Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

zcroll
[Address to be added]
Email: privacy@zcroll.com

2. Collection and Storage of Personal Data

2.1 When Visiting the Website

When you access our website, your browser automatically sends information to our web server. This information is temporarily stored in a log file. The following information is collected without any action on your part and stored until automatic deletion:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the accessed file
  • Website from which access was made (referrer URL)
  • Browser used and, if applicable, the operating system of your device

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest arises from ensuring a smooth connection setup and comfortable use of our website.

2.2 Upon Registration

When you register with zcroll, we collect the following data:

  • Name
  • Email address
  • Password (stored encrypted)
  • Profile information (slug, bio, avatar)

The legal basis is Art. 6(1)(b) GDPR (contract performance).

2.3 Social Login (OAuth)

When you register via a social login provider (e.g., Google), we receive your name, email address, and possibly your profile picture from that provider. The legal basis is Art. 6(1)(a) GDPR (consent).

3. Data Processing During Platform Usage

3.1 Link Click Tracking

When visitors click on a link shared via zcroll, we collect the following data for billing and analytics:

  • IP address (stored anonymized)
  • Time of click
  • Referrer URL
  • Device and browser information (User-Agent)
  • Approximate location (country/region, based on IP)

This data is used to calculate creator compensation and to provide analytics features. The legal basis is Art. 6(1)(b) and (f) GDPR.

3.2 Advertisements

zcroll displays advertisements (interstitials) before users are redirected to the target link. No personal tracking cookies are set. Ad selection is based on categories, not on individual user profiles.

3.3 Payment Processing

For payment processing, we use Stripe (Stripe Payments Europe, Ltd.). When using Stripe, your payment data is processed directly by Stripe. We do not receive complete credit card or bank details. For more information, please refer to the Stripe Privacy Policy.

3.4 KYC Verification

For the payout of compensation and the use of advertising features, identity verification (KYC) is required. We collect the following data:

  • Full name
  • Date of birth
  • Address
  • Identity document (copy)

The legal basis is Art. 6(1)(c) GDPR (legal obligation) in conjunction with anti-money laundering regulations.

4. Cookies and Consent

We use different types of cookies on our website:

4.1 Technically Necessary Cookies

These cookies are required for the operation of the website and cannot be disabled. They include:

  • Session cookie: Required for login and use of the platform.
  • CSRF token: For protection against Cross-Site Request Forgery attacks.
  • Cookie consent cookie: Stores your cookie preferences.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

4.2 Statistics Cookies

These cookies help us understand how visitors use our website. They are only set if you have consented via our cookie banner.

Legal basis: Art. 6(1)(a) GDPR (consent).

4.3 Marketing Cookies

These cookies are used to make advertising more relevant to you. They are only set if you have consented via our cookie banner.

Legal basis: Art. 6(1)(a) GDPR (consent).

4.4 Consent and Withdrawal

On your first visit to our website, you will be asked for your consent via a cookie banner. You can change your settings at any time via the "Cookie Settings" link in the footer or withdraw your consent (Art. 7(3) GDPR). Withdrawing consent is as easy as giving it.

5. Data Sharing

Your personal data will not be transferred to third parties for purposes other than those listed below. We only share your personal data with third parties if:

  • You have given your consent (Art. 6(1)(a) GDPR)
  • It is necessary for contract performance (Art. 6(1)(b) GDPR)
  • There is a legal obligation (Art. 6(1)(c) GDPR)

Data Processors

We use the following service providers:

  • Stripe - Payment processing
  • Google - OAuth authentication
  • Hosting provider - Storage and provision of the website

6. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR) - Information about your processed data
  • Right to rectification (Art. 16 GDPR) - Correction of inaccurate data
  • Right to erasure (Art. 17 GDPR) - Deletion of your data
  • Right to restriction (Art. 18 GDPR) - Restriction of processing
  • Right to data portability (Art. 20 GDPR) - Receipt of your data in a machine-readable format
  • Right to object (Art. 21 GDPR) - Objection to processing

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

7. Data Security

We use the widely adopted SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser during website visits. All passwords are stored using modern hashing algorithms.

8. Data Retention

We only store your personal data for as long as is necessary to fulfill the respective purposes or as required by statutory retention periods. After deletion of your account, your personal data will be deleted within 30 days, unless statutory retention obligations apply.

9. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will then apply for your next visit.

10. Contact

For questions regarding data protection, please contact:
privacy@zcroll.com