ZAVA Privacy Policy

This Privacy Policy explains how ZAVA and its affiliated companies ("ZAVA," "we," "us," or "our") process any personal information collected from visitors and users of the ZAVA App, the ZAVA official website, and any other services related to or referencing this Privacy Policy (collectively, the "ZAVA Services").

We value the privacy of users, subscribers, creators, publishers, members, and any other individuals who access or use the ZAVA Services (collectively or individually, "you" or "users"), and we aim to ensure that you are fully informed about how we collect, use, and disclose personal information from and about you.

When using the ZAVA Services, you may choose to share personal information. For example, you may provide information about yourself when creating a ZAVA account, or when you engage in activities on the ZAVA Services that are public or intended to be public in nature (such as live streaming content, publishing profile information, following channels, or subscribing to creators). Due to the social and interactive nature of certain ZAVA Services, such information may be collected, used, or disclosed by other participants in those interactions. In addition, some features of the ZAVA Services are designed to make information about user activity available to others, such as identifying the creator of specific content or displaying the subscription status of a channel. We encourage you to carefully consider this when engaging in activities on the ZAVA Services.

Contact Information

ZAVA Pte. Ltd.

For privacy-related matters, please contact: support@zavalive.com

For legal and compliance matters, please contact: legal@zavalive.com

1. Information We Collect
2. How We Use Your Information
3. How We Share Your Information
4. International Data Transfers
5. Links to Other Websites or Applications
6. Data Security
7. Your Choices
8. Your Rights
9. Children
10. Data Retention
11. Updates to This Privacy Policy
12. Jurisdiction-Specific Provisions

1. Information We Collect

When we provide the ZAVA Services, we collect your information through the methods described below. Please note that certain types of information are required in order for us to provide the ZAVA Services to you.

1.1 Information You Provide to Us

When you create an account on the application or use the ZAVA Services (for example, browsing content within the app or contacting us for technical support), you agree to provide some or all of the following personal information:

Registration Information: such as your date of birth, phone number (or email address where applicable), password, user identifiers, and language preferences;
Profile Information: such as your nickname, avatar, gender, personal introduction, social media information, and occupation;
Contacts / Address Book: we do not request or access your contacts or address book. If such permissions are required in the future, we will clearly notify you in advance and obtain your explicit consent;
User-Generated Content ("UGC"): such as comments, text, messages, images, photos, videos, audio, code, or other data or materials that you upload, distribute, or livestream on the ZAVA Services;
Facial Video Information: when you initiate a livestream as a creator or host, the platform receives real-time camera footage that may include your facial image. This information is processed solely for the following purposes: real-time livestream display, content moderation, risk control and security purposes (such as detecting camera obstruction or fake livestreams), and providing livestream-related functional support (such as visual effects or emoji processing).
We hereby expressly state and commit that:
- We do not proactively collect or process biometric information (such as iris data, fingerprints, or facial feature templates);
- We do not use facial video information for facial recognition, identity verification, feature extraction, or the creation of biometric templates;
- We do not use such information for advertising or marketing purposes, nor do we sell or share it with third parties;
Payment Information: such as your full name, billing address, billing postal code, billing country/region, date of birth, purchase amount, payment method, credit or debit card number, or other information required to process payments;
Transaction Information: such as transaction reference numbers and transaction history records generated after you purchase paid services;
GPS Location Information: where you have permitted us to access such information (you may modify GPS access permissions through your mobile device settings);
Opt-in Preferences and Communications with Us: such as information used to verify your account or handle your feedback or complaints;
Information You Provide When Participating in In-App Surveys or Activities;
Third-Party Account Information: information you provide when creating a ZAVA account through, or linking your ZAVA account with, third-party social media services (such as Google, Apple, Facebook, Instagram, or WhatsApp);
Information You Provide When Participating in Our Activities or Interacting with Us on Social Media Platforms.

1.2 Information Collected Based on Legitimate Interests

When we provide or improve the ZAVA Services based on our legitimate interests, we may collect some or all of the following personal information:

Network Activity Information: such as your browsing history, search history, videos or pages you view, dates and times of access, accounts you follow, and your interactions with other users;
Information from Other Sources: we may obtain additional information from third parties outside the ZAVA Services, such as services you use or social media networks you have authorized us to access (for example, Facebook). When you access the ZAVA Services through social media or connect the ZAVA Services to social media platforms, you authorize ZAVA to collect, store, and use such additional information and content in accordance with this Privacy Policy;
Device Identifiers: such as operating system, browser type, mobile device brand/model/serial number, IP address, mobile carrier, screen resolution, language settings, IMEI, IMSI, and MAC address;
Information Regarding Your Access to and Use of Other Applications;
Other Location Information: such as location data derived from SIM card information;
Mobile Advertising Identifiers: provided by mobile operating systems (such as Apple's IDFA or Google's AAID). At present, we do not use such identifiers for personalized advertising or cross-app tracking, and use them only when necessary for security protection, anti-fraud measures, and statistical analysis (for example, detecting abnormal devices or abusive behavior);
Metadata Associated with Your UGC: information describing other data and providing details about how, when, where, and by whom such UGC was collected and in what format (for example, tags used to label videos or subtitle keywords);
Messaging Data: we may process message content and related metadata (such as send/receive time and participants) that you actively send or receive through ZAVA's messaging features, for the purposes of providing communication services, security review, anti-spam measures, violation investigation, and user dispute handling;
Clipboard Information: when you actively paste content or trigger a sharing action, and with your authorization, we may access text, images, or videos stored in your device clipboard in order to complete the requested action. We do not automatically read, continuously monitor, or store clipboard content, and access it only temporarily when you actively initiate a paste or share action.

We may also collect, use, and share your information to generate and share aggregated insights that do not identify individuals. Aggregated data may be derived from personal information but is not considered personal information because it does not directly or indirectly reveal your identity. For example, we may aggregate usage data to calculate the percentage of users accessing certain features, generate user statistics, or calculate content view or interaction metrics.

2. How We Use Your Information

We use your personal information only as permitted by applicable law. In general, purposes include:

Providing Services: displaying the ZAVA Services and related content (including interactive features), and providing you with information, products, or services that you have requested or consented to receive; verifying eligibility and distributing rewards in activities;
Improving Services: improving and personalizing services through new features, information, recommendations, and feedback;
Customer Management: managing registered user accounts, providing customer support, sending account- or service-related notifications, and notifying you of changes to the ZAVA Services or other products or services provided by us;
Communications: communicating directly with you, such as sending notices regarding upcoming changes, promotions, or improvements;
Content Review: reviewing text, images, videos, and other content published or generated on the ZAVA Services to ensure compliance with applicable content regulations in relevant jurisdictions;
Performance Analytics: determining whether users are unique or repeat users, and monitoring overall metrics such as total visits, video views, and demographic patterns;
Functionality and Security: identifying users who do not meet age requirements, diagnosing or fixing technical issues, and detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement;
Personalized Content and Advertising: currently, ZAVA does not provide personalized content recommendations or personalized advertising. If such features are introduced in the future, we will clearly notify you and obtain necessary consent prior to processing;
Compliance: enforcing our terms of use and complying with legal obligations;
Aggregation: aggregating collected information for one or more of the purposes described above;
Local Storage and Third-Party SDKs: to ensure proper app functionality, account security, and performance optimization, ZAVA stores necessary data locally (such as login status, preference settings, and cache). Our third-party service providers (including payment, security, anti-fraud, and analytics SDKs) may also use local storage or equivalent technologies, strictly limited to what is necessary to provide their respective functions;
Cookies: the ZAVA mobile application does not use cookies and does not track your behavior across websites. The ZAVA official website (for example, pages involving payments or web-based features) may use necessary cookies for authentication and security purposes. ZAVA does not use cookies for advertising targeting or cross-site tracking. If cookies or personalized recommendations are enabled in the future, we will notify you in advance and obtain your consent.

Legal Basis

For users in the European Economic Area, the United Kingdom, and Brazil, we process personal information in accordance with applicable data protection laws based on the following legal grounds:

Contractual necessity (service provision, payments, customer support);
Legitimate interests (security, fraud prevention, service improvement);
Consent (which may be withdrawn at any time);
Legal obligations (regulatory and law enforcement requirements).

3. How We Share Your Information

If your profile or content is public, your content may be visible to anyone on the platform and may be accessed or shared by friends/followers and third parties (such as search engines, content aggregators, or news websites). You may adjust visibility settings at the time of each upload;
We may share your personal information outside the ZAVA Services with your explicit or implicit consent;
We may disclose personal information to affiliated companies (entities that control, are controlled by, or are under common control with us) for purposes including service provision, customer management, content customization, advertising, analytics, verification, functionality, security, and compliance;
We may disclose personal information to authorized service providers (such as fulfillment, credit card payment processing, content customization, analytics, security, mapping, data storage and cloud services, and functional support). These service providers may access or use personal information solely for performing their services. If you connect ZAVA with third-party services or link your account to such services, you authorize us to share information with those third parties or grant them access on your behalf; we may also share information about content you view or activities you engage in on ZAVA to enhance your experience;
To complete in-app purchases, we must share necessary transaction information with Google Play or the App Store;
When you choose to log in using Apple, Google, Facebook, Instagram, or other third-party accounts, we may receive publicly available basic profile information (such as nickname, avatar, and user identifier), and may share necessary authentication data (such as app identifiers, access tokens, or referral URLs) to complete login or account linking;
In the event of a merger, asset sale, restructuring, reorganization, dissolution, or other sale or transfer of some or all assets (including as part of bankruptcy or liquidation proceedings), personal information we hold may be disclosed or transferred as part of such transaction. We will make reasonable efforts to ensure that the recipient uses the information in a manner consistent with this Privacy Policy;
We may access, preserve, and disclose information to regulators, law enforcement, or other parties when we reasonably believe such disclosure is necessary to:
- (a) comply with laws, regulations, legal processes, or governmental requests;
- (b) enforce applicable terms of use (including investigation of potential violations);
- (c) detect, prevent, or address illegal or suspected illegal activities, security issues, or technical problems;
- (d) protect the rights, property, or safety of the company, users, employees, or third parties;
- (e) maintain and protect the security and integrity of the ZAVA Services or infrastructure.
We may disclose aggregated information about users and share such aggregated data with third parties for general business analysis, provided it does not contain personal information. We do not sell your personal information, nor do we "share" it for cross-context behavioral advertising as defined under the CPRA.

4. International Data Transfers

Your personal information may be processed by us or trusted third-party service providers in jurisdictions outside your country of residence, where data protection and privacy laws may differ. We take reasonable and necessary measures to protect your information.

To ensure lawful and secure cross-border data transfers, we may rely on mechanisms including, but not limited to:

EU Standard Contractual Clauses (SCCs);
UK International Data Transfer Agreements (IDTA) and addenda;
Cross-border transfer mechanisms recognized under Brazil's LGPD.

Where permitted by law, we may also transfer information based on contractual necessity, performance of a contract on your behalf, or for the establishment, exercise, or defense of legal claims.

Your information may be stored or processed in Hong Kong, Singapore, Brazil, or other jurisdictions with adequate data protection standards. We use access controls, encryption, and security audits to protect your data.

5. Links to Other Websites or Applications

When you click links to other websites, mobile applications, or third-party content through the ZAVA Services, you will be directed to external sites or applications that may collect information from or about you. We do not control, review, or take responsibility for such third-party sites, applications, or content. This Privacy Policy does not apply to those third parties or to any information collection that occurs after you leave the ZAVA Services.

6. Data Security

We implement appropriate administrative, technical, and physical safeguards to protect personal information against unauthorized access or disclosure. For example, access is restricted to authorized personnel for permitted business purposes; encryption is used for certain data transmissions; and firewalls are employed to prevent unauthorized access.

However, no storage or transmission system is completely secure. Please exercise caution when submitting information through the ZAVA Services and carefully consider what information you choose to provide.

You should always keep your passwords and account information confidential. We use Transport Layer Security (TLS) and encrypted storage to protect sensitive data.

If a data breach occurs that may affect your rights and freedoms, we will notify you and/or relevant regulatory authorities in accordance with applicable legal requirements, using appropriate methods such as in-app notifications, email, or other feasible means.

7. Your Choices

You may configure your browser to refuse all or some cookies, or to alert you when cookies are being sent. Please note that disabling such options applies only to the browser or device in use at the time;
You may choose not to receive push notifications through your mobile device permission settings;
You may disable access to GPS, microphone, camera, and similar device features, and hide location information, uploaded videos, recent activity status, and other data through privacy settings;
You may choose not to provide certain personal information; however, doing so may prevent you from using certain features of the ZAVA Services (such as registration, purchasing paid services, or participating in activities or submitting complaints);
You may reset or restrict mobile advertising identifiers (such as Apple's IDFA or Google's AAID) through your device system settings. At present, ZAVA does not engage in personalized advertising or cross-app tracking, and such settings will not affect your use of the ZAVA Services;
You may edit your personal profile within the application to access, correct, update, or delete your information;
Currently, we do not engage in behavioral advertising based on cross-application activity, nor do we sell or share your personal information for advertising personalization purposes. While browser "Do Not Track" (DNT) signals currently lack a unified standard, we provide equivalent control mechanisms such as resetting advertising identifiers and limiting ad tracking.

8. Your Rights

Certain jurisdictions grant ZAVA users specific rights under applicable laws, which generally include:

Right of Access: you may request access by (a) using the "Help / Feedback" feature within the ZAVA Services, or (b) sending an email to support@zavalive.com;
Right to Rectification: you may request correction through the same channels described above;
Right to Erasure: you may request deletion through the same channels (we cannot guarantee complete deletion of data stored on backup servers, but we commit not to use such data for other purposes);
Right to Data Portability: where data is collected based on consent, you may request that such data be transferred to you or to an environment designated by you in a structured, commonly used, and machine-readable format, where technically feasible;
Right to Withdraw Consent: you may withdraw consent for processing at any time, without affecting the lawfulness of processing prior to withdrawal;
Right to Restrict Processing: you may request that we stop processing your information where you believe it has been unlawfully collected or processed;
Right to Object: you may object to processing based on legitimate interests. We may refuse such requests where we can demonstrate compelling legitimate grounds or where processing is necessary for the establishment, exercise, or defense of legal claims;
Rights Relating to Automated Decision-Making and Profiling: where you believe such automated processing produces legal effects or similarly significant impacts on you, you may request that such processing cease.

In addition, you have the right to lodge a complaint with the competent data protection authority (DPA), typically the DPA in your country or region of residence. For security purposes, we may need to verify your identity before responding to access, deletion, or correction requests. Where fulfilling a request may affect the lawful rights of others, disclose trade secrets, or involve data we are legally required to retain, we may not be able to fully comply and will explain the reasons.

ZAVA may use automated systems to assist in identifying violations; however, we do not rely solely on automated decision-making to impose account bans or other decisions that produce significant legal effects on you. All enforcement actions involve human review.

9. Children

We do not knowingly collect or retain personal information from individuals under the age of 18. If we become aware that personal information of a minor has been collected through the ZAVA Services, we will take appropriate steps to delete such information. If you believe we have improperly collected personal information from a minor, please contact support@zavalive.com.

10. Data Retention

Chat and Media Retention:

To ensure user safety, dispute resolution, and content moderation, we retain copies of chat messages and uploaded media content for no longer than 90 days, unless:

retention is required for legal or security investigations; or
continued retention is necessary due to user reports or disputes.

All content will be automatically deleted or anonymized upon expiration.

We retain your personal information and other data for as long as you maintain a ZAVA account.

You may request account deletion at any time by either of the following methods:

Within the ZAVA application: Me → Settings → Account Settings → More → Account Deletion;
By sending an email to support@zavalive.com.

Upon receiving your request and completing appropriate verification, we will delete data that is not required to be retained for regulatory, tax, insurance, litigation, or other legal purposes. For example, we may retain location, device, and usage data for a reasonable period for such purposes, during which such data may also be used for security, safety, anti-fraud, and research and development. In certain circumstances (such as where an account has a remaining balance or unresolved claims or disputes), we may be unable to delete the account immediately; deletion will occur once the relevant issues are resolved.

For security, safety, and fraud prevention purposes, we may also retain certain information where necessary. For example, if a user account is disabled due to unsafe behavior or security incidents, we may retain certain account information to prevent the creation of new accounts in the future.

Examples:

Access and security logs are generally retained for no longer than 90 days (unless a longer period is required by law); appeal and compliance materials are retained for the minimum period necessary to resolve disputes.

Processing Timeline for Deletion Requests:

We will complete processing of your account deletion request within 30 days after receipt and identity verification (which may be extended to 60 days where permitted by law, with notice provided).

Once deletion is complete, the account and associated personalized data cannot be restored.

11. Updates to This Privacy Policy

We may modify or update this Privacy Policy from time to time. While we may attempt to notify you of material changes, you should regularly review the most current version, as such changes are binding on you.

If we update this Privacy Policy, the changes will be reflected in the "Last Updated" date. Continued access to or use of the Services after the effective date constitutes your acceptance of the revised Privacy Policy.

12. Jurisdiction-Specific Provisions

12.1 California Privacy Disclosure

This California Privacy Disclosure supplements the Privacy Policy and applies only to users residing in the State of California. It is intended to satisfy the requirements of the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This disclosure applies to California residents and information that can be reasonably linked to a California consumer ("California Information").

Categories of Personal Information Collected (Past 12 Months)

We have collected the following statutory categories of personal information during the past 12 months, with examples provided below:

Identifiers: such as real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, and account name — including phone number/email used for registration and user identifiers;
Personal Information Listed in Cal. Civ. Code § 1798.80(e): such as name, signature, physical characteristics or description, address, telephone number, passport number, driver's license or state ID number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or other financial information, medical information, or health insurance information — including payment-related name, billing address, phone number, and card details;
Protected Classification Characteristics: such as age and gender — including date of birth and gender;
Commercial Information: such as records of products or services purchased, obtained, or considered, or other purchasing or consumption histories — including purchase history and transaction records;
Biometric Information (Special Note: we do not collect genetic, physiological, behavioral, or biological characteristics used to extract templates or identifiers, such as fingerprints, facial voiceprints, iris or retinal scans, keystroke patterns, gait, or similar physical patterns, nor health, sleep, or exercise data). Facial video is used solely for real-time display and content moderation, not for biometric verification or template creation;
Internet or Other Electronic Network Activity Information: such as browsing history, search history, and interactions with websites, applications, or advertisements — including network activity and device information;
Geolocation Data: such as physical location or movement — including authorized GPS location data and approximate location derived from IP address or SIM card information;
Sensory Data: such as audio, electronic, visual, or similar information — including user-generated content (video, images, audio) and facial video in livestreams;
Professional or Employment-Related Information: including occupation information provided in user profiles;
Inferences: such as preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes — which may be derived from usage patterns for service improvement (currently not used for personalized advertising).

Categories of Personal Information Disclosed for Business Purposes (Past 12 Months)

In the past 12 months, we have disclosed the following categories of personal information for business purposes:

Identifiers (e.g., disclosed to service providers for analytics and functional support);
Personal information under Cal. Civ. Code § 1798.80(e) (e.g., disclosed to payment processors);
Commercial information (e.g., disclosed for transaction processing);
Internet or electronic network activity information (e.g., disclosed for analytics and security);
Geolocation data (e.g., disclosed where location-based features are used);
Sensory data (e.g., disclosed for content delivery, storage, and moderation).

We have disclosed personal information to the following categories of entities:

Third-party service providers that provide products or services on our behalf (such as contract fulfillment, payment processing, analytics, registration/login assistance, and functional support).

Your California Privacy Rights

You have the right under the CCPA/CPRA to request that ZAVA disclose specific information regarding the collection and use of your personal information over the past 12 months, or to request access to or deletion of your personal information. Requests may be submitted to support@zavalive.com;
Certain information may be exempt from such requests under California law, and depending on your data choices, some services may be limited or unavailable;
No Sale / No Sharing: In the 12 months prior to the effective date of this disclosure, ZAVA has not sold your personal information and has not shared your personal information for cross-context behavioral advertising as defined by the CPRA;
Non-Discrimination: ZAVA will not discriminate against you for exercising any rights granted under the CCPA/CPRA.

Except where necessary to provide services, ensure security, or comply with legal obligations, we do not use or disclose sensitive personal information. You have the right to request limitations on such processing where permitted by law.

12.2 Japan Privacy Disclosure

This Japan Privacy Disclosure supplements the Privacy Policy and applies only to users residing in Japan, in accordance with the Act on the Protection of Personal Information (APPI).

Your personal information may be transferred to and processed in Hong Kong, where ZAVA operates affiliated entities or facilities. Details regarding personal information protection systems in these jurisdictions may be found on the website of Japan's Personal Information Protection Commission (PPC).

All ZAVA affiliates process personal information in accordance with data protection standards equivalent to those applicable to Japanese business operators. When transferring personal information to third parties outside Japan, we enter into written agreements requiring such parties to assume security and confidentiality obligations equivalent to those under the APPI.

12.3 Brazil (LGPD)

If you use ZAVA in Brazil, you are entitled to the rights provided under the Lei Geral de Proteção de Dados (LGPD), including rights to confirmation of processing, access, correction, anonymization, deletion, data portability, objection to processing, and withdrawal of consent.

We retain access logs for at least six (6) months in a secure and controlled environment to comply with legal requirements.

To prevent disclosure to unauthorized parties, we will verify your identity before processing requests. Where disclosure may infringe the rights of others or where we are legally required to retain certain data, we may be unable to fully comply and will explain the reasons.

You may lodge a complaint with Brazilian National Data Protection Authority (ANPD).