ZINGTHIS LEGACYLOOP
DATA HANDLING & CONTACT FORM POLICY
Effective Date: April 20, 2025
Last Updated: February 27, 2026
Applies to: app.zingthis.com, zingthis.com, and all associated subdomains and services
1. Introduction and Purpose
This Data Handling & Contact Form Policy (“Policy”) describes how ZingThis, LLC (“ZingThis,” “we,” “us,” or “our”) collects, processes, stores, protects, and disposes of personal data submitted through contact forms, membership registration forms, and all other data intake points across the ZingThis LegacyLoop platform (app.zingthis.com) and the ZingThis website (zingthis.com).
This Policy is designed to meet the requirements of the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the General Data Protection Regulation (GDPR), applicable U.S. state privacy laws including those in Virginia, Colorado, Connecticut, Indiana, Kentucky, and Rhode Island, and best practices recommended by the American Bar Association (ABA), LegalZoom, and leading data compliance frameworks.
This Policy works in conjunction with our Privacy Policy, Cookie Policy, Terms of Service, and Terms of Use. In the event of conflict, the Privacy Policy governs.
2. Data We Collect and Why
2.1 Contact Form Submissions (zingthis.com)
When you submit a contact form on zingthis.com or zingthis.com/contact-us/, we collect the following personal data:
| Data Collected | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Full name | To address you personally in our response | Legitimate interest / consent | 2 years |
| Email address | To respond to your inquiry | Legitimate interest / consent | 2 years |
| Phone number (if provided) | To contact you if needed for support | Consent | 2 years |
| Message content | To understand and respond to your inquiry | Legitimate interest / consent | 2 years |
| IP address (automatic) | Spam prevention and security | Legitimate interest | 90 days |
| Submission timestamp | Record keeping and anti-fraud | Legitimate interest | 2 years |
Contact form submissions are delivered via Resend (our transactional email provider) and may be stored in our email inbox and/or Supabase database. We do not add contact form submitters to marketing lists without explicit consent.
2.2 Membership Registration Form (app.zingthis.com)
When you register for a LegacyLoop membership, we collect:
| Data Collected | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Full name | Account creation and identity verification | Contract performance | Duration of membership + 3 years |
| Email address | Account authentication, notifications, payout communications | Contract performance | Duration of membership + 3 years |
| Password (encrypted) | Secure account access | Contract performance | Duration of membership |
| Membership tier selection | Billing and feature access | Contract performance | Duration of membership + 3 years |
| Profile information (bio, photo URL, social links) | Creator profile display within Circles | Consent | Duration of membership |
| IP address at registration | Fraud prevention, hCaptcha verification | Legitimate interest | 90 days |
2.3 Payment and Financial Data
| Data Collected | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Billing name and email | Payment processing and receipt delivery | Contract performance | 7 years (tax/legal compliance) |
| Payment method (last 4 digits only) | Subscription management and billing reference | Contract performance | Duration of subscription |
| Bank account data (Stripe Connect) | Payout processing for Circle Hosts and referral bonuses | Contract performance | Stored by Stripe; not stored by ZingThis |
| Transaction history | Earnings tracking, payout hold verification, tax reporting | Legal obligation | 7 years |
ZingThis does not store complete credit card numbers or full bank account numbers. All sensitive financial data is processed and stored by Stripe, Inc. in accordance with PCI DSS Level 1 standards, the highest level of payment security certification available.
2.4 Platform Activity Data
| Data Collected | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Content submissions (post URLs, descriptions) | Spotlight system and Circle discovery features | Contract performance / consent | Duration of membership |
| Circle membership and hosting data | Revenue share calculations and payout processing | Contract performance | Duration of membership + 3 years |
| Referral tracking data (?ref= cookie) | Referral bonus attribution and payment | Legitimate interest / consent | 30 days (cookie) / 3 years (payout record) |
| Mentorship documentation logs | Verification of $10 monthly Mentorship & Service Fee eligibility | Contract performance | Duration of eligibility + 2 years |
| Login timestamps and session data | Security, fraud detection, and platform analytics | Legitimate interest | 90 days |
3. How We Process and Store Data
3.1 Data Infrastructure
ZingThis LegacyLoop uses the following infrastructure to store and process personal data:
- Supabase — primary database and authentication provider. Member account data, Circle data, referral records, and platform activity logs are stored in Supabase’s PostgreSQL database hosted on secure cloud infrastructure. Supabase uses encryption at rest and in transit.
- Stripe — payment processing. Subscription billing, Stripe Connect payouts, and transaction history are managed by Stripe. Financial data is stored by Stripe and subject to PCI DSS standards.
- Resend — transactional email delivery. Email addresses and email content are processed by Resend solely for the purpose of delivering platform notifications, confirmations, and payout alerts.
- hCaptcha — bot protection. IP addresses and behavioral interaction data are processed by Intuition Machines, Inc. on login and registration pages.
- Browser Local Storage — non-sensitive session preferences and daily visit counts are stored locally on your device and are not transmitted to our servers.
3.2 Data Minimization
We collect only the minimum personal data necessary to provide our Services. We do not collect sensitive personal information such as Social Security numbers, government-issued ID numbers, health data, racial or ethnic origin, religious beliefs, or biometric data unless explicitly required by law or provided voluntarily by you.
3.3 Data Accuracy
We take reasonable steps to ensure that personal data we hold is accurate and kept up to date. You can update your profile information at any time through your account settings at app.zingthis.com. For other data corrections, contact us at info@zingthis.com.
3.4 Data Security
We implement the following technical and organizational security measures to protect your personal data:
- Encryption of data in transit using TLS/HTTPS on all platform endpoints
- Encryption of data at rest in our Supabase database
- Secure password hashing — passwords are never stored in plain text
- hCaptcha bot protection on all authentication pages
- Row-level security (RLS) policies in Supabase limiting data access to authorized users only
- PCI DSS Level 1 compliant payment processing through Stripe
- Access controls limiting internal access to personal data on a need-to-know basis
- Regular review of third-party service provider security practices
Despite these measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security of your personal data. In the event of a data breach that may affect your personal data, we will notify you and relevant authorities as required by applicable law.
3.5 Data Retention Schedule
We retain personal data only as long as necessary for the purposes described in this Policy. Our general retention schedule is:
- Active member account data — retained for the duration of your membership
- Closed account data — retained for 3 years after account closure for legal, tax, and dispute resolution purposes, then securely deleted or anonymized
- Financial and transaction records — retained for 7 years to comply with U.S. tax law and financial recordkeeping requirements
- Contact form submissions — retained for 2 years, then deleted
- Security logs (IP addresses, login timestamps) — retained for 90 days
- Referral tracking cookies — 30 days or until account creation
- Backup data — backups may be retained for up to 90 days before being permanently deleted
4. Contact Form Specific Provisions
4.1 How Contact Form Data Is Used
Personal data submitted through our contact forms is used exclusively for:
- Responding to your inquiry, question, or support request
- Following up on unresolved issues
- Maintaining a record of communications for dispute resolution
- Fraud and abuse prevention
We do not use contact form submissions to add you to marketing email lists, share your information with advertisers, or contact you for purposes unrelated to your original inquiry without your explicit consent.
4.2 Response Timeframe
We aim to respond to all contact form inquiries within 2–3 business days during business hours (Monday – Friday, 9:00 AM – 5:00 PM EST). For privacy-related requests including data access, deletion, or correction requests, we will respond within the timeframe required by applicable law (generally 30–45 days).
4.3 Consent at Point of Collection
By submitting a contact form on our website, you consent to ZingThis collecting and processing the personal data you provide for the purpose of responding to your inquiry. You are not required to provide more information than is necessary to address your request. Optional fields (such as phone number) are collected only if you choose to provide them.
4.4 Marketing Opt-In
If you wish to receive marketing communications from ZingThis — including updates about LegacyLoop, new features, or promotional offers — you must explicitly opt in by checking a clearly labeled consent checkbox on the contact form or registration form. Pre-checked consent boxes are not used. You may unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at info@zingthis.com.
5. Third-Party Data Sharing
We do not sell your personal data. We share personal data with third parties only as described below:
| Third Party | Data Shared | Purpose | Privacy Policy |
|---|---|---|---|
| Stripe, Inc. | Billing email, payment method, bank account (Stripe Connect) | Payment processing and payouts | stripe.com/privacy |
| Supabase, Inc. | Account data, platform activity, authentication tokens | Database and authentication infrastructure | supabase.com/privacy |
| Resend | Email address, email content | Transactional email delivery | resend.com/legal/privacy-policy |
| Intuition Machines (hCaptcha) | IP address, behavioral interaction data | Bot and abuse protection | hcaptcha.com/privacy |
| Google LLC | Font loading requests (limited) | Typography delivery via Google Fonts | policies.google.com/privacy |
All third-party service providers are required to process your data only for the purposes described above and in accordance with applicable privacy laws. We do not permit our service providers to use your data for their own marketing or commercial purposes.
6. Your Data Rights
Depending on your location, you have the following rights regarding your personal data:
6.1 Right to Access
You have the right to request a copy of the personal data we hold about you, including data submitted through contact forms and your member account.
6.2 Right to Correction
You have the right to request that we correct inaccurate or incomplete personal data we hold about you. For account data, you can update most information directly in your account settings at app.zingthis.com.
6.3 Right to Deletion
You have the right to request that we delete your personal data, subject to exceptions for legal obligations, financial recordkeeping requirements, and fraud prevention. Note that deleting your account will not result in immediate deletion of financial transaction records, which are retained for 7 years as required by law.
6.4 Right to Data Portability
You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format.
6.5 Right to Object or Restrict Processing
You have the right to object to or request restriction of processing of your personal data, particularly where processing is based on legitimate interest.
6.6 Right to Opt Out of Sale or Sharing (CCPA)
ZingThis does not sell your personal data. If you believe your personal data is being shared in a manner that constitutes a “sale” under CCPA, you have the right to opt out. To exercise this right, email us at info@zingthis.com with the subject line “Do Not Sell or Share My Personal Information.”
6.7 How to Submit a Data Rights Request
To exercise any of the rights described above, please contact us by:
- Email: info@zingthis.com (cc: zingrally@gmail.com)
- Web: https://zingthis.com/contact-us/
- Phone: 202-681-2778
We will respond within the timeframe required by applicable law — generally within 30 days for CCPA requests and within 30 days (extendable to 60 days with notice) for GDPR requests. We may need to verify your identity before processing your request. You will not be discriminated against for exercising any of your data rights.
7. Children’s Data
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 through contact forms, registration forms, or any other means. If we become aware that we have inadvertently collected personal data from a minor, we will delete that data immediately and terminate any associated account. If you believe a minor has submitted personal data through our platform, please contact us at info@zingthis.com.
8. International Data Transfers
Your personal data may be processed in countries other than your country of residence, including the United States, where our primary service providers (Supabase, Stripe, Resend) operate. These countries may have different data protection laws than your own. Where we transfer personal data internationally, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission and equivalent protections for UK and Swiss data transfers. For more information about our international transfer safeguards, contact us at info@zingthis.com.
9. Data Breach Response
In the event of a data breach that may affect your personal data, we will:
- Notify affected individuals without undue delay and within the timeframe required by applicable law (72 hours under GDPR; as required under applicable U.S. state laws)
- Notify relevant supervisory authorities as required by law
- Provide clear information about the nature of the breach, the data affected, and the steps we are taking to address it
- Take immediate steps to contain and remediate the breach
We maintain documented incident response procedures and conduct periodic security reviews to minimize the risk of data breaches.
10. Changes to This Policy
We may update this Data Handling & Contact Form Policy from time to time to reflect changes in our data practices, platform features, or legal requirements. When we make material changes, we will update the effective date at the top of this page and notify you by email or through the platform where appropriate. Your continued use of our Services after any changes constitutes acceptance of the updated Policy.
We recommend reviewing this Policy periodically along with our Privacy Policy to stay informed about how we handle your personal data.
11. Contact Us
If you have any questions, concerns, or requests regarding this Data Handling & Contact Form Policy or how we process your personal data, please contact us at:
- Email: info@zingthis.com (cc: zingrally@gmail.com)
- Phone: 202-681-2778
- Web: https://zingthis.com/contact-us/
- Platform: app.zingthis.com
- Data Protection Officer: info@zingthis.com
- Business Hours: Monday – Friday, 9:00 AM – 5:00 PM EST