Last Updated: April 2, 2020
Zabo provides an API-driven platform (the “API”) that enables users (“End Users” or “you”) to aggregate their account information and data, from the data sources where these End User’s End User Data (as defined below) are stored (as modified from time to time, the “Zabo Services”). “End User Data” means financial account information and data, including (a) account name, account type and public wallet or deposit addresses, (b) information related to account balances account transactions, in both amounts and in other currency equivalents (e.g. US Dollars), (c) information about account transactions, including amount, date, time, type, location, price, cost basis, fees, quantity, sender and recipient and (d) information about the End User as the account owner, such as publicly provided name.
Zabo also provides the API, the Zabo Services, the website at https://www.zabo.com (the “Website”), the dashboards, the related tools and other products or services (collectively the “Developer Services”) to our developers and customers (collectively, “Developers” or “you”) that can use these Developer Services to integrate the API and Zabo Services into their applications or third-party applications (collectively, the “Zabo Enabled Applications”).
End Users can currently only access and use their End User Data through a Zabo Enabled Application.
For the purposes of the GDPR, Zabo is considered the data controller in some situations and the data processor in other situations. When we are acting as the data controller, we are responsible for deciding how we use the information that we hold. When we are acting as the data processor, Developers and their End Users are responsible for deciding how we use the information that we hold. We are a Delaware corporation registered in the United States with an office at Modular, Inc. d/b/a Zabo, 251 SW Wilshire Blvd, Ste 124, Burleson, TX 76028.
The GDPR applies to you if you are located in the European Economic Area, the United Kingdom or Switzerland (an “EEA Individual”).
This policy describes the types of information we may collect from you or that you may provide when you access or use the API, the Zabo Services, the Developer Services or any of the other features, functions, services, and products, and our practices for collecting, using, maintaining, protecting and disclosing that information.
This policy applies to information we collect or may collect:
For End Users:
In accessing and using the API and the Zabo Services through a Zabo Enabled Application.
In accessing the accounts where your End User Data is stored.
In registering to use and to create an account for the Developer Services.
In accessing and using the Developer Services and the other Services.
In e-mail, text and other electronic messages sent through or use of the Zabo Services and the other Services.
When you send any content through the Developer Services or any of the other Services.
Through services provided to us or to you by third-party companies, agents or contractors.
It does not apply to information collected by:
Us offline or through any other means, including on the Website or any other website operated by Zabo or any third party;
Our Service Providers (as defined below) and other third parties that provide us or you with certain services; or
Any third party, including Developers when they are providing access to the API and the Zabo Services through their Zabo Enabled Application.
None of the Services are intended for minors under 18 years of age. No one under age 13 may provide any information on or through the Zabo Services or the other Services. We do not knowingly collect personal data from children under 13. If you are under 13, do not use or provide any information on or through any of the Services or any of its features or register on use any of the interactive or public comment features of any of the Services or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name, username you may use or any pictures of you. If we learn we have collected or received personal data from a child under 13 without verification of parental consent, we will delete that information. If you believe that we might have any information from or about a child under 13, please contact us at email@example.com.
We collect or may collect several types of information from and about users of the API, the Zabo Services, the Developer Services and the other Services, including:
For End Users:
Login information required to access your accounts, including, usernames, passwords (e.g., one-time passwords or two-factor authentication methods), security tokens or API keys
Usage details and information; and/or
Information by which you may be personally identified, including personal data such as name, telephone number, address and e-mail address;
Your IP address, including when you create an account;
Information that you provide by registering or creating an account in connection with the Developer Services;
Financial and billing information, including credit or debit card information;
Information that is about you but individually does not identify you, such as the date and time of visit;
Device, internet and mobile information such as the hardware model, operating system version, browser type, language, wireless network, and mobile network information
When you report a problem with any of the Developer Services or any of the other Services;
Records and copies of your correspondence (including e-mail addresses), if you contact us; and/or
Details of transactions you carry out through the Developer Services, and any of the other Services.
We collect this information:
Directly from you when you provide it to us.
Automatically as you use the API and Zabo Services through a Zabo Enabled Application.
Automatically as you navigate through or use the Developer Services or any of the other Services.
From third parties, such as our Developers, Service Providers, customers, business partners and other third parties that provide us or you with certain services.
Certain transactions may also involve you calling us or our calling you. Please be aware that we may monitor, and in some cases, record such calls for staff training or quality assurance purposes.
We take every reasonable step to limit the volume of your personal data that we process to what is reasonably necessary.
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
The technologies we use for automatic data collection may include:
Pixels and Tags. Pixels and tags are site instrumentation tools that help us to determine, for instance, whether a page has been viewed or not and, if so, how many times. Emails or electronic newsletters we send may use tools (e.g., pixel tags or web beacons) to gather email metrics and information to improve the reader’s experience such as how many of the emails are opened, if they were printed or forwarded, the type of device (e.g., mobile or PC) from which they were opened, and the associated member account details, which include name, city, state, and county associated with the applicable IP address. In general, any electronic image viewed as part of a webpage, including an ad banner, can act as a web beacon.
Your web browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. We do not honor any web browser “Do Not Track” signals or other mechanisms that provide you with the ability to exercise choice regarding the collection of personally identifiable information about your online activities over time and across third-party websites or online services. At present, no universally accepted standards exist on how companies should respond to do-not-track signals. In the event a final universally accepted standard is established, we will assess and provide an appropriate response to these signals
We may use or partner with third-parties, agents or contractors for various purposes in connection with our business and operations (collectively, “Service Providers”), including, storage of access credentials and End User Data, the provision of the API and the Zabo Services through a Zabo Enabled Application and billing and payment services. In the course of performing these responsibilities and providing such services, these other companies may have access to your personal information. We may also share information, including your personal information, with these Services Providers in order to enable them to perform these responsibilities and to provide these services. Many Services Providers have adopted their own privacy policies, which are not subject to control by Zabo. You should always review the policies of these Service Providers to make sure that you are comfortable with the ways in which they collect, use, maintain, protect and disclose your information. We do not list our current Service Providers because they change from time to time. If you would like the names of any of Service Providers, please email us at firstname.lastname@example.org.
We use commercially reasonable efforts to ensure that Service Providers that have access to your personally identifiable information in connection with providing services are required to keep your personal information confidential and are not permitted to use this personal information for any purpose other than to fulfill the services in connection with the Zabo Services, the Developer Services or the other Services.
DoubleClick: We may use Google Analytics remarketing codes to log when users view specific pages or take specific actions on a website.
Google has additional information available about its Remarketing Privacy Guidelines, Policies, and Restrictions on its website.
We use information that we collect about you or that you provide to us, including any personal data:
For End Users:
To provide you the API and the Zabo Services through a Zabo Enabled Application.
To enhance the safety and security of the API and the Zabo Services.
In any other way we may describe when you provide the information.
For any other purpose with your consent.
To provide you the Developer Services and the other Services and the content and the other products and services that you request from us.
To process and complete transactions, including registration for the use of the Developer Services and the other Services and send you related information.
To provide technical and other support to you.
To send you promotional communications, such as providing you with information about services, features, surveys, newsletters, offers and events; and providing other news or information about us.
To fulfill any other purpose for which you provide it.
To provide you with notices about your account.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
To notify you about changes to the Developer Services and the other Services.
To enhance the safety and security of all of the Services.
To verify your identity and prevent fraud or other unauthorized or illegal activity.
In any other way we may describe when you provide the information.
For any other purpose with your consent.
Some of the information that we collect automatically is statistical data and does not include personal data, but we may maintain it or associate it with personal data we collect in other ways or receive from third parties or you provide to us. It helps us to improve the Developer Services and the other Services, and to deliver a better and more personalized service, including enabling us to:
Estimate our audience size and better understand usage patterns.
Store information about your preferences, enabling us to customize according to your individual interests.
Speed up your searches.
Recognize you when you return to the Website.
We may store any data or other information that we collect (personal or otherwise) ourselves or in databases and servers owned and maintained by us, our affiliates, agents or Service Providers. If you access or use the API, the Zabo Services, the Developer Services or any of the other Services outside of the United States, information that we collect about you may be transferred to servers inside the United States and maintained indefinitely, which may involve the transfer of information out of countries located in the European Economic Area and other parts of the world unless otherwise prohibited by applicable law or agreed by Zabo and you. By allowing Zabo to collect information about you, you consent to such transfer and processing of such information without restriction. We may also store some information locally on your computer or other devices. For example, we may store information as local cache so that you can open and view content faster.
Although users from all over the world may access the API, the Zabo Services, the Developer Services and the other Services, keep in mind that no matter where you live or where you happen to use our services, you consent to us processing and transferring information in and to the United States and other countries whose data-protection and privacy laws may offer fewer protections than those in your home country.
We may disclose aggregated or anonymized information about our users, and information that does not include any personal data, without restriction.
We may disclose End User Data to our Developers in connection with provision of the Zabo Services through their Zabo Enabled Application.
To our subsidiaries and affiliates.
To Service Providers we use to support our business as more particularly described in the Third-party Responsibilities and Services provision above.
To other users in your organization in connection with the Developer Services or any of the other Services.
To a potential or actual buyer. assignee or other successor (including its related advisors and agents) in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Zabo’ assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by Zabo about users of is among the assets that may be or are actually transferred.
To fulfill the purpose for which you provide it.
For any other purpose disclosed by us when you provide the information.
With your consent.
We may also disclose your End User Data or personal data:
To comply with any court order, law or legal process, including to respond to any government or regulatory request.
To enforce or apply the Terms and other agreements, including for billing and collection purposes.
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Zabo, our customers or others.
We strive to provide you with choices regarding the personal data you provide to us. We have created mechanisms to provide you with the following control over your personal data:
Promotional Offers from Zabo. If you do not wish to have your e-mail address/contact information used by Zabo to market or otherwise promote our own or third parties’ products or services, you can opt-out through the unsubscribe mechanism at the bottom of the applicable email. This opt out does not apply to information provided to Zabo as a result of a service or product purchase, warranty registration, product service experience or other transactions.
We do not control third parties’ collection or use of your information to serve interest-based advertising. You may be able to opt out of receiving personalized advertisements from companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: http://www.aboutads.info and http://www.networkadvertising.org/choices/. You may also use TRUSTe’s Preference Manager at http://preferences-mgr.truste.com.
GDPR and the laws in some other jurisdictions require companies to tell you about the legal bases that they rely on to use or disclose your personal data. To the extent that those laws apply, we rely on the following legal grounds to process your personal data:
Performance of a contract: In most cases, we collect and use your End User Data and personal data and other information to meet our obligations under a contract to which you are a party or pursuant to which we are providing services to you. For example, when you use the Developer Services or the other Services, we will use your personal data to respond to your requests and to provide you with these services.
Legitimate interests: We may use your personal data information for our legitimate interests on the grounds that it furthers our legitimate interests in commercial activities (but only to the extent that such interests are overridden by the interests or fundamental rights and freedoms of the affected individuals) including:
Analyzing and improving the API, the Zabo Services, the Developer Services, the other Services and our business
Providing the services pursuant to our contracts with our clients
Legal compliance: We may use and disclose personal data in certain ways to comply with our legal obligations under European or Member State law or other applicable law.
Consent: To the extent required by law, and in certain other cases, we handle personal data on the basis of implied or express consent.
End Users may change, correct or delete any personal data that they have provided to the Developer providing the Zabo Enabled Application through which you are accessing the API and the Zabo Services as directed by such Developer.
Developers may change, correct or delete any personal data that they have provided to us through their dashboard or by emailing us at email@example.com.
California Civil Code Section § 1798.83 permits users of that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an e-mail to firstname.lastname@example.org or write to us at: Modular, Inc. d/b/a Zabo, 251 SW Wilshire Blvd, Ste 124, Burleson, TX 76028.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your personal data) if we intend to use your personal data for such purposes or if we intend to disclose your personal data to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal data. You can also exercise the right by contacting us directly.
If you are an EEA Individual and GDPR applies and we hold your personal data in our capacity as a controller, you may request that we:
Provide access to and/or a copy of certain personal data (including, in some cases, in portable form);
Prevent the processing of your personal data for direct-marketing purposes (including any direct marketing processing based on profiling);
Update personal data that is out of date or incorrect;
Delete certain personal data which we are holding about you; provided that the personal data is not required by us for (i) compliance with a legal obligation under European or Member State law or other applicable law or (ii) the establishment, exercise or defense of a legal claim;
Object to our processing of personal data;
Restrict the way that we process and disclose certain of your information except to the extent that processing is required (i) to comply with a legal obligation under European Member State law or applicable law or (ii) for the establishment, exercise or defense of legal claims;
Transfer your personal data to a third party to the extent that this is technically feasible; and
Honor a revocation of your consent for the processing of your personal data (without retroactive effect).
We will consider all requests and provide our response within the time period required by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with additional information to confirm your identity before responding to your request. You have the right to lodge a complaint with the authorities applicable to your situation, though we invite you to contact us with any concern, as we would be happy to try to resolve it directly. You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.
If you are an EEA Individual in France, you also have the right to set guidelines for the retention and communication of your personal data after your death.
If you reside in a jurisdiction other than the European Economic Area, you may also have similar rights to the above. Please contact us at email@example.com if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law.
You can exercise any of these rights by contacting us at firstname.lastname@example.org or write to us at: Modular, Inc. d/b/a Zabo, 251 SW Wilshire Blvd, Ste 124, Burleson, TX 76028.
We will only retain your personal data, in a form which permits us to identify you, for as long as necessary to fulfill the purposes we collected it for. We will retain and use your personal data as necessary to satisfy any legal, accounting or reporting requirements, to resolve disputes or to enforce our agreements and rights. To dispose of personal data, we may anonymize it, delete it or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time.
We understand that the security of your access credentials, End User Data and personal data is very important.
For End Users, Zabo will encrypt the access credentials that you use to access your End User Data and employ other commercially reasonable security measures to protect End User Data in accordance with good industry practice and all applicable laws.
For Developers, we provide reasonable administrative, technical, and physical security controls to protect your personal data.
Despite our efforts, however, no security controls are 100% effective. Zabo cannot ensure or warrant the security of your credentials, End User Data or personal data. Any transmission of your credentials, End User Data or personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on or through the Website.
The safety and security of your data also depends on you. Where you have chosen (or we have given you) a password for access to and use of certain parts of the Developer Services, the API, the Zabo Services and/or the other Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.