Legal
Privacy Policy
Last updated: June 12, 2026
1. What We Collect
- Account data: name, email, mobile number, address — provided at checkout.
- Payment data: processed by NowPayments (crypto). We never see or store card numbers; we store order amounts, statuses, and payment references.
- Payout data: the USDC wallet addresses you save for withdrawals.
- Trading data: simulated positions, orders, balances, and rule events on your accounts.
- Technical data: IP address and basic device information for login security and fraud prevention; analytics events via Meta Pixel on public pages.
2. How We Use It
To operate your accounts, enforce trading rules, process payouts, prevent fraud and account sharing, send transactional email (order, activation, review, payout emails), and — only if you opt in — occasional promotional email. We do not sell personal data.
3. Sharing
Data is shared only with service providers needed to run ZZL: our payment processor (NowPayments), our email delivery provider, and hosting infrastructure. Each receives only what it needs. We disclose data to authorities only when legally required.
4. Cookies
We use a session cookie for login (with an optional 30-day "remember me"), a referral cookie when you arrive via an affiliate link (30 days), and the Meta Pixel on public marketing pages. No third-party advertising cookies are set inside the trader dashboard or terminal.
5. Security
Passwords are stored as one-way hashes. Sessions are HTTP-only cookies. Login is rate-limited with automatic lockout after repeated failures. Access to production data is limited to the operator.
6. Retention and Your Rights
Order and payout records are kept as long as required for accounting and dispute handling. You may request a copy of your data, correction, or deletion (subject to legal retention duties) at any time at support@zzlfunded.com. EU/UK residents have GDPR rights; California residents have CCPA rights — both honored on request.
7. Changes
Updates to this policy are posted here with a new "last updated" date; material changes are emailed.
8. Mobile App (iOS & Android)
The ZZL Funded app collects the following in addition to the above:
- Sign-in with Google / Apple: if you choose social sign-in, we receive your name and email from Google or Apple to create or access your account. Apple may provide a private relay email instead of your real address; we honor that.
- Identity verification (KYC): when verification is required (e.g. before a payout), our provider Didit collects your government photo ID and a selfie/biometric facial scan to confirm your identity. Those images are processed by Didit under their privacy policy and are not stored by ZZL — we keep only the resulting verification status (approved/declined) and a reference id.
- Two-factor authentication: if you enable an authenticator app, we store a TOTP secret solely to verify your 6-digit codes. Device biometrics (Face ID / Touch ID) used to unlock the app stay on your device and are never transmitted to us.
- Push notifications: if you allow them, we store your device's push token (Apple Push Notification service for iOS; Expo for other builds) to send account alerts such as payout, evaluation, and rule events. You can turn these off any time in your device Settings.
- ZZL token wallet: the Solana wallet address you optionally save to receive the future ZZL token airdrop.
- Device & diagnostic data: standard app/device information used for login security, fraud prevention, and crash diagnostics.
App data is shared only with the providers needed to deliver these features — Didit (identity verification), Google and Apple (sign-in), and Apple Push Notification service / Expo (notifications) — in addition to the processors named in section 3. We do not sell personal data or use it for third-party advertising inside the app. You may request access or deletion at support@zzlfunded.com.