(Last updated: October 05, 2025)

of!ZENLINGO LLC"

3141 E Elmwood Place"

Chandler, AZ 85249"

(the “Data Controller“, “us“, “we“, or “our“)

The Data Controller operates the!zenlingo.com!website, the ZenLingo multi-platform

application, as well as a number of reference sources (the “Service“).

Our Service does not address anyone under the age of eighteen (“Child”). In some

countries, we may impose higher age limits as required by the applicable law. We do

not knowingly collect Personal Data of and from Children. If you are a holder of parental

responsibility (a parent or a guardian) and you become aware that your Child has

provided us with Personal Data without your consent or authorization, please contact

us. Once we become aware of that, we will delete them.

This Privacy Policy aims to acquaint you with the main moments related to the

processing of your personal data. The Data Controller reserves the right to update it,

and its current version will be at your disposal at any time on the Service as listed

above.

I. Deﬁnitions

1. Cookies:!means small pieces of data stored on the user’s device.

2. Data controller:!means a person who (either alone or jointly or in common with other

persons) determines the purposes for which and the way any personal data are, or are

to be, processed.

3.!Data processor or service providers:!means a natural or legal person, public

authority, agency, or other body (other than an employee of the Data Controller) who

processes the data on behalf of the Data Controller.

4. Personal data:!means any information relating to an identiﬁed or identiﬁable natural

person (the “Data Subject”) via an identiﬁer such as a name, an identiﬁcation number,

location data, an online identiﬁer or to one or more factors speciﬁc to the physical,

physiological, genetic, mental, economic, cultural, or social identity of that natural

person.

5. Processing:!means any operation or set of operations which is performed on

Personal Data or on sets of Personal Data, whether by automated means, such as

collection, recording, organization, structuring, storage, adaptation or alteration,

retrieval, consultation, use, disclosure by transmission, dissemination or otherwise

making available, alignment or combination, restriction, erasure or destruction.

6. Recipient:!means a natural or legal person, public authority, agency, or another body,

to which the personal data are disclosed, whether a third party or not.

7. Usage data:!means the data collected automatically either generated using the

Service or from the Service infrastructure itself.

8. User:!means the individual visiting and using our Service. The User corresponds to

the Data Subject.

II. Principles

2.1 The main principles on which the Data Controller bases the processing of personal

data are: (i) legality; (ii) good faith and transparency; (iii) minimizing data and limiting the

purposes and retention period; (iv) accuracy; (v) integrity and conﬁdentiality; (vi)

accountability.

2.1.1 In order for the Processing to be lawful, the Data Controller processes your

Personal Data based on legitimate grounds, when necessary, in the context of a

contract or with an expressed intention to conclude such.

2.1.2 The principle of good faith and transparency requires the Data Controller to

ensure that all information and communication related to the Processing of your

Personal Data is easily accessible and understandable, using clear and unambiguous

wording. This principle applies to the information that you as a Data Subject receive

about the identity of the Data Controller and the purposes of the Processing, as well as

to the additional information guaranteeing conscientious and transparent Processing.

2.1.3 Compliance with the third principle, namely to minimize data and limit the

purposes and period of storage by the Data Controller, is ensured by collecting only

those data that are absolutely necessary for the purposes and activities of the Data

Controller and its compliance with the legal requirements, as they are processed only

for speciﬁc, explicitly stated and legitimate purposes, and are not processed in a way

incompatible with these purposes, and are stored for a period not longer than necessary

or provided by the law.

2.1.4 The principle of accuracy requires that all Personal Data processed by the Data

Controller be accurate and kept up to date, and for this purpose the Data Controller

relies on you as a Data Subject, on your correctness and assistance. If it proves

impossible to correct inaccurate Personal Data provided by you, the Data Controller

shall delete them in a timely manner, considering the purposes for which they are

processed.

2.1.5 In accordance with the principle of integrity and conﬁdentiality, the Data Controller

processes your Personal Data in a way that ensures an appropriate level of security,

including protection against unauthorized or unlawful processing and against accidental

loss, destruction, or damage, applying appropriate technical or organizational

measures.

2.1.6 The principle of accountability comes to ensure before you that everything the

Data Controller does regarding your Personal Data is subject to control and the Data

Controller is responsible for it.

2.2 The Data Controller ensures that all persons involved in the Personal Data

processed by it are familiar with the basic principles set out here, this Policy, as well as

the applicable legal requirements regarding the protection of your Personal Data.

III. Types of personal data collected

3.1 While using our Service, we may ask you to provide us with certain Personal Data.

The categories of Personal Data may include, but are not limited to:

• First name and surname

• Country and country code

• Email address

• Phone number (if applicable)

• Habitual residence (if applicable)

• Google, Facebook, Huawei, Microsoft and/ or Apple credentials and proﬁle pictures (if

applicable)

• Billing and payment data – credit or debit card number, bank account information (if

applicable) and information about payments

• Cookies and Usage Data – device type, device ID and/ or IP address, crash logs data,

diagnostic data, music ﬁles data and other information as clariﬁed below (if applicable)

• Communications and content, including audio, video, text (typed, inked, dictated, or

otherwise), in a message, email, or chat (if applicable).

3.2 The Data Controller receives your Personal Data in the following ways: (i) personally

from you, when you visit and start using the Service; (ii) from other sources like Google,

Facebook, Apple, etc. but only as supplementary information to that, already provided

voluntarily by you; and (iii) through so-called Cookies and other unique identiﬁers.

3.3 Integration with third party services (Google, Facebook, Huawei, Microsoft, Apple,

Stripe, and more) may require exchange of information, such as username, open ID,

single-sign-on tokens, and any other data required for implementation of said

integration. Integration is optional for social media, and necessary for payments. Any

data received from third party service is covered by this Privacy Policy.

3.4 Please note that when you provide your credit or debit card number on the Service,

this Personal Data is automatically redirected for Processing to our Service Providers of

Payments as enumerated in item 9.4 below. We do not process this Personal Data

ourselves. We process only a derivative information about your payments (amount paid,

date of payment, return, if any, transaction history, etc.).

3.5 Where required by law, we store the data and information we collect from you when

you are unauthenticated (not signed in) separately from any Account Personal Data that

directly identiﬁes you, such as your name, email address, or other. If we link other data

and information relating to you with your Personal Data, we will treat that linked data as

Personal Data. Please note that, if you use the unauthenticated version of our Service,

you may contact us with a request concerning your rights as Data Subject, but in this

case, we may not be able to identify you. If such a situation occurs, please go to your

Service settings and explore your options.

3.6 In addition, some of our Service have optional features which, if used by you,

require us to collect additional information to provide such features. You will be notiﬁed

of such collection, as appropriate. If you choose not to provide the information needed

to use a feature, you will not be able to use the respective feature. For example, you

cannot open ﬁles from your device if you don’t grant ﬁle access permission to the

respective application. Another example is the camera access – we ask for permission

to access your device’s camera. If you grant permission, you may be able to take

pictures or video within the app experience. Permissions can be managed through your

Account settings.

IV. Grounds for processing

4.1 Once provided, your Personal Data will be processed by us (our authorized

employees/ representatives/ Data Processors) on the following grounds: (i) the

Processing is necessary for the performance of a contract to which you as Data Subject

are party or in order to take steps at your request prior to entering into any such

contract; (ii) the Processing is necessary for compliance with a legal obligation to which

we as Data Controller are subject; and (iii) the Processing is necessary for the purposes

of the legitimate interests pursued by us as Data Controller or by a third party, except

where such interests are overridden by your interests or fundamental rights and

freedoms as Data Subject which require protection of Personal Data, in particular where

you are a Child.

4.2 When you have consented to your Personal Data being processed by the Data

Controller for direct marketing and remarketing purposes, you have the right to object/

opt out to this at any time in one of the ways described below. Upon receipt of your

objection/ opt out, we shall cease the Processing of your Data for these purposes.

V. Purposes of processing

5.1 The Data Controller processes/ uses your Personal Data and Usage Data for the

following purposes:

5.1.1 for provision and maintenance of the Service, its modiﬁcations, changes, updates,

or enhancements, including but not limited to, provision of interactive features

associated with the Service; for Service-related announcements; to detect, prevent and

address technical and security issues; for monitoring of the Service usage; for transfer

of your Personal Data to our Service Providers/ Data Processors; for measuring

effectiveness and analysis; for processing of subscriptions and collection of fees; for

execution of distance End-User License Agreements (whether paid or as a free trial); for

returns and reimbursements; for management of your account; for measures to protect

the Service against fraud, IP rights infringements, cyberattacks and other attempts to

harm the rights, property, piracy or safety of the Data Controller and/ or our employees,

Users, Children, or the public

5.1.2 for direct marketing and remarketing, including but not limited to, tracking

preferences and interests, sending you information about our Services and/ or special

offers, participation in promotions, rafﬂes and competitions, ﬁlling in and submitting

questionnaires and quizzes, conducting surveys, market research, etc.

5.1.3 for customer support, assistance, and solving problems; for investigating and

responding to any comments or complaints

5.1.4 for the observance of legal obligations by the Data Controller, including arising

from the applicable tax and accounting legislation

5.1.5 for the protection of the legitimate rights and interests of the Data Controller and

third parties, in full balance with your interests, fundamental rights and freedoms

5.1.6 for the transfer of your Personal Data to competent authorities; for handling

various other risks, as well as any other purposes compatible with the above.

5.2 The Processing of Personal Data for purposes other than those for which they were

originally collected is also permitted when the Processing is compatible with the

purposes for which they were originally collected. Processing for archiving purposes in

the public interest, for scientiﬁc or historical research purposes, or for statistical

purposes should be considered as compatible lawful processing operations.

VI. Retention period

6.1 The Data Controller will retain your Personal Data only for as long as is necessary

for the purposes set out in this Privacy Policy. We will retain and use your Personal Data

to the extent necessary to comply with our legal obligations (for example, if we are

required to retain your data to comply with applicable laws), resolve disputes, and

enforce our legal agreements and policies.

6.2 The Processing of your Personal Data will continue as follows: (i) in cases where

you have ﬁlled in and submitted incorrect, incomplete or inaccurate data, and there is no

way to be corrected or updated by the Data Controller, they will be deleted within one

(1) month as of their receipt; (ii) in the case of consent given for direct marketing, until

the Data Controller has received your objection/ opt-out to the processing of Personal

Data for this purpose; (iii) in cases where the Processing is based on a signed contract

– until the ﬁnal settlement of the legal relationship between you and the Data Controller

and ﬁve (5) years thereafter, except in cases of legal or enforcement proceedings, tax

inspections and/ or audits, as well as when the protection of the legitimate interests of

the Data Controller or third parties requires a longer period. All these terms will be valid

only on condition that laws or by-laws do not provide for longer or shorter ones. Usage

Data is generally retained for short periods, except when this data is used to strengthen

the security or to improve the functionalities of our Service, or we are legally obligated to

retain this data for longer time periods.

6.3 Please note that the data and information stored under your account in ZenLingo or

in your email inbox shall not be considered as part of the Personal Data/ Information we

receive and process hereunder. Therefore, there may be other reasons why these data

must be deleted or will be deleted by us, for example, if you exceed limits on how much

data and information you are allowed to store therein. For more information, please

refer to our Terms of Use.

6.4 The Data Controller makes regular checks on the Personal Data processed and

stored, and based on the rules contained herein, proceeds with their deletion,

destruction, or anonymization for statistical or research purposes. Regarding Personal

Data, for the storage of which special laws provide for longer periods, the Data

Controller shall take technical and organizational measures for their archiving so that

they are not subject to further Processing and cannot be amended.

VII. Transfer of personal data. Recipients

7.1 Your Personal Data may be transferred to and processed on computers located

outside of your state, province, country, or other governmental jurisdiction where the

data protection laws may differ from those of your jurisdiction. Also, the privacy

protections and rights of authorities to access your information may not be equivalent to

those in your country. If you are located outside United States and choose to use the

Service, please note that your Personal Data are received and processed in the United

States. Your Personal Data are stored and kept safe in Google Cloud Platform. More

information thereof you can ﬁnd on the following link:!https://cloud.google.com/security/

infrastructure.

7.2 We will only transfer your Personal Data when appropriate safeguards are put in

place to ensure that they receive adequate protection. Depending on the case, we

transfer or may give access to some of your Personal Data to the following categories of

Recipients: (i) companies from the group to which the Data Controller belongs; (ii)

Service Providers – partners and contractors like courier service providers, payment/

banking service providers, marketing service providers, including digital advertising

agencies and market research service providers, IT and hosting service providers, fraud

monitoring and prevention service providers, and other companies with which the Data

Controller develops joint programs; (iii) public government bodies and organizations,

where this is necessary in order to protect the legitimate interests of the Data Controller

or third parties, or where it is provided for as a legal obligation.

7.3 The Data Controller may entrust the processing of your Personal Data on its behalf

only to Data Processors who provide sufﬁcient guarantees that they will apply

appropriate technical and organizational measures in such a way that the Processing

complies with legal requirements, this Privacy Policy, and ensures the adequate

protection of your interests, fundamental rights, and freedoms. We always use HTTPS

protocol while transferring your Personal and/ or Usage Data.

7.4 If the Data Controller merges with or is acquired by another company, sells a

Service, or business unit, or if all or a substantial portion of our assets are acquired by

another company, your Personal Data will likely be disclosed to our advisers and any

prospective purchaser’s advisers and will be one of the assets that is transferred to the

new owner.

VIII. Disclosure for law enforcement

Under certain circumstances, we may be obliged to disclose your Personal Data by law

or in response to valid requests by public authorities (e.g., a court or a government

authority). Therefore, we may disclose your Personal Data in the good faith belief that

such action is necessary to:

• comply with a legal obligation, a subpoena, a court or administrative order or another

ofﬁcial act of a competent public or government authority

• protect and defend the rights or property of the Data Controller

• prevent or investigate possible wrongdoing in connection with the Service

• protect the personal safety of our employees, Users, Children, or the public

• respond to an emergency involving the danger of death or serious bodily harm

• protect ourselves against legal liability.

IX. Cookies. Usage data. Service providers. Others

9.1 Cookies. We use cookies and similar tracking technologies to track the activity on

our Service and hold certain information. Cookies are ﬁles with small amount of data

which may include an anonymous unique identiﬁer. Cookies are sent to your browser

from a website and stored on your device. Tracking technologies also used are

beacons, tags, and scripts to collect and track information and to analyze the

performance of and improve our Service. You can instruct your browser to refuse all

cookies or to indicate when a cookie is being sent. However, if you do not accept

cookies, you may not be able to use some portions of our Service. Examples of Cookies

we use:

• Necessary Cookies: we use Necessary Cookies to operate our Service. They help

make the Service usable by enabling basic functions and access to secure areas. The

Service cannot function properly without these cookies.

• Preference Cookies: we use Preference Cookies to remember your preferences and

various settings. They enable the Service to remember information that changes the

way it behaves or looks like your preferred language or the region that you are in.

• Statistic Cookies: we use Statistic Cookies to help us understand how you interact with

the Service by collecting and reporting information anonymously.

• Security Cookies: we use Security Cookies for security purposes.

• Advertising Cookies: we use Advertising Cookies to serve you with advertisements that

may be relevant to you and your interests.

Via our cookie banner the Data Controller collects and stores your prior, explicit, and

afﬁrmative consent before using cookies and trackers, or any other technology that

stores Personal Data on your terminal equipment (hardware and software) and before

allowing third-party interference into your electronic communications. You can control

the use of cookies at the individual browser level. If you reject cookies, you may still use

our Service, but your ability to use some of its features or areas may be limited.

9.2 Usage Data. We may also collect Usage Data that your browser sends whenever

you visit our Service or when you access the Service by or through a computer or a

mobile device. This Usage Data may include information such as your computer’s

Internet Protocol address (e.g., IP address), browser type, browser version, search

terms, entered into a search engine which led you to our Service, types of apps and

websites of your interest, the pages of our Service that you visit, the time and date of

your visit, the time spent on those pages, unique device identiﬁers, and other logs and

diagnostic data. When you access the Service by or through a mobile device, this

Usage Data may include information such as the type of mobile device you use, your

mobile device unique ID, the IP address of your mobile device, your mobile operating

system, the type of mobile Internet browser you use, and other logs and diagnostic

data.

9.3 We may employ third party companies and individuals to facilitate our Service

(“Service Providers”), to provide the Service on our behalf, to perform Service-related

services or to assist us in analyzing how our Service is used. These third parties have

access to your Personal Data only to perform the tasks assigned on our behalf and are

obligated not to disclose or use them for any other purposes whatsoever.

9.3.1 Service Providers of Analytics Data:

a) Google Analytics and Firebase are web and application analytics services offered by

Google that track and report website and applications trafﬁc and information about your

device. This information is automatically uploaded to the Google servers and used to

provide better services to the Users. Google uses the data collected to track and

monitor the use of our Service. This data is shared with other Google services. Google

may use the collected data to contextualize and personalize the ads of its own

advertising network. For more information on the privacy practices of Google, please

visit the Google Privacy Terms web page:!https://policies.google.com/privacy

b) Flurry Analytics service (for iOS products only) is provided by Yahoo! Inc. You can

opt-out from Flurry Analytics service to prevent Flurry Analytics from using and sharing

your information by visiting the Flurry’s Opt-out page:!https://developer.yahoo.com/

ﬂurry/end-user-opt-out. For more information on the privacy practices and policies of

Yahoo!, please visit their Privacy Policy page: https://developer.yahoo.com/ﬂurry/end-

user-opt-out.

c) Hotjar (used for websites Services only) is a technology service that helps us better

understand our Users` experience and this enables us to build and maintain our Service

with User feedback. For further details, please see Hotjar’s privacy policy by clicking on

this link:!https://www.hotjar.com/legal/policies/privacy/. You can opt-out HotJar services 
by following this link!https://www.hotjar.com/policies/do-not-track/.
d) We use Adjust in our Android and iOS apps when conducting our marketing 
campaigns. Adjust may gather some analytics or statistical consumer data on our behalf 
to help us better understand how Users use our apps, and how our marketing 
campaigns are performing. For in-depth information about Adjust, see!https://
www.adjust.com/terms/privacy-policy/. To opt out of tracking by Adjust follow this 
link!https://www.adjust.com/forget-device/.
e) We use AppsFlyer in our Android and iOS apps to gather basic statistical information 
and user data. This data helps us track the progress of our marketing campaigns and 
allows us to better understand how Users use our apps. For more information on the 
data gathered by AppsFlyer, see!https://www.appsﬂyer.com/legal/privacy-policy/. To opt 
out of tracking by AppsFlyer follow this link!https://www.appsﬂyer.com/legal/opt-out/.
f) We use AdMost in our Android, iOS and Windows apps when conducting our 
marketing campaigns. AdMost may gather some analytics or statistical consumer data 
and information on our behalf to help us better understand how Users use our apps, 
and how our marketing campaigns are performing. For in-depth information about 
AdMost, see!https://resources.admost.com/privacy-policy/.
g) We use Microsoft Clarity on our website and mobile applications, which is a GDPR 
compliant user behavior analytics tool. It helps us understand how users are interacting 
with your website/ apps through features such as session replays and heatmaps. For 
further details, please see Microsoft privacy policy at!https://privacy.microsoft.com/
privacystatement. To opt out of tracking by Microsoft Clarity follow this link and click 
Microsoft:!https://optout.aboutads.info/.
9.3.2 Service Providers of Advertising Data:
a) We use Google Ads for advertising and remarketing purposes, allowing us to display 
relevant advertisements to you based on your past interactions with our services. This 
includes services like Google Ads remarketing. You can manage your ad preferences or 
opt-out of personalized ads by visiting the Google Ads Settings page:!https://
www.google.com/settings/ads.!!
Google also recommends installing the Google Analytics Opt-out Browser Add-on –
!https://tools.google.com/dlpage/gaoptout!– for your web browser. The Google Analytics 
Opt-out Browser Add-on provides visitors with the ability to prevent their data from being 
collected and used by Google Analytics. For more information on Google's privacy 
practices, please visit the ofﬁcial Google Privacy Policy web page:!https://
policies.google.com/privacy.!!

b) We use Google Ads remarketing to display targeted advertisements to users who 
have previously visited our website or interacted with our apps. You can opt-out of 
Google Analytics for Display Advertising and customize the Google Display Network ads 
by visiting the Google Ads Settings page:!https://www.google.com/settings/ads. For 
more information on the privacy practices of Google, please visit the ofﬁcial Google 
Privacy Policy web page:!https://policies.google.com/privacy.!
c) We use AdMob by Google to display advertisements within our mobile applications. 
You can opt-out from AdMob by following the ofﬁcial Google guidelines:!https://
support.google.com/My-Ad-Center-Help/answer/12155764. For more information on 
how Google uses the collected information, please visit the ofﬁcial Partner Sites 
page:!https://policies.google.com/technologies/partner-sites!or Google's Privacy 
Policy:!https://policies.google.com/privacy.!
d) We use Google Analytics 4 to track and report website and app trafﬁc so we can 
assess user behavior and better understand how visitors interact with our services. You 
can opt-out of Google Analytics tracking by installing the Google Analytics Opt-out 
Browser Add-on:!https://tools.google.com/dlpage/gaoptout.!For more information, 
please refer to Google's Privacy Policy:!https://policies.google.com/privacy.!
e) We use Google Tag Manager to quickly and easily update tracking codes and related 
code fragments (tags) on our website and mobile apps. This helps us manage various 
analytics and marketing tags without modifying the source code. Google Tag Manager 
itself does not collect personal data, but the created tags may. For more information, 
please refer to Google's Privacy Policy:!https://policies.google.com/privacy.!
f) We use Google Tags to facilitate the collection of data for various Google services, 
including Google Analytics and Google Ads. This helps us understand user behavior 
and optimize our marketing efforts. For more information on how Google uses this data, 
please refer to Google's Privacy Policy:!https://policies.google.com/privacy.!
g) We use Meta Audience Network to conduct marketing campaigns within our Android 
and iOS apps to reach a speciﬁc audience. While posting an ad, an advertiser is 
provided a set of characteristics that will deﬁne his target market. For in-depth 
information about Meta Audience Network, please see!https://www.facebook.com/
audiencenetwork/.!
h) We use the Meta Pixel (formerly Facebook Pixel) to measure, optimize, and build 
audiences for our advertising campaigns on Meta-owned platforms. This pixel allows us 
to track user actions after they have seen or clicked on a Meta ad, helping us 
understand the effectiveness of our ads and deliver more relevant content. You can 
manage your ad preferences and learn about opting out at!https://www.facebook.com/

settings/?tab=ads. For more information about Meta's data practices, please 
visit:!https://www.facebook.com/privacy/policy/.!
i) We use Microsoft Advertising (Bing Ads) to deliver targeted advertisements and 
measure campaign effectiveness across Microsoft's advertising network. Microsoft may 
collect data about your interactions with our ads to improve targeting and performance. 
You can manage your privacy settings and opt-out of personalized ads at!https://
account.microsoft.com/privacy/ad-settings.!For more information on how Microsoft uses 
this data, please visit Microsoft's Privacy Statement:!https://privacy.microsoft.com/
privacystatement.!!
j) We use Microsoft Clarity to better understand how users interact with our website 
through heatmaps, session recordings, and other analytics features. You can learn more 
about Microsoft Clarity's data collection practices and privacy policies at!https://
clarity.microsoft.com/terms. For Microsoft's general privacy practices, please 
visit!https://privacy.microsoft.com/privacystatement.!!
k) We use the LinkedIn Insight Tag to track conversions, retarget website visitors, and 
unlock additional insights about members interacting with our LinkedIn ads. This helps 
us measure the performance of our campaigns and understand our audience better. For 
more information about LinkedIn's privacy practices, please visit:!https://
www.linkedin.com/legal/privacy-policy.!!
l) We use the Reddit Pixel to track user actions on our website after they have 
interacted with our ads on Reddit. This helps us measure the effectiveness of our 
advertising campaigns, optimize ad delivery, and build custom audiences for future 
campaigns. For more information about Reddit's privacy practices, please visit:!https://
www.reddit.com/policies/privacy-policy.!!
m) We use Qonversion Platform for managing in-app subscriptions, purchases, and 
related analytics within our iOS applications. For more information on Qonversion's 
privacy practices, please visit their Privacy Policy:!https://qonversion.io/privacy-policy. !
n) We use A4G to manage mobile ad sources in our Android and iOS app by providing 
full suite of video, rich media, interstitial & native ad formats. For more information on 
the privacy practices of A4G, please visit:!https://a4g.com/privacy.!
o) We use Trustpilot – a trusted user review platform – to assure our users that they can 
shop with conﬁdence. For more information, please visit Trustpilot’s Privacy Policy 
at!https://legal.trustpilot.com/for-reviewers/end-user-privacy-terms!
9.4 Service Providers of Payments. Our Service is provided not only for free but also 
against monetary consideration. In the latter case, we use payment/ banking service 
providers who adhere to the standards set by PCI-DSS as managed by the PCI Security 

Standards Council, which is a joint effort of brands like Visa, Mastercard, American 
Express, and Discover. PCI-DSS requirements help ensure the secure handling of 
payment information. Once collected by us, your credit or debit card number is provided 
directly to our third-party payment service providers whose use of your Personal Data is 
governed by their Privacy Policies. They are as follows:
a) Microsoft Store at!https://www.microsoft.com/privacy/privacystatement
b) Huawei App Gallery at!https://appgallery.huawei.com/
c) Apple Store In-App Payments at!https://www.apple.com/legal/privacy
d) Google Play In-App Payments at!https://www.google.com/policies/privacy/
e) Stripe at!https://stripe.com/privacy
f) PayPal at!https://www.paypal.com/webapps/mpp/ua/privacy-full
9.5 Others:
a) Behavioral Remarketing used by us to advertise on third party websites to you after 
you visited our Service. We and our third-party vendors use cookies to inform, optimize 
and serve ads based on your past visits to our Service. You can prevent the Service 
Providers engaged in behavioral advertising, which collect data about your online 
browsing activities and use it to show you targeted ads by submitting opt-outs. Opting-
out will only prevent targeted ads, so you may continue to see generic (non-targeted) 
ads. You may opt out to behaviorally targeted ads anytime by deleting your browser’s 
cookies.
b) “Do Not Track” Signals. We do not support Do Not Track (“DNT”). DNT is a 
preference you can set in your web browser to inform websites that you do not want to 
be tracked. You can enable or disable it by visiting the Preferences or Settings page of 
your web browser.
c) Conversion Tracking. We use Facebook Pixel for conversion tracking, which is the 
measurement of media performance with reference to campaign key performance 
indicators (KPIs). For more information, please visit this link:!https://www.facebook.com/
business/learn/facebook-ads-pixel.
d) Sentry.io is used in our Windows apps for error and performance monitoring to help 
us diagnose, ﬁx, and optimize our applications. For more information, please visit this 
link:!https://sentry.io/privacy/.
e) http://mconverter.eu is used in our apps and websites as a ﬁle conversion service 
provider. To learn more about their user privacy policy, please visit this link:!https://
mconverter.eu/#privacy.

f) https://www.zamzar.com/ is used in our apps and websites as a ﬁle conversion

service provider. To learn more about their user privacy policy, please visit this

link:!https://developers.zamzar.com/privacy.

g) https://www.convertapi.com/ is used in our apps as a provider of ﬁle conversion-

related services. To learn more about their user privacy policy, please visit this

link:!https://www.convertapi.com/compliance.

h) http://cloudconvert.com/ is used in our apps as a provider of ﬁle conversion-related

services. To learn more about their user privacy policy, please visit this link:!https://

cloudconvert.com/privacy.

i) AI Service Providers We use third-party AI services to power certain intelligent

features in our products. In particular, we employ:

•

OpenAI!-!https://openai.com

•

Microsoft Azure AI!-!AI Services | Microsoft Azure

•

Google Cloud Vertex AI!-!Vertex AI Platform

These providers may process your inputs (text, images, metadata and other Non-

personal information) in order to deliver, improve and secure the AI-powered

functionality you access. They act as independent data controllers or processors and

handle your data in accordance with their own privacy policies. No personal data

beyond what you submit (and associated metadata) is retained by us for these AI

services except as described under Section VI (Retention Period).

X. Links to other websites

Our Service may contain links to other websites that are not operated by us. If you click

on a third-party`s link, you will be directed to that third party’s website. We strongly

advise you to review the Privacy Policy of every site you visit. We have no control over

and assume no responsibility for the content, privacy policies or practices of any third-

party websites or services.

XI. Account

11.1 Some of our Services may require that you create an account with us (“Account“).

When you create a personal Account, you will be asked to provide certain Personal

Data and we will assign a unique ID number to identify your Account and the associated

information. Thus, you become an Account Holder. Signing into your Account enables

personalization, consistent experiences across products and devices, permits you to

use cloud data storage, allows you to make payments using payment methods stored in

your Account, and enables other features such as chats, ﬁle sharing and others. We

may use the Personal Data provided therein for the purposes as enumerated in item 5.1

above, including but not limited to contact you via email messages regarding your

Account and maintenance related issues, newsletters, as well as marketing or

promotional information that may be of your interest. You may object/ opt out of

receiving any or all these marketing communications from us by following the

unsubscribe link or instructions provided in any email we send or by contacting us using

the details provided herein.

11.2 Once created, the use of your Account is at your own risk. Please do not buy, sell,

transfer, rent, and/ or lease your Account and/ or password to anyone. We will not take

any responsibility for the use of your Account by others that is caused by your actions or

negligent password keeping.

11.3 Please keep your Personal Data accurate and up to date. Whenever made

possible, you can also update your Personal Data directly within your Account settings.

If you are unable to do this by yourself, please contact us to make the necessary

changes.

11.4 You can also close your Account. When you close your Account, we begin deleting

certain Personal Data and Information that we no longer have a business reason to

retain. However, we typically retain Personal Data related to our contracts and business

transactions for ﬁve years after your last interaction with us or upon the contract

expiration. Please be advised that in this case you will lose your Account`s preferences,

synchronized settings on different devices and any data stored in ZenLingo and Chats.

We cannot restore any of these once your Account is closed. For more information on

this topic please check our Terms of Use.

XII. Security of data

12.1 The Data Controller undertakes to apply appropriate technical and organizational

measures to ensure an appropriate level of security of your Personal Data. In assessing

the appropriate level of security, account shall be taken of the risks associated with the

Processing, and in particular the risks of accidental or unlawful destruction, loss,

alteration, unauthorized disclosure, or access.

12.2 With regard to automated processing, the Data Controller is applying measures

aiming at:

12.2.1 control over access to equipment – to deny unauthorized persons access to the

equipment used for Personal Data Processing

12.2.2 control of data carriers – to prevent reading, copying, modiﬁcation or removal of

data carriers by unauthorized persons

12.2.3 control over storage – to prevent the entry of Personal Data by unauthorized

persons, as well as the performance of checks, modiﬁcation, or deletion of stored

Personal Data by unauthorized persons

12.2.4 consumer control – to prevent the use of automated processing systems by

unauthorized persons through the use of data transmission equipment

12.2.5 control over access to data – to ensure that persons who are allowed to use an

automated processing system have access only to the Personal Data covered by their

access authorization

12.2.6 control over communication – to ensure the possibility of veriﬁcation and

establishment of which persons have been or may be transferred Personal Data, or

which persons have access to Personal Data through data transmission equipment

12.2.7 control over data entry – to ensure the possibility for subsequent veriﬁcation and

establishment of what Personal Data have been entered into the automated processing

systems, as well as when and by whom they were entered

12.2.8 control over the transfer – to prevent the reading, copying, modiﬁcation or

deletion of Personal Data by unauthorized persons during the transfer of Personal Data

or during the transfer of data carriers

12.2.9 recovery – to ensure the possibility of recovery of the installed systems in case of

failure of the functions of the systems

12.2.10 reliability – to ensure the implementation of the functions of the system and the

reporting of defects in the functions

12.2.11 integrity – to ensure that the stored personal data is not damaged due to

improper functioning of the system.

12.3 Through measures under the previous point, the Data Controller is aiming to

ensure the protection of Personal Data at the design stage, considering the

achievements of technical progress, implementation costs and the nature, scope,

context, and objectives of Personal Data Processing, as well as risks to the rights and

freedoms of individuals.

12.4 We follow generally accepted standards to protect the Personal Data submitted to

us during Processing including HTTPS. However, no method of transmission over the

Internet, or method of electronic storage, is 100% secure. Therefore, we do not

guarantee the Personal Data absolute security.

XIII. Your rights as data subject. General standards

The Data Controller respects your privacy no matter where your habitual residence is.

We hereby provide you with the right to request access, correction, completion, update,

and/ or erasure of your Personal Data. We will aim to address all you request,

complaints and/ or worries within reasonable time as of their receipt by being compliant

with our high standards for Personal Data protection and the applicable legislation.

XIV. Your rights as data subject in case you have habitual residence in EU. GDPR

compliance

14.1 Although the main establishment of the Data Controller is in California (USA), this

(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the

protection of natural persons regarding the processing of personal data and on the free

movement of such data (“GDPR“). In addition, we have implemented processes in place

to support Users having habitual residence in EU to receive information how their

Personal Data is processed and how to exercise their rights, which are as follows:

14.1.1 Right of access: you have the right to obtain from the Data Controller

conﬁrmation as to whether or not Personal Data concerning you are being processed,

and, where that is the case, access to the Personal Data and the following information:

(a) the purposes of the Processing; (b) the categories of Personal Data concerned; (c)

the Recipients or categories of Recipient to whom the Personal Data have been or will

be disclosed, in particular Recipients in third countries or international organizations; (d)

where possible, the envisaged period for which the Personal Data will be stored, or, if

not possible, the criteria used to determine that period; (e) the existence of the right to

request from the Data Controller rectiﬁcation or erasure of Personal Data or restriction

of Processing of Personal Data concerning you or to object to such Processing when it

is marketing purposes; (f) the right to lodge a complaint with a supervisory authority; (g)

where the Personal Data are not collected from you, any available information as to

their source; (h) the existence of automated decision-making, including proﬁling or at

least in those cases, meaningful information about the logic involved, as well as the

signiﬁcance and the envisaged consequences of such Processing for you and (i) other

processing-relevant information.

14.1.2 Right to rectiﬁcation: you shall have the right to obtain from the Data Controller

without undue delay the rectiﬁcation of inaccurate Personal Data concerning you – right

to have incomplete Personal Data completed, including by means of providing a

supplementary statement.

14.1.3 Right to erasure (“to be forgotten”): you have the right to request the Data

Controller to delete without undue delay the Personal Data that concern you, when they

are no longer needed for the purposes for which they were collected and/ or processed;

when you withdraw your consent, on which their processing is based and there is no

other legal basis for it; when you object to their Processing for the purposes of direct

marketing and there are no legitimate grounds for processing to take precedence; when

your Personal Data is processed in violation of the principles outlined above; when it

must be deleted in order to comply with a legal obligation for the Data Controller or the

Personal Data have been collected in relation to the offer of information society

services. This right shall not apply to the extent that Processing is necessary: (a) for

exercising the right of freedom of expression and information; (b) for compliance with a

legal obligation to which the Data Controller is subject or for the performance of a task

carried out in the public interest or in the exercise of ofﬁcial authority vested in the Data

Controller; (c) for reasons of public interest in the area of public health; (d) for archiving

purposes in the public interest, scientiﬁc or historical research purposes or statistical

purposes in so far as the right is likely to render impossible or seriously impair the

achievement of the objectives of that Processing; or (e) for the establishment, exercise

or defense of legal claims.

14.1.4 Right to restriction of Processing: the Data Controller restricts the processing of

Personal Data without deleting them when: (i) the accuracy of the Personal Data is

disputed by you as a Data Subject and this cannot be veriﬁed, or (ii) Personal Data

must be kept for evidentiary purposes.

14.1.5 Right to data portability: you have the right to receive the Personal Data

concerning you, in a structured, commonly used, and machine-readable format and

have the right to transmit those data to another controller without hindrance from the

Data Controller to which the Personal Data have been provided, when the Processing is

based on a contractual obligation and is performed in an automated manner. This right

of yours cannot adversely affect the rights and freedoms of others.

14.1.6 Right of objection: If you have consented to the Processing of your Personal

Data for the purposes of direct marketing, you have the right to object to this Processing

at any time, including when it involves proﬁling. In any such case, the Processing of

your Personal Data for the purposes of direct marketing is suspended.

14.1.7 In addition you have the right not to be the subject of a decision based solely on

automated processing, including proﬁling, which has legal consequences for you and

affects you signiﬁcantly. In case you exercise this right, the Data Controller is obliged to

apply appropriate measures to protect your rights, freedoms, and legitimate interests,

ensuring human intervention and giving you the right to express your point of view and

challenge its decision.

14.2 As a Data Subject, you may exercise the rights above by submitting a written

application to the Data Controller. The application can be submitted by mail (at the

address of the Data Controller or by e-mail). The application must contain: (i) name,

surname, habitual residence, IP address (if applicable); (ii) a description of the request;

(iii) a preferred form of obtaining information in the exercise of rights; (iv) signature, date

of ﬁling of the application. When the Data Controller has reasonable concerns, it may

request additional information needed to verify your identity. The Data Controller

satisﬁes your requests completely free of charge within (1) month of receipt. The period

may be extended by two (2) months when this is necessary due to the complexity or

number of requests. Where requests from a Data Subject are manifestly unreasonable

or excessive, in particular because of their recurrence, the Data Controller may: (i)

charge a fee commensurate with the administrative costs of providing the information or

correspondence, or of acting on the request, or (ii) refuse to act on the request. Each

time the Data Controller refuses to accept an application submitted by you for the

exercise of the rights above, you will receive a written refusal, as well as the reasons for

it. In these and other cases, the Data Controller will also inform you of your right to

appeal or seek a court redress.

14.3 A register that contains information on submissions, considerations, and responses

to all Data Subjects` requests will be kept by the Data Controller.

14.4 In case of the Personal Data breach, and provided that, it is likely to result in a high

risk to your rights and freedoms, we will notify you thereof without undue delay and

describe in clear and plain language the nature of the Personal Data breach, the likely

consequences of it and the measures taken or proposed to be taken by us to address it,

including, where appropriate, measures to mitigate its possible adverse effects. In some

cases the communication shall not be required, especially when: (i) we have

implemented appropriate technical and organizational protection measures, and those

measures were applied to the Personal Data affected by the Personal Data breach,

such as encryption; (ii) we have taken subsequent measures which ensure that the high

risk to your rights and freedoms is no longer likely to materialize; (iii) it would involve

disproportionate effort, in which case, you will be informed in an equally effective

manner like via a public communication or other.

14.5 In case of a violation of your rights under GDPR you have the right to refer to the

competent supervisory authority at your habitual place of residence within six (6)

months as of the violation discovery, but not later than two (2) years from its occurrence.

You have an additional opportunity to ﬁle a claim against us before the competent court.

In this proceeding you can seek compensation for the damages suffered by you as a

result of illegal Processing of your Personal Data.

XV. Your rights as data subject in case you are a California resident. CCPA

compliance

15.1 WE DO NOT SELL OR RENT ANY COLLECTED PERSONAL DATA AND

INFORMATION WITH ANY THIRD PARTY. However, while providing you with the

Service, we may share some personal information about you with third parties with

which the Data Controller develops joint programs or uses as Service Providers. Such

information sharing may be considered a “sale” under the California Consumer Privacy

Act of 2018, as amended (“CCPA“).

15.2 The CCPA deﬁnes Personal Information as information that identiﬁes, relates to,

describes, is reasonably capable of being associated with, or could reasonably be

linked, directly or indirectly, with a particular consumer or household, inter alia, (i)

identifying information, such as real name, postal address, unique personal identiﬁer, IP

address, email address, account name, social security number, passport number,

driver’s license number, or other similar identiﬁers; (ii) commercial information, including

records of personal property, products, or services purchased; purchases considered; or

other purchasing histories; (iii) browsing history, search history, and information

regarding a consumer’s interaction with a website or advertisement; (iv) geolocation

data; (v) education information; (vi) inferences drawn from this information, such as

personal characteristics, predispositions, intelligence, aptitude, etc. Therefore, if you are

a California resident and a User of our Service, please be advised of the additional

rights for California consumers, which are summarized below.

15.2.1 Right of access: you have the right to request (and receive) disclosure from us

regarding: (i) speciﬁc pieces of Personal Information collected about you; (ii) categories

of Personal Information collected; (iii) categories of the sources from which the

information was collected; (iv) categories of Personal Information that we share or

disclosed for a business purpose; (v) categories of third parties with whom the Personal

Information was shared or disclosed; and (vi) the business or commercial purpose for

collecting or sharing Personal Information. This disclosure is limited to information

collected, sold, or disclosed in the past 12 months and does not cover sensitive

information like consumer’s social security number, driver’s license number, account

password or ﬁnancial account numbers. In addition, we are not required to search for

Personal Information if we: (i) do not maintain the Personal Information in a searchable

or reasonably accessible format; (ii) maintain the Personal Information solely for legal or

compliance purposes; (iii) do not sell the Personal Information and do not use it for any

commercial purpose; and (iv) describe to you the categories of records that may contain

Personal Information that we did not search because it meets the three conditions

stated above.

15.2.2 Right to request deletion: you also have a right to request your Personal

Information to be deleted. In this case, we will: (i) permanently and completely erase

your Personal Information on existing systems and direct our partners and/ or Service

Providers to do so, provided that, no exceptions are in place, or de-identifying the

information or otherwise modifying it to make it unreadable or undecipherable through

any means, and notify you that your Personal Information have been backed up or

archived and will be deleted when those systems are next accessed. Neither we, nor

our Service Providers are required to comply with your deletion request, if the Personal

Information is necessary to: (i) complete a transaction for which the Personal

Information was collected, provide a good or service requested by you, or otherwise

perform a contract between us and you; (ii) detect security incidents, protect against

malicious, deceptive, fraudulent, or illegal activity (or prosecute those responsible); (iii)

debug to identify and repair errors that impair existing intended functionality; (iv)

exercise or ensure the right of another to exercise free speech or another legal right; (v)

comply with a legal obligation; or (vi) otherwise use the information internally in a lawful

manner compatible with the context in which you have provided it.

15.2.3 Right to opt-out of the sale of personal information. CCPA Regulations require us

to treat your user-enabled global privacy controls, such as a browser plug-in or privacy

setting, device setting, or other mechanism, that communicate or signal your choice to

opt-out of the sale of your Personal Information as valid opt-out requests. We must

comply with it as soon as feasibly possible, but at least within 15 days from receiving

the request. Please be advised that in practice the following scenarios involving

transfers of Personal Information between entities are potentially excluded from the

scope of a “sale”: (i) the linking, at the consumer’s request, of one online account to

another; (ii) sharing a particular device identiﬁer with vendors to give effect to a

consumer’s opt-out request; (iii) standard relationships with third party vendors or

service providers who process data, provided appropriate contractual restrictions are in

place; or transfers of data on a merger, acquisition or insolvency event.

15.2.4 Right to opt-out of receiving electronic communications from us. If you no longer

want to receive marketing-related emails from us, you may opt-out via the unsubscribe

link included in such emails. We will try to comply with your request(s) as soon as

reasonably practicable. Please note that if you opt-out of receiving marketing-related

emails from us, we may still send you other messages in connection with providing our

Service.

15.3 Upon verifying your identity, we will notify you that your request has been received

and is being processed. We will respond within 45 days after veriﬁcation to any of your

access requests and deletion requests. The 45-day response time can be extended but

only with appropriate notice and explanation. The Data Controller maintains records of

your requests.

15.4 To meet CCPA requirements under item 15.2.3, provide links to the relevant opt out

methods of our Service Providers as per item 9.3 above.

15.5 Non-discrimination: the CCPA provides that you may not be discriminated against

for exercising the above rights. You can also designate an authorized agent to exercise

these rights on your behalf. We may require that you provide the authorized agent with

written permission to act on your behalf and that the authorized agent verify their

identity directly with us.

15.6 In addition to the above, we comply with the requirements of the Privacy Rights for

California Minors in the Digital World Act (“the Eraser Law”) as far as it is applicable to

our Service. This law provides additional protections to individuals under the age of 18

in California, including a right to be forgotten, which enable minors to remove their own

posts (but not republications of their posts or posts about them by others). The Eraser

Law also prohibits companies who operate websites or online services directed at

minors from using the minor’s personal information to market or advertise certain

enumerated products and services deemed potentially harmful for them.

15.7 Data Breach Notiﬁcation under Cal. Civ. Code §§1798.29, 1798.82 and 1798.84.

We will notify you in due time of any unauthorized acquisition of unencrypted

computerized data that contains your Personal Information. This is in addition to any

other speciﬁc notiﬁcation obligations for data breaches contained in other statutes.

XVI. Your rights as data subject in case you are a Virginia resident. VCDPA

compliance

The Virginia Consumer Data Protection Act (the “VCDPA”) takes effect on January 1,

2023, and affects companies and organizations that do business in Virginia or that

deliver products or services to residents of Virginia. The VCDPA requires companies

and organizations to adhere to several duties when processing consumers data. In a

nutshell, what the VCDPA requires from companies and organizations to do is to

discover what personal data is processed, map out how and to whom they share

personal data, and manage how personal data is stored, as well as protect personal

data from breaches and abuse. By being in compliance with the GDPR and the

California’s CCPA/CPRA, ZENLINGO LLC also complies with the VCDPA and commits

to address all requests of consumers from Virginia within 45 days as of their receipt.

XVII. Amendments and supplements

We may update this Privacy Policy from time to time. The updated version of this

and all amendments and/ or supplements will become effective when posted.

Please do not hesitate to contact our Data Protection Ofﬁcer (DPO) Mr. Georgi

Bahtchevanov at!privacy@zenlingo.com!in case you need assistance or

clariﬁcation, want to exercise your legal rights, or ﬁle a complaint.