Privacy Policy

Privacy Policy

Last updated: March 17, 2026

Zumido GmbH ("we", "us", "the Company"), incorporated in Switzerland, is the data controller for personal data collected through the Zumido platform ("the Platform"). We are committed to protecting your privacy in accordance with the Swiss Federal Act on Data Protection (FADP/nDSG), the EU General Data Protection Regulation (GDPR), and other applicable data protection laws.

1. Information We Collect

Account information: Email address, username, display name, date of birth, profile details you choose to provide.

Identity verification: For Creators: government-issued ID, selfie, and other KYC documentation processed through our verification partner (Didit).

Payment information: Transaction data, payout details (bank account/crypto wallet information). Card details are processed directly by our payment provider (Payrexx) and are never stored on our servers.

Content: Photos, videos, text, and other media you upload or post.

Usage data: IP address, browser type, device information, pages viewed, referring URLs, access times. We use GeoIP data (MaxMind GeoLite2) for geo-blocking compliance; this data is processed locally and not shared with third parties.

Communications: Messages sent through the Platform, support requests, contact form submissions.

2. Legal Basis for Processing

We process your data on the following legal bases:

• Contract performance: To provide the Platform services, process payments, and manage your account (Art. 6(1)(b) GDPR)
• Legal obligations: To comply with KYC/AML regulations, tax reporting, and law enforcement requests (Art. 6(1)(c) GDPR)
• Legitimate interests: To prevent fraud, ensure platform security, and improve our services (Art. 6(1)(f) GDPR)
• Consent: For marketing communications and non-essential cookies, where applicable (Art. 6(1)(a) GDPR)

3. How We Use Your Information

• Provide, maintain, and improve the Platform
• Process payments, subscriptions, and withdrawals
• Verify your identity (KYC/AML compliance)
• Send transactional emails (account security, payment confirmations, subscription updates)
• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms and Conditions and Community Guidelines
• Comply with applicable legal obligations
• Generate anonymised, aggregated analytics to improve the Platform

4. Data Sharing

We do not sell your personal data. We share data only with:

• Payment processors: Payrexx (card payments), NowPayments (cryptocurrency) — for payment processing only
• Identity verification: Didit — for KYC verification of Creators
• Email delivery: Amazon SES — for transactional emails
• Law enforcement: When required by a valid legal order under Swiss or applicable law

All third-party processors are bound by data processing agreements and process data only on our instructions.

5. International Data Transfers

Your data is primarily stored and processed in Switzerland and the European Economic Area. Where data is transferred to countries outside the EEA (e.g. to Amazon SES in the US), we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision.

6. Data Retention

• Account data: Retained for the lifetime of your account plus 90 days after deletion
• KYC documents: Retained for 10 years after account closure (Swiss AML requirements)
• Transaction records: Retained for 10 years (Swiss commercial law)
• Server logs: Retained for 90 days
• Messages: Retained for the lifetime of the conversation participants' accounts

7. Your Rights

Under the GDPR and Swiss FADP, you have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Erase your data ("right to be forgotten"), subject to legal retention obligations
• Restrict processing in certain circumstances
• Object to processing based on legitimate interests
• Data portability: Receive your data in a structured, machine-readable format
• Withdraw consent at any time where processing is based on consent

To exercise your rights, use the data export and account deletion features in your account settings, or contact our Data Protection Officer at privacy@zumido.com. We will respond within 30 days.

8. Cookies

We use only essential cookies required for the Platform to function (session cookies, CSRF protection, language and theme preferences, consent records). We do not use third-party tracking cookies or advertising cookies. For full details, see our Cookies Policy.

9. Children's Privacy

The Platform is strictly for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that a minor has created an account, we will immediately terminate it and delete all associated data.

10. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest, secure password hashing, two-factor authentication, and regular security audits. Despite our best efforts, no system is completely secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Platform at least 30 days before they take effect. The "Last updated" date at the top indicates the most recent revision.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland, or with the relevant supervisory authority in your EU/EEA member state.

13. Contact

Data Protection Officer
Zumido GmbH
Email: privacy@zumido.com