zoliBack to home

Privacy Policy

Last updated: 22 March 2025

This Privacy Policy describes how Zoli ("we", "us") collects, uses, stores, and shares information when you use our website and services at https://zoli.uk (the "Service"). It should be read alongside our Terms of Service.

If you have questions, contact us at admin@guemw.com.

1. Who is responsible for your data

The data controller for the Service is Zoli. For data protection enquiries, email admin@guemw.com.

2. Information we collect

We may collect the following categories of information, depending on how you use the Service:

  • Account and contact data: email address and authentication data when you sign up or sign in (for example magic-link or one-time codes). Optional profile details you provide, such as display name.
  • Usage and progress data: information about how you use the Service, including lesson progress, onboarding or quiz responses we store to personalise your experience, and interactions with features.
  • Subscription and billing-related data: when you subscribe, our payment provider processes payment details. We typically receive identifiers, subscription status, and limited billing metadata—not your full card number.
  • Technical and log data: IP address, browser type, device information, approximate location derived from IP, timestamps, and diagnostic data from hosting and security systems.
  • Communications: content of emails or support messages you send us.
  • Analytics and marketing data: events and identifiers collected by analytics and advertising tools described in section 5 (which may use cookies or similar technologies).

3. How we use your information

We use information for purposes including:

  • providing, operating, and improving the Service;
  • creating and managing your account and authenticating you;
  • processing subscriptions and payments, and exercising our rights regarding billing;
  • storing progress, preferences, and onboarding data you provide;
  • measuring usage, debugging, security monitoring, and preventing fraud or abuse;
  • sending service-related messages (for example account or subscription notices);
  • complying with legal obligations and enforcing our terms;
  • where permitted, understanding the effectiveness of our marketing and advertising.

We rely on appropriate legal bases under UK and applicable EU data protection law, such as: performance of a contract with you; legitimate interests (for example securing the Service, analytics that do not override your rights, and product improvement); compliance with legal obligations; and consent where required (for example certain non-essential cookies or marketing technologies, depending on your region and our configuration).

4. Cookies and similar technologies

We and our partners use cookies, local storage, pixels, and similar technologies to remember sessions, maintain security, measure traffic, and support advertising measurement. You can control many cookies through your browser settings; blocking some cookies may affect how the Service works.

5. Third-party services and processors

We use trusted third parties who process data on our behalf or as independent controllers in connection with the Service. These may include:

  • Supabase — authentication, database, and related infrastructure for accounts and app data.
  • Stripe — payment processing for subscriptions. Stripe's use of data is governed by its privacy policy and terms.
  • Vercel — website hosting and related infrastructure; we may use Vercel Analytics for aggregate usage metrics.
  • PostHog — product analytics (for example funnel and feature usage). When configured, data may be processed in the region set for your project (for example the EU).
  • Mixpanel — analytics; may include session replay or similar features when enabled in our configuration, which can capture on-screen interactions during your visit.
  • Meta (Facebook) — advertising and measurement technologies (for example the Meta Pixel) to understand conversions and deliver or measure ads.
  • TikTok — if enabled, advertising and measurement via TikTok's pixel or related tools.
  • Google — we may use Google tags (for example Google Ads measurement) for conversion and campaign analytics.
  • Datafast — privacy-oriented analytics on our domain as configured on the site.

Each provider has its own privacy notice. We encourage you to review their policies. We do not sell your personal information in the conventional sense of selling lists for cash; where "sale" or "sharing" is defined broadly by law (for example certain advertising cookies), we aim to honour applicable opt-out rights and regional requirements.

6. How long we keep information

We retain information for as long as your account is active, as needed to provide the Service, and as required by law (for example tax or accounting rules for transactions). We may retain limited logs and backups for security and integrity for additional periods. When data is no longer needed, we delete or anonymise it where feasible.

7. Sharing of information

We may share information:

  • with processors listed above, subject to appropriate contracts or safeguards;
  • if required by law, court order, or governmental request, or to protect rights, safety, or security;
  • in connection with a merger, acquisition, or sale of assets, with notice where required;
  • with your direction or consent.

8. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, or alteration. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.

9. International transfers

Your data may be processed in the United Kingdom, the European Economic Area, the United States, or other countries where our providers operate. Where we transfer personal data from the UK or EEA to countries not deemed adequate, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms, in line with applicable law.

10. Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict processing of your personal data, to data portability, to object to certain processing (including direct marketing), and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority (for example the ICO in the UK).

To exercise rights, contact admin@guemw.com. We may need to verify your identity before responding.

11. Children

The Service is not directed at children under 18 (or the age of majority where you live). We do not knowingly collect personal data from children. If you believe we have done so, contact us and we will take appropriate steps.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and change the "Last updated" date. For material changes, we may provide additional notice (for example by email or in-app).

13. Contact

Zoli — privacy enquiries: admin@guemw.com

This policy is provided for your information and does not constitute legal advice. Have it reviewed by a qualified lawyer for your entity, products, and jurisdictions.