Privacy Policy

Last Updated: 22nd of November, 2025

Data Controller: Zukiru | Contact: [email protected]

This Privacy Policy explains how Zukiru ("we", "us", "our") collects, uses, stores, discloses, and protects personal data when you use our social media platform and related services (the "Service"). By creating an account or using the Service you consent to the practices described in this Policy.

2. Information We Collect

We collect information necessary to provide the Service, communicate with you, and maintain safety and quality.

A. Information You Provide

  • Account details: username, email address, password (stored securely).
  • Profile information: display name, avatar, bio, optional demographic details you choose to add.
  • User-generated content: posts, comments, messages, photos, videos, and any information you add to the Service.
  • Support and communications: messages you send to support, dispute or review information.
  • Verification documents where applicable: identity documents for verification (only when explicitly requested and with lawful basis).

B. Automatically Collected Information

  • Usage and log data: IP address, timestamps, pages visited, features used.
  • Device data: device model, operating system, browser type and version, language preferences.
  • Cookies and similar technologies (see Section 7).
  • Approximate location inferred from IP address (we do not collect precise GPS location unless you explicitly enable a geolocation feature).

C. Information from Third Parties

If you sign in or link accounts with third-party providers (for example, social sign-in), we may receive basic profile information from them (display name, email, profile picture), according to your settings and the provider's permissions.

3. How We Use Your Data

We use personal data for the following purposes:

  • To create, maintain and secure your account and authenticate access.
  • To operate the Service and enable social interactions (posting, following, messaging).
  • To personalize content, recommendations, and search results.
  • To detect, prevent, and investigate fraud, abuse, and other violations of our Terms of Service or the law.
  • To provide customer support and respond to inquiries, appeals and complaints.
  • To run analytics, measure performance, and improve product features and user experience.
  • To send important notices relating to the Service (security alerts, policy updates).
  • To display optional personalized advertising only where you have given consent.

We do not sell personal data. Any marketing communications will be sent only with your consent or where permitted by applicable law.

4. Sharing of Information

We may share personal data in the following limited circumstances:

  • Service providers and processors: third-party vendors who perform services on our behalf (hosting, analytics, email delivery, customer support). They only process data per our written instructions and GDPR Article 28 requirements.
  • Payment processors: when you purchase paid features, to process transactions.
  • Legal and safety: to comply with legal obligations, respond to lawful requests, protect rights, property or safety of the Service, its users, or the public.
  • Business transfers: in connection with a merger, acquisition, or sale of assets (with notice and contractual protections where required).
  • Other users: information you choose to make public (profile data, public posts, comments) or share with other users per your privacy settings.

All sharing is subject to applicable legal safeguards. We require third-party processors to implement appropriate technical and organizational measures to protect data.

5. User-Generated Content Privacy

Content you publish on the Service may be visible to other users or the public depending on your chosen privacy settings.

  • Public posts and profile fields can be indexed by search engines and third parties if you set them to public.
  • Content you delete may persist for a limited period in backups or logs for legal, security, or operational reasons.
  • You are responsible for the personal data you choose to share within your posts and messages. Avoid posting sensitive personal information in public areas.

6. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, including:

  • While your account is active and for a reasonable period after account deletion to allow for recovery and legal obligations.
  • For logs, fraud prevention, and security monitoring for a limited retention period consistent with our legitimate interests and legal obligations.

If you delete your account, we will remove or anonymize personal data except where retention is required by law or for legitimate business reasons (e.g., to prevent fraud or abuse).

7. Cookies & Tracking Technologies

We don't use any kind of cookies for Service functionality, analytics, and security.

We only use your browser's local storage to manage authorization and keep your session working securely.

Where required by law, we request consent for non-essential cookies and provide a cookie preference manager allowing you to accept, reject, or customize cookie categories.

8. Children's Privacy

Our Service is intended for users aged 13 and over (or the applicable minimum age in the user's country). We do not knowingly collect personal data from children younger than the minimum age.

If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete such data promptly. Local laws may require parental consent at an age higher than 13; you must comply with the local requirements where you live.

9. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards such as:

  • Transfers to countries with an EU Commission adequacy decision;
  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Other lawful transfer mechanisms with appropriate protections.

You can request details about the transfer mechanism used for your data by contacting our Data Protection contact listed below.

10. Security Measures

We implement reasonable technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Measures include:

  • Encryption in transit (TLS) and encryption at rest where appropriate.
  • Access controls and least-privilege policies for staff and processors.
  • Regular security testing and vulnerability management.
  • Incident response processes to investigate and remediate security events.

Although we strive to secure your data, no system can be 100% secure. You should also protect your account by using strong, unique passwords and enabling any available multi-factor authentication features.

11. Your Rights (GDPR)

Under the GDPR, individuals in the EU have the following rights regarding their personal data. Where applicable, you may exercise these rights by contacting us using the details in Section 16:

  • Right of access: obtain confirmation whether we process your data and request a copy.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion where legal grounds permit.
  • Right to restrict processing: ask us to limit how we use your data.
  • Right to object: object to processing based on legitimate interests or direct marketing.
  • Right to data portability: request a copy of your data in a commonly used, machine-readable format.
  • Right to withdraw consent: withdraw consent for processing activities that rely on consent.

We will respond to requests in accordance with applicable law and generally within one month. Where requests are complex or numerous, we may extend the period and will notify you.

If you believe your rights have been violated, you may lodge a complaint with your national Data Protection Authority.

12. Automated Decision-Making & Profiling

We use automated systems for legitimate product functions such as:

  • Content ranking and recommendation engines.
  • Spam, abuse, and bot detection.
  • Safety checks and anomaly detection to protect accounts and the platform.

These systems can affect which content you see or whether certain actions are permitted. If an automated decision has a legally significant effect on you, you have the right to request human review and contest the decision. To request a review, contact us as described in Section 16.

13. Social Features & Public Visibility

Many features of the Service are social and public by design. Examples include:

  • Followers, likes, shares and comments which other users can see.
  • Public profile fields (e.g., display name, avatar) visible to others unless you change privacy settings.
  • Public posts which may be visible outside the Service if indexed by external search engines.

Please review and configure your privacy settings to control visibility. Remember that once content is shared by others it may remain available even if you delete your original post.

14. Third-Party Links & Integrations

The Service may contain links, embeds, or integrations with third-party services (for example, social login providers, embedded media, or external applications). We do not control the privacy practices of those third parties. Before using or logging into a third-party service, please review their privacy policy and permissions.

15. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in law, our practices, or the Service. When we make material changes, we will provide notice through the Service or by email, and update the "Last Updated" date at the top.

Continued use of the Service after changes are posted will constitute acceptance of the updated Policy.

16. Contact Information

To exercise your rights, ask questions about this Policy, or make a data protection request, please contact:

Email: [email protected]

If you are an EU data subject, you also have the right to lodge a complaint with your national Data Protection Authority (DPA).

17. Additional Information

GDPR & ePrivacy: This Policy is intended to align with the General Data Protection Regulation (EU) 2016/679 and the ePrivacy Directive. For DPA guidance and official resources, consult your national authority.

Digital Services Act (DSA) compliance: We maintain notice-and-action procedures and transparency reporting in line with DSA obligations for online intermediaries. If you have questions related to DSA notices, please contact us at the privacy email above.

Data Processing Agreements: If you are a business or partner that requires a Data Processing Agreement (DPA) or other contractual assurances, contact us and we will provide standard contractual documents where appropriate.

Acknowledgement

By using Zukiru you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of information in accordance with it.

© 2025 Zukiru. All rights reserved.