Privacy Policy

Ziwa (“we”, “us”, “Ziwa”) operates ziwa.club and the Ziwa Lead Finder browser extension. This policy describes what data we collect, why we collect it, and what choices you have.

For privacy questions, contact us at privacy@ziwa.club.

• Account information — when you sign up: email, name, password (stored hashed with bcrypt), and login provider (Google OAuth or password).
• Usage history — searches and lookups you perform on the website (including profile URLs you submitted), plus the results returned. Used to show your scan history and prevent duplicate billing for the same lookup.
• Billing information — handled by our payment processor. We store a subscription status, plan, and a payment reference; we do not store full credit card details.
• Session cookies — a single “auth-token” cookie keeps you signed in. Strictly necessary; not used for advertising.
• Standard server logs — IP address, user agent, and timestamps for each API request, retained for security and fraud-prevention purposes for up to 90 days.

The Ziwa Lead Finder browser extension is a separate product from the website. It does the following on your device:

• Reads the active tab’s URL when you click the toolbar icon, to determine if it’s a profile page worth enriching. Inactive tabs are not accessed.
• Reads the page DOM of the active tab when you explicitly click “Look up”, to extract a numeric profile identifier. The extension does not read keystrokes, cookies, passwords, or unrelated page content.
• Stores your Ziwa session token inchrome.storage.localafter you complete the “Connect” flow. Used as the authentication credential when the extension calls Ziwa’s servers. Cleared when you sign out.
• Sends the extracted profile identifier to ziwa.clubover HTTPS, where it is matched against your Ziwa directory and the result returned to the extension.

The extension does not read or store: passwords, messages, post content, friends lists, browsing history outside the active tab, or anything from sites other than facebook.com and ziwa.club. It does not run any background scraping — it acts only when you explicitly click the toolbar icon.

• To authenticate you and operate your account
• To process your lookups and return results
• To bill you accurately for paid lookups
• To detect and prevent abuse, fraud, and unauthorized access
• To communicate service announcements and security notices
• To comply with legal obligations and respond to lawful requests

Ziwa’s enrichment results are derived from publicly available datasets, third-party data providers under commercial license, and user-contributed records. We are an aggregator and lookup provider; we do not scrape Facebook, Twitter/X, LinkedIn, or other platforms in real time.

We do not sell or rent personal information. We share data only with:

• Service providers who process data on our behalf under contractual confidentiality obligations (hosting, payment processing, email delivery).
• Legal authorities when required by law, valid court order, or to protect our users from imminent harm.
• Business successors in the event of a merger, acquisition, or sale of assets — with notice to you.

You have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Delete your account and associated data
• Object to processing or restrict it
• Receive a copy of your data in a portable format
• Withdraw consent at any time

EU/UK residents have rights under GDPR. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and opt-out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising).

To exercise any of these rights, email privacy@ziwa.club. We will respond within 30 days.

If you are not a Ziwa user but believe your information appears in our directory and you want it removed, email privacy@ziwa.club with proof of identity (e.g., the email address associated with the record). We will remove the matching record from our active directory and add it to a tombstone list so it is not re-ingested on future updates.

• Account data: kept for the lifetime of your account; deleted within 30 days of account closure.
• Lookup history: kept for the lifetime of your account; deleted on request.
• Server logs: 90 days.
• Tombstoned third-party records: kept indefinitely as tombstones (UID only, no other data) to prevent re-ingestion.
• Billing records: kept as long as required by tax and accounting law (typically 7 years).

We protect data with industry-standard measures: TLS for all connections, hashed passwords (bcrypt), encrypted database backups, principle-of-least-privilege access for staff, and audit logs for sensitive operations. No system is perfectly secure, but we work to reduce risk and respond quickly to incidents.

Ziwa is not intended for users under 18. We do not knowingly collect information from children. If you believe a child has provided us with information, contact privacy@ziwa.club and we will delete it.

Ziwa operates servers in multiple regions. By using the service, you consent to your data being processed in countries other than your own. For EU/UK users, we use Standard Contractual Clauses where required.

We may update this policy from time to time. Material changes will be notified by email and on the website. The “Last updated” date at the top of this page reflects the most recent version.

For all privacy questions, requests, or concerns: privacy@ziwa.club