Privacy Policy

1. Introduction

ZWD Creative LLC dba Carza ("we," "us," or "our") operates the Carza platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and fraud
• Personalize your experience
• Send marketing communications (with your consent)

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure.

Security Measures: We use industry-standard security measures to protect your information, including:

• Encryption of data in transit using SSL/TLS protocols
• Encryption of sensitive data at rest
• Access controls and authentication requirements
• Regular security assessments and monitoring
• Secure hosting infrastructure through trusted cloud providers

Data Retention: We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as transaction records for tax compliance).

Data Breach Notification: In the event of a data breach that may affect your personal information, we will notify you and relevant authorities as required by applicable law.

6. Your Rights and Choices

You have certain rights regarding your personal information, which may vary depending on your location:

• Access: Request access to your personal information and receive a copy of the data we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to certain legal exceptions
• Portability: Request transfer of your data in a machine-readable format
• Objection: Object to processing of your personal information for certain purposes
• Restriction: Request restriction of processing in certain circumstances
• Opt-Out: Unsubscribe from marketing communications at any time

Exercising Your Rights: To exercise any of these rights, please contact us at legal@carza.io with your request. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request. You may also update certain information directly through your account settings.

Account Settings: You can access and update certain personal information, including your profile information and communication preferences, through your account settings on the Service.

Marketing Communications: You can opt-out of marketing emails by clicking the unsubscribe link in any marketing email or by updating your preferences in your account settings.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Types of Cookies We Use:

• Essential Cookies: Required for the Service to function properly, including authentication and session management. These cookies cannot be disabled.
• Analytics Cookies: We use Google Analytics to understand how visitors interact with our Service. These cookies collect information such as pages visited, time spent on pages, and referral sources. This information helps us improve the Service.
• Functional Cookies: Remember your preferences and settings to provide a personalized experience.

Google Analytics: We use Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to analyze how you use the Service. The information generated by the cookie about your use of the Service (including your IP address) may be transmitted to and stored by Google on servers in the United States. Google uses this information to evaluate your use of the Service, compile reports on website activity, and provide other services relating to website activity and internet usage. You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. For more information, see Google's Privacy Policy.

Cookie Duration: Session cookies expire when you close your browser. Persistent cookies remain on your device for a set period or until you delete them.

Managing Cookies: Most web browsers allow you to control cookies through their settings preferences. You can set your browser to refuse cookies or delete certain cookies. However, if you choose to disable cookies, some features of the Service may not function properly.

8. Third-Party Services

We use third-party services to operate and improve the Service. These services may collect, process, and store your information in accordance with their own privacy policies. We are not responsible for the privacy practices of these third parties.

Third-Party Services We Use:

• Supabase: We use Supabase for database, storage, authentication, and hosting services. Your data is stored on Supabase's infrastructure. For more information, see Supabase's Privacy Policy.
• Stripe: We use Stripe to process payments. When you make a purchase, payment information is processed by Stripe in accordance with their privacy policy. We do not store your full payment card details. For more information, see Stripe's Privacy Policy.
• Google Analytics: We use Google Analytics to analyze website usage and improve our Service. For more information, see Google's Privacy Policy.
• Google OAuth: We offer Google sign-in as an authentication option. When you sign in with Google, Google shares your basic profile information with us. For more information, see Google's Privacy Policy.
• Postmark: We use Postmark to send transactional emails. For more information, see Postmark's Privacy Policy.

Links to Other Websites: Our Service may contain links to third-party websites or services that are not owned or controlled by Carza. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party websites you visit.

9. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 in accordance with the Children's Online Privacy Protection Act (COPPA). If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at legal@carza.io, and we will delete such information from our records.

If you are between the ages of 13 and 18 (or the age of majority in your jurisdiction), you represent that you have your parent's or guardian's permission to use the Service and to provide personal information.

Age Verification: By using the Service, you represent and warrant that you are at least 13 years of age. If you are under 13, you may not use the Service.

10. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using the Service, you consent to the transfer of your information to these facilities.

Data Storage Locations: Our Service is hosted and operated in the United States. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

European Economic Area (EEA) Users: If you are located in the EEA, we ensure that appropriate safeguards are in place for the transfer of your personal information to countries outside the EEA. These safeguards may include Standard Contractual Clauses approved by the European Commission or other appropriate transfer mechanisms as required by applicable data protection laws.

Third-Party Service Providers: Our third-party service providers (such as Supabase, Stripe, and Google) may process and store your information in various locations worldwide. These providers are contractually obligated to protect your information in accordance with applicable data protection laws.

11. California Privacy Rights

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., where we need to retain information for legal compliance or to complete a transaction).
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: Carza does not sell your personal information. We do not sell personal information to third parties for monetary or other valuable consideration. We may share information with service providers as described in this Privacy Policy, but this does not constitute a "sale" under CCPA.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to certain purposes.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights. We will not deny you goods or services, charge you different prices, or provide you with a different level or quality of services for exercising your rights.

Exercising Your California Privacy Rights: To exercise any of these rights, please contact us at legal@carza.io or use the contact information provided below. We will verify your identity before processing your request and respond within 45 days (or as required by law).

Authorized Agent: You may designate an authorized agent to make requests on your behalf. We will require proof of authorization and verify your identity directly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your personal information, please contact us at:

Carza
Dublin, Ohio 43017
Email: legal@carza.io
For general inquiries: support@carza.io

Data Protection Inquiries: For privacy-related inquiries, including requests to exercise your rights under GDPR, CCPA, or other applicable privacy laws, please contact us at legal@carza.io. We will respond to your inquiry within 30 days (or as required by applicable law).