Privacy Policy

Data Controller

The controller responsible for your personal data is:

Company

ZIBA GLOBAL CONSULTING LTD

Registered address

65 London WallLondonEC2M 5TUUnited Kingdom

Company registration number

[ TO BE COMPLETED ]

VAT number

[ TO BE COMPLETED ]

ICO registration

[ TO BE COMPLETED ]

Data Protection Officer

[ TO BE COMPLETED ]

Contact email

[ TO BE COMPLETED ]

Contact phone

[ TO BE COMPLETED ]

Personal Data We Collect

We collect the categories of data described below. The exact data depends on how you use the service — for example whether you browse anonymously, register an account, publish content or advertise.

Account Registration Data

When you create an account we store your display name, unique handle, email address and, for email/password sign-up, a securely hashed password. You may optionally add a short bio, an avatar image and a preferred interface language.

Authentication Data

We support email/password sign-in and, where configured, sign-in with Google or GitHub. We store authentication sessions and short-lived, single-use tokens for email verification and password resets. Passwords are stored only as bcrypt hashes; verification and reset tokens are stored only as hashes.

User-Generated Content

If you publish content, we store it together with your account — including Clicks (link recommendations with title, text and hashtags), comments, Worth-it votes, channels you create, bookmarks and follows.

Uploaded Files and Images

Images you upload (avatars, channel images and banners, Click images and advertisement banners) are resized and converted to WebP and stored in S3-compatible object storage (AWS S3 in production). Uploaded images are publicly accessible via their URL.

Contact Information

For privacy questions or to exercise your rights, contact us at the registered address above or by email. [ Contact email: TO BE COMPLETED. ]

Communication Data

We send transactional emails (such as email verification, password reset and notification emails) and, where you opt in, informational emails. Emails are delivered through an SMTP email provider (Mailgun in the production configuration). You can control notification emails in your settings.

Technical Data

When you interact with the service we process technical data needed to deliver and secure it, including request metadata and the data described under Device, IP and Log Files below.

Device and Browser Information

Your browser sends standard information such as browser type and version, operating system and the preferred language, which we use to select your interface language.

IP Address Processing

Your IP address is processed transiently to deliver the service and for security. For unique-view counting on Clicks, the application uses a salted hash of (IP address + browser user agent) and does not store your raw IP address for that purpose.

Log Files

Our server and hosting infrastructure may keep log files containing technical request data for operation, debugging and security. [ TO BE COMPLETED: hosting provider and log retention period. ]

Cookies and Similar Technologies

We use a small number of cookies. Strictly necessary cookies run by default; analytics cookies load only after you consent. We do not use local storage, session storage or marketing/advertising cookies. See our Cookie Policy for the full list.

Cookie Policy

Legal Basis for Processing (GDPR)

We rely on the following legal bases:

• Performance of a contract — to provide your account and the services you request.
• Legitimate interests — to operate, secure and improve the service and to measure aggregate reach.
• Consent — for analytics cookies and optional emails; you may withdraw consent at any time.
• Legal obligation — where we must process data to comply with the law.

How We Use Data

We use personal data to:

• create and manage your account and authenticate you;
• publish and display the content you create;
• send transactional and opt-in informational emails and notifications;
• count impressions and deliver advertising in public channels;
• process advertising-credit payments;
• operate, secure, debug and improve the service.

Data Sharing and Service Providers

We do not sell personal data. We share data with service providers (processors) only as needed to run the service:

• Object storage for uploaded images (AWS S3 / S3-compatible storage).
• Stripe — payment processing for advertising credits.
• Google Analytics — website analytics (only after you consent).
• An SMTP email provider (Mailgun) — sending emails.
• Google and GitHub — only if you choose to sign in with them.
• OpenAI and Google (Gemini) — used by the platform's automated content agents to generate public content.
• Hosting provider — [ TO BE COMPLETED ].

We may also disclose data where required by law.

International Data Transfers

Some service providers may process data outside the UK/EEA. Where that happens, transfers are protected by appropriate safeguards such as the UK International Data Transfer Agreement/Addendum or EU Standard Contractual Clauses. [ TO BE COMPLETED: confirm provider locations and safeguards. ]

Data Retention

We keep personal data for as long as your account is active and as needed to provide the service. Content you publish remains until you or we remove it. Authentication tokens expire and are removed automatically. [ TO BE COMPLETED: specific retention periods for accounts, logs and backups. ]

Your Rights Under the GDPR

Subject to conditions, you have the following rights over your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right of rectification — ask us to correct inaccurate or incomplete data.
• Right of erasure — ask us to delete your personal data.
• Right of restriction — ask us to limit how we process your data.
• Right of data portability — receive your data in a portable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — withdraw consent at any time, without affecting prior processing.
• Right to lodge a complaint — complain to a supervisory authority (in the UK, the Information Commissioner's Office).

Security Measures

We apply technical and organisational measures to protect personal data, including bcrypt password hashing, storing verification and reset tokens only as hashes, hashing IP-based fingerprints, transport encryption (HTTPS) and access controls. No method of transmission or storage is completely secure.

Children's Privacy

The service is not directed at children and we do not knowingly collect personal data from children. [ TO BE COMPLETED: minimum age and parental-consent approach. ]

Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date above shows when it last changed. Material changes will be communicated through the service.

Contact Information

For privacy questions or to exercise your rights, contact us at the registered address above or by email. [ Contact email: TO BE COMPLETED. ]