Welcome to Zagasm Inc.'s comprehensive Privacy Policy for the Studio App. As a leading provider of creative tools designed to empower content creators, filmmakers, and collaborative teams worldwide, we at Zagasm Inc. are committed to upholding the highest standards of data privacy and protection. This policy outlines our practices in a clear, detailed, and professional manner, ensuring transparency in how we manage personal information. Our goal is to foster trust, enabling you to focus on your craft while we handle the rest with integrity and compliance.
This Privacy Policy applies exclusively to the Zagasm Studio App ("Service" or "App"), encompassing all interactions including user registration, content creation, collaboration features, monetization tools, and support services. Zagasm Inc., a company incorporated under the laws of the Federal Republic of Nigeria, operates from our headquarters in Lagos and adheres to the Nigeria Data Protection Regulation (NDPR) 2019, as well as international standards such as the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) for California residents, and other applicable global privacy frameworks. This policy was last comprehensively reviewed and updated on November 6, 2025. We will notify users of any material changes through in-app notifications, email communications, or prominent postings within the App. Continued use of the Service following such updates constitutes acceptance of the revised terms.
For any inquiries, concerns, or to exercise your privacy rights, please contact our Data Protection Officer (DPO) at support@studios.zagasm.com. We respond to all valid requests within one month, extendable under exceptional circumstances as permitted by law. This policy is provided in English; translated versions may be available upon request for convenience, but the English version prevails in case of discrepancies.
At Zagasm, data collection is purposeful, limited, and user-centric. We gather information necessary to deliver our core functionalities—such as advanced video editing, live streaming, collaborative project management, and secure monetization—while minimizing intrusion. All collection occurs with your explicit or implied consent where required, and we employ privacy-by-design principles to ensure proportionality. Below, we categorize the data types, sources, purposes, and legal bases in detail.
Upon creating an account or logging in via third-party providers (e.g., Google, Apple, or social media integrations), we collect foundational identifiers to establish and maintain your user profile.
Source: Directly from you during signup or profile updates. Legal Basis: Contract performance (to provide account access). We retain this for the duration of your active account plus a 30-day grace period for recovery.
For users engaging in monetized features (e.g., premium subscriptions, ad revenue sharing, or direct payouts exceeding regulatory thresholds), we implement Know Your Customer (KYC) and Anti-Money Laundering (AML) processes to comply with financial regulations.
Source: You and trusted verification partners. Legal Basis: Legal obligation (e.g., under Nigerian Financial Intelligence Unit guidelines).
To facilitate secure payments and earnings distribution, we process limited financial metadata while delegating sensitive details to certified processors.
Source: Payment gateways (e.g., Stripe, Paystack) and user inputs. Legal Basis: Contract performance and legal obligation (e.g., tax reporting to the Federal Inland Revenue Service - FIRS). Full card or banking credentials are never stored by Zagasm.
To optimize performance, diagnose issues, and personalize experiences, we log anonymized or pseudonymized operational data.
Source: Automatically via App telemetry. Legal Basis: Legitimate interests (service improvement) with opt-out options in settings.
The heart of our Service: Your creations drive everything. We store and process content as per your instructions.
Source: Your uploads and in-App generations (e.g., AI-assisted edits). Legal Basis: Contract performance. Content ownership remains yours; we claim no rights beyond hosting.
To provide responsive support and facilitate collaborations.
Source: You and integrated communication tools. Legal Basis: Contract performance and legitimate interests (dispute resolution).
Detailed in Section 10, these enable persistent functionality and analytics.
Source: Your device. Legal Basis: Consent or essential interests.
In all cases, we pseudonymize data where feasible (e.g., replacing emails with hashes) and conduct Data Protection Impact Assessments (DPIAs) for high-risk processing.
Zagasm processes personal data in alignment with our core mission: to democratize content creation. Each use case is tied to a specific objective, governed by data minimization and accountability principles. We do not engage in automated decision-making that produces legal effects without human oversight, and profiling is limited to benign recommendations (e.g., tool suggestions).
We leverage this data to ensure 99.9% uptime and intuitive UX, informed by aggregated benchmarks.
All financial processing adheres to ISO 27001-certified protocols.
Engagement rates inform non-intrusive refinements, with unsubscribe mechanisms in every communication.
Research outputs may be published academically with ethical reviews.
We document all processing activities in our Records of Processing Activities (ROPA) for supervisory authority inspections.
Under NDPR, GDPR, and equivalent regimes, processing must be lawful, fair, and transparent. We select the most appropriate basis for each activity, documenting assessments and providing opt-outs where balancing tests favor user rights.
For special categories (e.g., biometric data in verification), we rely on explicit consent or employment-like necessities. Users in protected jurisdictions enjoy enhanced rights under Chapters III-V of GDPR or NDPR Sections 24-64.
Data sharing is exceptional, confined to subprocessors bound by data processing agreements (DPAs) incorporating NDPR/GDPR clauses. We maintain a public register of subprocessors on our website, updated annually.
All vendors are audited biennially for compliance.
In mergers, acquisitions, or asset sales, data may transfer to successors under equivalent protections, with 30 days' notice for opt-outs.
No sales of personal data; CCPA "sale" opt-outs are honored.
As a Nigeria-based entity serving international users, transfers occur to subprocessors in the US, EU, India, and beyond. We ensure adequacy via:
Users may request transfer copies or challenge safeguards via our DPO. No transfers to high-risk countries without mitigations.
Retention is strictly purpose-bound, with automated purges and manual reviews. We maintain a retention schedule:
| Data Type | Retention Period | Rationale |
|---|---|---|
| Account Data | Duration of account + 2 years inactivity | Service provision and recovery |
| Financial Records | 7 years post-transaction | Tax/audit obligations |
| Content Files | Until deletion request + 90-day backup | User control and recovery |
| Logs/Analytics | 12-36 months | Security and improvement |
| Verification Docs | 5 years post-validation or legal min. | Compliance |
Deletion is irreversible (save backups, purged on cycle) and confirmed via email. Anonymization extends utility without identification.
Zagasm empowers users with full control. Rights vary by jurisdiction but include:
Submit via support@studios.zagasm.com or in-App portal; verification (e.g., email link) required. Appeals process available; complaints to NDPC or equivalents.
The Studio App targets users aged 18 and above, reflecting its professional tools and monetization focus. We do not knowingly collect data from children under 18 (or 16 in some jurisdictions). Age verification gates signup, and parental consent is mandatory for any suspected minors. Unintended collections are deleted within 7 days upon notification. No child-directed advertising or features; reports to child safety authorities as required.
Security is non-negotiable. Our program, certified under ISO 27001 and SOC 2 Type II, includes:
Users: Enable MFA, use password managers, and report anomalies promptly. Liability limited per terms.
Cookies and equivalents (pixels, SDKs) enhance functionality but respect choices. Our Cookie Policy (accessible via footer link) details:
| Category | Examples | Purpose | Duration | Provider |
|---|---|---|---|---|
| Strictly Necessary | auth_token, session_id | Login persistence | Session/1 year | Zagasm |
| Performance | _ga, app_analytics | Usage aggregation | 2 years | |
| Functional | theme_pref, lang_choice | Customization | 1 year | Zagasm |
| Targeting | ads_id (opt-in) | Personalized content | 6 months | Meta/Facebook |
Manage via browser (e.g., Safari > Privacy > Cookies) or our consent banner. Blocking essentials may impair functionality. Do Not Track (DNT) signals honored where applicable.
This policy evolves with our Service and regulatory landscapes. Minor clarifications post without notice; substantive changes (e.g., new processing purposes) trigger:
Review annually or subscribe to updates via RSS. Archived versions available upon request.
In the unlikely event of a breach, our incident response protocol activates immediately:
Insurance covers eligible impacts; users entitled to credit monitoring if PII compromised.
Reach our DPO or privacy team at:
Disputes governed by Nigerian law; arbitration in Lagos under LCIA rules. Class actions waived where permissible.
To address common queries:
Governing Law: Laws of the Federal Republic of Nigeria, without conflict principles.
Venue: Courts of Lagos State for non-arbitrable matters.
Severability: Invalid provisions do not affect remainder.
Entire Agreement: Supersedes priors; amendments only in writing.
Waiver: Non-enforcement does not imply future leniency.
Thank you for entrusting Zagasm with your creative journey. We remain dedicated to privacy excellence.