Zupo

Privacy Policy

Last updated: March 15, 2026

1. Introduction

Welcome to Zupo ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including our waitlist signup and creator platform.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using Zupo, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Waitlist Information

When you join our waitlist, we collect:

  • Email address (required)
  • Full name (optional)
  • Social media handles and follower counts (Instagram, TikTok, YouTube, Twitter/X, LinkedIn, Twitch)
  • Monthly brand deal volume
  • Biggest pain points with brand deals
  • Referral source (how you heard about us)
  • Verification code (auto-generated for account verification)
  • Queue position (auto-assigned)
  • Timestamp of signup

2.2 Account Information (For Registered Users)

When you create an account after launch, we collect:

  • Email address and password (securely hashed)
  • Username and full name
  • Profile information (avatar, follower count, niche, platform)
  • Creator rates (pricing for different content types)
  • Deal preferences (minimum deal value, auto-decline categories)
  • Brand preferences (blocked brands, preferred brands)
  • Deal information (brand names, values, proposals, deliverables)

2.3 Technical Information

We automatically collect certain technical information:

  • Authentication tokens (stored securely in your browser)
  • Session data (managed by Supabase)
  • IP address and browser type (for security purposes)

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide our services: Process waitlist signups, manage user accounts, and deliver our creator platform functionality
  • To communicate with you: Send waitlist updates, early access invitations, service announcements, and respond to inquiries
  • To improve our service: Analyze usage patterns, understand creator needs, and enhance platform features
  • To ensure security: Protect against fraud, abuse, and security threats
  • To verify creator status: Validate social media accounts and follower counts
  • To personalize experience: Tailor content recommendations and deal opportunities based on your preferences

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you join our waitlist or sign up for updates, you provide explicit consent
  • Contract: When you create an account, processing is necessary to fulfill our service contract
  • Legitimate interests: We process data to improve our services, prevent fraud, and ensure platform security
  • Legal obligation: We may process data to comply with legal requirements

5. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your information with:

5.1 Service Providers

  • Supabase: Our database and authentication provider (data stored in secure, encrypted databases)

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will notify you via email and/or prominent notice on our website before your data is transferred.

6. Data Security

We implement industry-standard security measures to protect your personal data:

  • Encryption at rest and in transit (SSL/TLS)
  • Secure password hashing (managed by Supabase Auth)
  • Row-level security (RLS) policies to prevent unauthorized data access
  • Regular security audits and updates
  • Admin access restricted to authorized personnel only

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

  • Waitlist data: Until you request deletion or 2 years after our official launch
  • Account data: Until you delete your account or after 2 years of inactivity
  • Deal records: 7 years after deal closure (for accounting and legal purposes)

After the retention period, we will securely delete or anonymize your data unless we are legally required to retain it longer.

8. Your Rights Under GDPR

If you are located in the EU/EEA, you have the following rights:

  • Right to access: Request a copy of your personal data we hold
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request temporary restriction of data processing
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time (does not affect prior processing)
  • Right to lodge a complaint: File a complaint with your local data protection authority

To exercise any of these rights, contact us at privacy@zupo.com. We will respond within 30 days.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States where Supabase servers are located. We ensure that adequate safeguards are in place to protect your data in accordance with GDPR standards, including Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

Zupo is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will delete the information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new "Last updated" date
  • Sending an email notification to registered users
  • Displaying a prominent notice on our platform

Your continued use of Zupo after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

Zupo

Email: privacy@zupo.com

Data Protection Officer: dpo@zupo.com

For EU/EEA residents: You have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your data appropriately.