Privacy Policy

1. Who We Are

Zik4U Inc. (“we”, “us”, or “our”) operates the website https://zik4u.com and the Zik4U mobile application (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

Zik4U Inc. is a corporation registered in the State of Florida, United States.

For privacy inquiries, contact us at: privacy@zik4u.com

We have designated privacy@zik4u.com as our Data Protection Contact for GDPR purposes. A formal Data Protection Officer (DPO) will be appointed as required by applicable law as the platform scales.

2. Data We Collect

We collect the following categories of personal data:

3. How We Use Your Data

We use your personal data for the following purposes:

• Providing and improving the Service (account management, music detection, feed personalization)
• Enabling social features (follow, discover compatible listeners, messaging)
• Processing payments and managing creator subscriptions
• Sending push notifications you have opted into
• Computing music compatibility scores and personalized recommendations
• Detecting and preventing fraud, abuse, and security threats
• Complying with legal obligations
• Sending transactional emails (password reset, subscription confirmations)

We do not sell your individual personal data to third parties. We do not currently use your personal listening data for advertising targeting on the Zik4U platform.

As part of our Zik4U Intelligence Partner Program, we may share aggregated, anonymized, and non-individually-identifiable derivatives of platform listening data with verified business partners (labels, researchers, brands) under strict data use agreements. This aggregated data cannot be used to identify any individual user. For California residents: this aggregated data sharing may constitute a “sale” under CCPA. You may opt out by contacting privacy@zik4u.com.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for processing your data is:

• Contract performance: to deliver the Service you signed up for
• Consent: for music detection, push notifications, and optional analytics
• Legitimate interests: for fraud prevention, security, and product improvement
• Legal obligation: for tax reporting, GDPR compliance, and law enforcement requests

5. Data Sharing & Third Parties

We share your data only with the following trusted service providers:

5b. International Data Transfers

As a Florida C Corp, some of your data is processed and stored in the United States. We comply with GDPR (EU users) and CCPA (California users) requirements.

For transfers of personal data from the European Economic Area (EEA) to the United States, we rely on the following safeguards in accordance with GDPR Article 46:

• Standard Contractual Clauses (SCCs): Our key service providers (Supabase, Stripe, Firebase, Sentry, Expo) have adopted EU Standard Contractual Clauses as the legal mechanism for transatlantic data transfers.
• EU Data Storage: Our primary database is hosted in the EU (eu-central-1 region, Supabase Frankfurt) to minimize cross-border transfers.
• Adequacy Decisions: Where available, we rely on the European Commission adequacy decisions for the countries where our sub-processors operate.

For more information about the safeguards we apply, or to obtain a copy of the relevant SCCs, contact us at privacy@zik4u.com.

6. Data Retention

We retain your personal data as follows:

• Account data: As long as your account is active. Deleted within 30 days of account deletion request.
• Music listening data: Rolling 12-month history for personalization; anonymized aggregate data retained indefinitely.
• IP addresses: Anonymized after 30 days.
• Payment records: 7 years for tax and legal compliance.
• Push tokens: Deleted when you revoke notification permission or delete your account.
• Emotional profile & archetypes: Daily emotional snapshots and listener archetypes are retained while your account is active and deleted within 30 days of account deletion. These profiles are never shared in individually identifiable form.

7. Your Rights

Depending on your jurisdiction, you have the following rights:

To exercise any right, email us at privacy@zik4u.com. We will respond within 30 days.

8b. Automated Processing & Profiling

In accordance with Article 22 of the GDPR, we inform you that Zik4U uses automated processing to derive insights from your listening behavior. This includes:

• Daily Emotional Score: A composite score (0–100) reflecting your listening diversity, activity patterns, and consistency. Used to personalize notifications and content.
• Mood Indicators: Inferred listening moods (e.g., nocturnal, explorative, high energy) based on time-of-day patterns and artist diversity. Not used for individual-level external profiling or advertising targeting. Aggregated, anonymized derivatives of platform-wide listening patterns may be shared with verified Zik4U Intelligence Partners (labels, researchers, brands) under strict data use agreements. These aggregated insights cannot be used to identify any individual user. See Section 5 for details on our Partner Program.
• Trajectory Analysis: Week-over-week comparison of listening patterns to personalize engagement notifications.

This automated processing does not produce legal or similarly significant effects. You may opt out of emotional profiling at any time in Settings → Privacy. Opting out will disable personalized digest notifications but will not affect core app functionality.

8c. Music Match — Connect Through Music

Music Match is an optional feature that allows users to discover other members with compatible music tastes for social or romantic connections. This feature is strictly opt-in and disabled by default.

Data collected for Music Match

• Relationship status — declared voluntarily by the user (“single”, “open”, “taken”, or “undisclosed”). Visible on your profile only if you activate Music Match.
• Music Match preference (dating_opt_in) — a boolean flag indicating that you consent to appear in and see Music Match results. Off by default. Modifiable at any time in Settings → Privacy.
• Music compatibility data — your listening history (already collected for core app functionality) is used to compute compatibility scores with other opted-in users.

Legal basis (GDPR)

Processing of Music Match data is based on explicit consent (GDPR Art. 6(1)(a) and Art. 9(2)(a) for relationship status data, which constitutes sensitive personal data under EU law). This consent is obtained via a double opt-in mechanism:

1. Voluntarily setting your relationship status to “single” or “open”.
2. Explicitly enabling the Music Match toggle in Settings → Privacy.

Data sharing and visibility

• Your profile may appear in Music Match results visible to other opted-in users.
• Your relationship status is never shared with B2B partners or third parties.
• Your dating preference flag is never exposed via our Partner Intelligence API.
• No location data is used or shared in Music Match.

Age requirement

Music Match is available only to users aged 17 years or older. By activating Music Match, you confirm that you meet this age requirement.

How to disable

You can disable Music Match at any time by going to Settings → Privacy → Music Match and toggling it off. Upon disabling, your profile is immediately removed from all Music Match results. Your relationship status can also be set to “undisclosed” at any time.

8. Cookies & Tracking

Our website uses minimal cookies:

• Essential cookies: Authentication session management (Supabase auth token). Required for the Service to function.
• Analytics: Anonymous usage analytics via Firebase Analytics. No cross-site tracking.

We do not use third-party advertising cookies or pixel trackers.

9. Data Security

We implement industry-standard security measures including TLS 1.3 encryption in transit, infrastructure-level disk encryption at rest (AES-256, managed by Supabase), Row-Level Security (RLS) policies on all database tables, and regular security audits. OAuth tokens for connected music services are stored encrypted and never exposed in plaintext. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by GDPR.

10. Children's Privacy (COPPA)

Zik4U is not directed to children under the age of 13 years old (or 16 years old in the European Economic Area).

We do not knowingly collect personal data from children under these age thresholds. By using Zik4U, you confirm that you are at least 13 years old (or 16 in the EEA), or that a parent or legal guardian has provided consent on your behalf.

If we become aware that we have collected personal data from a child below the applicable age without verifiable parental consent, we will delete that data immediately. To report such a case, contact us at privacy@zik4u.com.

This policy complies with the Children's Online Privacy Protection Act (COPPA, USA) and the GDPR provisions applicable to minors (EU/EEA).

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or an in-app notification at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy. The “Last updated” date at the top of this page reflects the most recent revision.

Questions?

If you have questions about this Privacy Policy or wish to exercise your rights, contact our Privacy Team: