Privacy Policy

1. Information We Collect

We may collect different types of information, including:

1.1. Personal Information

When you interact with us, we may collect personal information, including but not limited to:

• Name
• Email address
• Phone number
• Company name
• Payment details (for services)
• Any other information you provide when contacting us or signing up for services

1.2. Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address
• Browser type and version
• Pages you visit and the time spent on them
• Device type and operating system
• Cookies and tracking data (see Section 6)

1.3. Information from Third Parties

We may receive information from:

• Social media platforms (if you interact with our pages)
• Analytics providers (Google Analytics, etc.)
• Payment processors

2. How We Use Your Information

We use the collected information to:

• Provide, operate, and improve our services
• Process transactions and send invoices
• Respond to inquiries and customer support requests
• Send marketing and promotional materials (you can opt-out anytime)
• Detect and prevent fraudulent activities
• Detect, investigate, prevent, and enforce violations of our Terms, Content Policy, fraud, abuse, trust and safety risks, and legal/compliance issues
• Comply with legal obligations

We do not sell your personal data to third parties.

3. Sharing Your Information

We may share your information in the following cases:

• Service Providers: We may share data with third-party vendors who help us run our business (e.g., payment processors, cloud hosting, analytics providers)
• Legal Compliance: If required by law, we may disclose information to comply with legal processes or enforce our agreements
• Business Transfers: If we are involved in a merger, acquisition, or asset sale, your data may be transferred
• Trust & Safety / Compliance: We may share relevant data with service providers, infrastructure partners, payment processors, moderators, legal advisers, or competent authorities where reasonably necessary to investigate abuse, enforce our policies, respond to complaints, protect rights, or comply with legal obligations

4. Data Retention

We keep your personal data only as long as necessary for the purposes outlined in this Privacy Policy.

• Account and service-related data: Until you request deletion
• Payment records: Retained for compliance with financial regulations
• Marketing data: Retained until you opt-out

You can request data deletion at any time (see Section 7).

5. Security of Your Information

We take reasonable security measures to protect your data from unauthorized access, alteration, or disclosure. However, no method of online transmission is 100% secure, and we cannot guarantee absolute security.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to:

• Analyze site performance and user behavior
• Provide personalized experiences
• Improve our website and services

Managing Cookies: You can manage or disable cookies in your browser settings. However, some website features may not function properly if cookies are disabled.

7. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

• Access & Correction: You can request to view or edit your data
• Deletion: You can request that we delete your personal information
• Opt-Out: You can unsubscribe from marketing emails at any time
• Restrict Processing: You may have the right to restrict how we process your data

📩 To exercise your rights, contact us at: info@zencreator.pro

8. Third-Party Links & Services

Our website may contain links to third-party websites. We are not responsible for their privacy policies or practices. Please review their policies before providing any personal information.

9. GDPR Compliance

Dimeris Ltd is incorporated in the Republic of Cyprus, a member state of the European Union. We comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") when processing personal data of individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland.

9.1. Legal Bases for Processing

We process your personal data only when we have a lawful basis to do so under Article 6 of the GDPR:

• Contractual Necessity (Art. 6(1)(b)): Processing necessary to perform our contract with you, including providing the ZenCreator platform, processing payments, and delivering subscribed services
• Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests, such as fraud prevention, platform security, analytics to improve our services, and direct marketing to existing customers, where these interests are not overridden by your rights
• Consent (Art. 6(1)(a)): Where you have given explicit consent, such as opting in to marketing communications, enabling non-essential cookies, or consenting to specific data processing activities. You may withdraw consent at any time without affecting the lawfulness of prior processing
• Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws, including tax regulations, anti-money laundering requirements, and responses to lawful governmental requests

9.2. Your Rights Under the GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights in relation to your personal data:

• Right of Access (Art. 15): Obtain confirmation of whether we process your data and request a copy of such data
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data
• Right to Erasure (Art. 17): Request deletion of your personal data where there is no compelling reason for continued processing
• Right to Restriction of Processing (Art. 18): Request that we restrict processing of your data in certain circumstances
• Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
• Right Not to Be Subject to Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects

To exercise any of these rights, contact us at info@zencreator.pro. We will respond to your request within 30 days in accordance with GDPR requirements.

9.3. Data Protection Officer

For questions regarding our data protection practices or to exercise your GDPR rights, you may contact us at info@zencreator.pro.

9.4. International Data Transfers

Where we transfer personal data outside the EEA, we ensure adequate safeguards are in place in accordance with Chapter V of the GDPR. These safeguards may include European Commission adequacy decisions, Standard Contractual Clauses (SCCs), or other approved transfer mechanisms. You may request a copy of the safeguards in place by contacting us.

9.5. Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus (dataprotection.gov.cy) or with the supervisory authority in the EU/EEA member state of your habitual residence or place of work.

10. PSD2 and Strong Customer Authentication (SCA) Compliance

When processing payments from customers in the European Economic Area, we comply with the revised Payment Services Directive (EU) 2015/2366 ("PSD2") and the associated Regulatory Technical Standards on Strong Customer Authentication ("SCA").

10.1. Strong Customer Authentication

SCA requires that electronic payments are authenticated using at least two of the following independent elements:

• Knowledge: Something only the user knows (e.g., a password or PIN)
• Possession: Something only the user possesses (e.g., a mobile device or hardware token)
• Inherence: Something the user is (e.g., fingerprint or facial recognition)

Our payment processing partners (including Stripe and other PCI DSS-compliant providers) implement SCA-compliant authentication flows such as 3D Secure 2 (3DS2) for card-based transactions. When you make a payment on ZenCreator, you may be prompted to complete additional verification steps by your bank or card issuer in compliance with SCA requirements.

10.2. Payment Data Processing Under PSD2

In accordance with PSD2, we adhere to the following principles when handling payment-related data:

• Data Minimisation: We collect and process only the payment data necessary to complete your transaction and fulfil our contractual and legal obligations
• Secure Transmission: All payment data is transmitted over encrypted channels (TLS 1.2 or higher) and is never stored in plain text on our servers
• Third-Party Payment Processors: We do not directly handle or store full card details. Payment card information is processed by our PCI DSS Level 1 compliant payment processors, who act as independent data controllers or joint controllers for payment data under applicable law
• Transaction Monitoring: We employ fraud detection measures to identify and prevent unauthorized transactions, in line with PSD2 requirements for payment security

10.3. Your Rights Regarding Payment Data

• You have the right to be informed about the processing of your payment data, including the identity of the payment service providers involved
• You have the right to request information about the security measures applied to your payment transactions
• In the event of an unauthorized transaction, you have the right to obtain a refund from your payment service provider in accordance with PSD2 Article 73
• You may contact us at info@zencreator.pro for any payment data-related inquiries

11. International Data Transfers

If you are accessing our website from outside Cyprus, your data may be transferred and stored in Cyprus or other countries where we operate.

By using our services, you consent to this transfer and understand that different data protection laws may apply.

12. Children's Privacy

Our website and services are intended only for persons who are at least 18 years old. We do not knowingly collect personal information from anyone under 18 in connection with use of the Services. If we learn that we have collected personal information from a person under 18 in violation of applicable law or our policies, we will take reasonable steps to delete or de-identify that information and may suspend or terminate the related account.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by posting the updated policy on our website.