating member organizations by visiting https://www.youronlinechoices.eu/.
Mobile Settings. You can use your mobile device settings to limit use of the identifier(s) associated with your device for interest-based advertising purposes and for location tracking. For iOS devices, to limit interest-based ad tracking, go to Settings > Privacy > Advertising > Turn on “Limit Ad Tracking.” For Android devices, go to Settings > Google services > Ads > Turn on “Opt out of Ads Personalization." For iOS and Android, you can also reset the advertising identifier that is currently assigned to you.
Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
Delete your content or close your account. You can choose to delete certain content through your account. If you wish to request to close your account, please contact us at [email protected].
13. DO WE MAKE UPDATES TO THIS POLICY?
In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.
14. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this policy, you may email us at [email protected]