ZORRZTM Privacy Policy

Last Updated: February 24, 2026  |  Effective Date: February 24, 2026
Contents

1. Introduction

ZORRZ Financial Inc. ("ZORRZTM," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at www.zorrz.com, use the ZORRZTM mobile application, or use any of our products and services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.

2. Who We Are

ZORRZTM Financial Inc. is a Delaware C-Corporation (Entity ID: 10501789, formed February 6, 2026), classified under NAICS Code 522291 (Consumer Lending). We operate the ZORRZ secured credit card platform and the BLUE autonomous financial coaching service.

Our registered address is 254 Chapman Rd, Ste 208 #26795, Newark, Delaware 19702.

Our secured credit card is issued by our bank sponsor partner, a federally regulated financial institution, in accordance with applicable federal and state banking regulations. References to "ZORRZ card" or "ZORRZ secured card" in this policy refer to the card product issued by our bank sponsor partner and distributed through the ZORRZTM platform.

Contact: ZORRZ Financial Inc.  |  Email: privacy@zorrz.com  |  General: contact@zorrz.com

3. Information We Collect

We collect the following categories of personal information:

Category Examples
Identifiers Full name, date of birth, email address, phone number, mailing address, Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN), government-issued ID number
Financial Information Bank account numbers, payment card details, transaction history, account balances, credit information, income information
Commercial Information Records of products or services purchased or considered, spending patterns, rewards and loyalty data
Internet/Electronic Activity IP address, browser type and version, device identifiers, operating system, browsing history on our Services, interaction with our app or website, referral URLs
Geolocation Data Approximate location derived from IP address; precise location only with your explicit consent
Audio/Visual Information Photographs of government-issued ID (for identity verification), customer service call recordings (where permitted by law)
Professional/Employment Information Employer name, occupation, employment status when provided for credit assessment
Inferences Financial health scores, spending patterns, product preferences, credit-building progress generated by our AI coaching system (BLUE)
Sensitive Personal Information SSN/ITIN, government-issued ID, financial account credentials. We collect sensitive personal information only as necessary to provide our Services and in compliance with applicable law.

4. How We Collect Your Information

4.1. Directly from You

When you create an account, apply for a ZORRZ card, complete identity verification (KYC/AML), contact customer support, respond to surveys, or subscribe to communications.

4.2. Automatically

When you use our website or app, we automatically collect certain technical and usage data through cookies, pixels, log files, and similar technologies. See Section 7 (Cookies and Tracking Technologies) for details.

4.3. From Third Parties

We may receive information about you from:

  • Our bank sponsor partner and card network (Mastercard)
  • Identity verification and fraud prevention services
  • Consumer reporting agencies (credit bureaus)
  • Public databases and government records
  • Marketing and analytics partners
  • BNPL service providers (such as Affirm)

5. How We Use Your Information

We use your personal information for the following purposes:

  • Provide and manage our Services — Process your card application, manage your account, process transactions, maintain your collateral deposit, and facilitate credit-building reporting to credit bureaus
  • Identity verification and compliance — Verify your identity as required by federal KYC/AML regulations, the Bank Secrecy Act (BSA), and the USA PATRIOT Act
  • AI financial coaching — Power the BLUE autonomous financial coaching system, generate personalized financial insights, spending analysis, and credit-building recommendations
  • Fraud prevention and security — Detect, investigate, and prevent unauthorized or fraudulent activity on your account
  • Communications — Send you account notifications, transaction alerts, security alerts, and service updates. With your consent, send you marketing and promotional communications
  • Improvement and development — Analyze usage patterns to improve our Services, develop new features, and conduct internal research and analytics
  • Legal compliance — Comply with applicable federal and state laws, regulations, legal processes, and law enforcement requests
  • Marketplace and rewards — Facilitate Mastercard Marketplace offers, cashback, and rewards programs

6. How We Share Your Information

We use your personal information for the following purposes:

Recipient Category Purpose of Sharing
Service Providers We share information with vendors and contractors who perform services on our behalf, including cloud hosting providers, payment processors, identity verification providers, analytics providers, customer support platforms, and communication service providers.
Financial Institutions Information may be shared with banks, card networks, credit bureaus, and other financial partners to provide financial products, process transactions, conduct underwriting, and comply with legal or regulatory obligations.
Government Authorities We may disclose information when required to comply with applicable law, respond to lawful requests, subpoenas, court orders, regulatory inquiries, or to protect our rights and prevent fraud or illegal activity.
Business Transfers In connection with a merger, acquisition, restructuring, sale of assets, or other corporate transaction, personal information may be transferred as part of the business assets.
Affiliates We may share information with affiliated entities under common ownership or control for operational, administrative, and compliance purposes.
With Your Consent We may share personal information with third parties when you direct us to do so or provide explicit consent.

7. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to collect information about your interaction with our Services. These include:

Type of Technology Purpose
Essential Cookies Required for core functionality of our Services, including account authentication, security, fraud prevention, and session management. These cannot be disabled without affecting site performance.
Performance and Analytics Cookies Help us understand how users interact with our website and app, measure traffic, analyze behavior patterns, and improve overall performance.
Functional Cookies Enable enhanced functionality such as remembering user preferences, saved settings, and personalized features.
Advertising and Marketing Cookies Used to deliver relevant advertisements, measure campaign effectiveness, and prevent repetitive ad exposure across platforms.
Tracking Technologies May include web beacons, pixels, tags, and similar technologies that help us monitor engagement, measure campaign performance, and improve user experience.

Your choices: You can manage cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. You may also opt out of interest-based advertising through the Digital Advertising Alliance at optout.aboutads.info or the Network Advertising Initiative at optout.networkadvertising.org.

Do Not Track: Some browsers transmit "Do Not Track" (DNT) signals. There is no industry-wide standard for DNT. We currently do not respond to DNT signals but will update this policy if a uniform standard is adopted. For California residents, see Section 11 regarding the Global Privacy Control signal.

8. Data Security

We implement commercially reasonable technical, administrative, and physical safeguards to protect your personal information from unauthorized access, use, alteration, and disclosure. These measures include:

  • Encryption of sensitive data in transit (TLS/SSL) and at rest
  • Multi-factor authentication for account access
  • Role-based access controls limiting internal access to personal data
  • Regular security assessments and vulnerability testing
  • Employee training on data protection and security practices
  • Incident response procedures for potential data breaches

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you in accordance with applicable law.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

  • Active accounts: For the duration of your account relationship with us plus a reasonable period afterward
  • Regulatory requirements: As required by the Bank Secrecy Act, USA PATRIOT Act, IRS regulations, and applicable state laws (typically 5–7 years for financial records)
  • Legal claims: As needed to establish, exercise, or defend legal claims (typically aligned with applicable statutes of limitation)
  • Fraud prevention: As necessary to detect and prevent fraud, which may extend beyond the closure of your account

When personal information is no longer needed, we securely delete or anonymize it.

10. Your Privacy Rights

Depending on your state of residence, you may have some or all of the following rights regarding your personal information:

  • Right to Know / Access: Request what personal information we have collected about you, the categories of sources, the purposes, and the categories of third parties with whom we share it
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions (e.g., regulatory retention requirements, fraud prevention, completing a transaction)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt Out of Sale/Sharing: We do not sell your personal information. If this changes, we will provide a clear opt-out mechanism.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights

How to exercise your rights: Submit a request by emailing privacy@zorrz.com with the subject line "Privacy Rights Request." We will verify your identity before processing your request. We will respond within the timeframe required by applicable law (generally within 45 days).

Authorized agents: You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of written authorization and may still verify your identity directly.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"):

  • Right to Know: You may request, up to twice in a 12-month period, that we disclose the categories and specific pieces of personal information we collected, the sources, the business purposes, and the third parties with whom we shared it
  • Right to Delete: You may request deletion of your personal information, subject to exceptions provided by law
  • Right to Correct: You may request that we correct inaccurate personal information
  • Right to Opt Out of Sale or Sharing: We do not sell your personal information and do not share it for cross-context behavioral advertising. If this practice changes, we will provide a "Do Not Sell or Share My Personal Information" link on our website
  • Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to purposes necessary to provide the Services
  • Right to Non-Discrimination: We will not deny services, charge different prices, or provide a different quality of service because you exercised a privacy right

Global Privacy Control (GPC): We will honor GPC signals sent by your browser as a valid opt-out request under the CCPA/CPRA, where applicable.

Financial Information Exemption: Certain personal information collected, processed, sold, or disclosed pursuant to the Gramm-Leach-Bliley Act (GLBA) is exempt from the CCPA/CPRA. See Section 13 for our GLBA privacy practices.

Shine the Light (California Civil Code § 1798.83): California residents may request information about the categories of personal information we disclosed to third parties for direct marketing purposes during the preceding calendar year. We do not disclose personal information to third parties for their own direct marketing purposes.

12. Additional State Privacy Rights

Residents of the following states have additional privacy rights under their respective state privacy laws. Where applicable, the rights described in Section 10 of this policy satisfy these requirements:

State Your Rights
California California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, access, correct, delete, and opt out of the sale or sharing of personal information, as well as limit the use of sensitive personal information.
Virginia Virginia residents have rights under the Virginia Consumer Data Protection Act (VCDPA), including the right to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising, sale of personal data, or profiling.
Colorado Colorado residents have rights under the Colorado Privacy Act (CPA), including access, correction, deletion, data portability, and the right to opt out of targeted advertising and data sales.
Connecticut Connecticut residents have rights under the Connecticut Data Privacy Act (CTDPA), including rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising and profiling.
Utah Utah residents have rights under the Utah Consumer Privacy Act (UCPA), including rights to access and delete personal data and opt out of the sale of personal data.

Appeals: If we decline your privacy request, you may appeal our decision by emailing privacy@zorrz.com with the subject line "Privacy Appeal." We will respond to your appeal within the timeframe required by your state's law. If you are not satisfied with our response, you may contact your state's Attorney General.

13. Financial Privacy (Gramm-Leach-Bliley Act)

As a financial services company, certain personal information we collect is subject to the Gramm-Leach-Bliley Act ("GLBA") and its implementing regulations, including Regulation P. This section provides additional information about our financial privacy practices.

13.1. Categories of Nonpublic Personal Information (NPI) We Collect

  • Information you provide on applications (e.g., name, address, SSN, income)
  • Information about your transactions with us (e.g., account balances, transaction history, payment history)
  • Information we receive from consumer reporting agencies (e.g., credit history)

13.2. How We Protect Your NPI

We restrict access to your nonpublic personal information to those employees and service providers who need it to provide or support our Services. We maintain physical, electronic, and procedural safeguards that comply with applicable federal and state standards.

13.3. Sharing of NPI

We may share your nonpublic personal information as permitted or required by law, including with:

  • Our bank sponsor partner, for card issuance and regulatory compliance
  • Service providers who perform services on our behalf (under contract to protect your information)
  • Consumer reporting agencies, for credit reporting purposes
  • Regulatory authorities, law enforcement, or as otherwise required by law

We do not share your nonpublic personal information with nonaffiliated third parties for their own marketing purposes.

13.4. Your Right to Opt Out

If in the future we propose to share your NPI with nonaffiliated third parties in a manner that requires an opt-out under GLBA, we will provide you with a clear notice and a reasonable opportunity to opt out before any such sharing occurs.

14. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 13 (or under 16 in certain states). If we learn that we have collected personal information from a child under the applicable age, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at privacy@zorrz.com.

15. Third-Party Links

Our Services may contain links to third-party websites, applications, or services, including those of our partners (such as Mastercard, Affirm, and others). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform. We are not responsible for the privacy practices of third parties.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Post the updated policy on this page with a revised "Last Updated" date
  • Notify you by email or through a prominent notice on our website or app

We encourage you to review this policy periodically. Your continued use of our Services after changes are posted constitutes your acceptance of the updated policy.

17. Contact Us

Contact Method Details
Email support@yourdomain.com
Mailing Address [Company Name]
[Street Address]
[City, State ZIP Code]
United States
Customer Support Available Monday to Friday, 9 AM – 5 PM (Local Time)
Privacy Requests To exercise your privacy rights, please email us with the subject line “Privacy Request” and include sufficient information for us to verify your identity.

We aim to respond to all privacy-related inquiries within 45 days.

Subscribe

Join our newsletter to stay up to date on features and releases.
🎉 Thanks for signing up — you’re on the list for early access to ZORRZ BlueAccess!
Oops! Something went wrong while submitting the form.
By subscribing you agree to with our Privacy Policy

Quick Links

HomeHow It WorksBLUEFeaturesBLUEFeaturesWaitlist

Products

BLUE — Your Autonomous Financial Coach0% APR MastercardBNPLMarketplace Rewards

Company

AboutPrivacy PolicySupportTerms of Service
ZORRZ™ Financial Inc. is a Delaware C-Corp. ZORRZ™ BlueAccess is a secured credit card issued in partnership with a federally regulated bank sponsor, subject to applicable federal and state regulations. This website is for informational and waitlist purposes only. ZORRZ™ does not currently issue credit products. Early access is not guaranteed and depends on completion of required KYC/AML verification. We do not provide financial advice. All content is educational in nature. Features described (BNPL, rewards, AI optimization, autonomous actions) are illustrative and subject to change. BNPL services provided by Affirm, subject to Affirm's terms. AI capabilities powered by SambaNova and Mastercard Agent Suite, subject to availability.
© 2025–2026 ZORRZ Financial Inc. ZORRZ and ZORRZ CARD SOLUTIONS are trademarks of ZORRZ™ Financial Inc. Registered in Delaware. All Rights Reserved.