Privacy Policy
Effective Date: January 6, 2026
Last Updated: February 8, 2026
1. Introduction
Loopzilla Technologies DOO ("we," "our," or "us") operates the zillatech.io platform (the "Service"). This Privacy Policy (the "Policy") is intended to help you understand:
- why we collect your personal data;
- how we collect, use and store your personal data;
- which rights relating to your personal data you have;
- how you can exercise the rights relating to your personal data;
- how we use cookies and other tracking technologies;
- how we share and disclose your personal data.
We are committed to protecting your privacy and ensuring the security of your personal data in accordance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and other applicable data protection laws.
2. Our Roles under the Applicable Data Protection Laws
When processing your personal data, we can play different roles under the GDPR and other applicable data protection laws and regulations. For example, we may act as a data controller under the GDPR and as a business under the CCPA, as amended, respectively.
3. Interpretations and Definitions
We use the following definitions in this Policy:
“CCPA” means the California Consumer Privacy Act of 2018. This Policy also accounts for the California Privacy Rights Act of 2020 (“CPRA”), which changed and expanded certain CCPA provisions.
“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679).
“data controller” means the natural or legal person who (either alone or jointly with other persons) determines the purposes for which and how any personal data is processed.
“data processor” means the natural or legal person who processes personal data on behalf of the data controller.
“data subject” is a person who can be identified, directly or indirectly, by details like their name, identification number, location, online identifier, or factors related to their physical, physiological, genetic, mental, economic, cultural or social identity.
“personal data” means any information relating to you and helping identify a data subject (directly or indirectly), such as a name, last name, email, location, etc.
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Personal Information We Collect
We collect and process information about you in accordance with this Policy. We may collect your personal data through the Website (including contact forms), email, social media accounts, or via other ways of communication.
We collect two basic types of information about you in connection with our Website and Service: Client and Website Visitor Data, which relate to Website Visitors and Clients, respectively. In particular:
Client and Website Visitor Data:
— Account Information: Email address used for account creation and authentication.
— User Content: Binary files, game builds, executables, and other data you upload to our platform.
— Communication Data: Information you provide when you contact our support team.
— Usage Data: Information about how you interact with our Service (e.g., features used, actions taken).
— Technical Data: IP address, browser type, device information, and operating system.
— Log Data: Server logs, error reports, and performance data.
— Cookies Data: Cookies for authentication and service functionality.
— Authentication Service Data: We use AWS Cognito for user authentication.
— Payment Data: Information received during payment of the Company invoices.
We use the personal data we collect and process only for the purposes listed in this Policy. We may share personal data with third parties solely for the purposes listed herein.
| We DO NOT sell your data. |
|---|
| We DO NOT use automated decision-making, including profiling, which produces legal effects concerning a data subject or similarly significantly affects a data subject. |
| We DO NOT intentionally collect and process the personal data of children and any sensitive personal data. |
| Please refrain from sharing your or third-party sensitive personal data. |
5. Grounds for processing
We collect and process your personal data in accordance with the provisions of the GDPR and other applicable data protection laws and regulations.
Under the GDPR, there is an exclusive list of lawful bases, allowing us to process your personal data. During personal data processing, we rely only on four of them, namely:
Article 6.1(a): consent
We collect the information you choose to give us, and we process it under your consent. You may withdraw your consent to the processing of your personal data at any time.
You may withdraw your consent to the processing of your personal data by emailing us at admin.contact@zillatech.io or contacting us in any other way convenient for you.
Article 6.1(b): performance of a contract
When you provide us with personal data via available options on our Website, this can sometimes be considered a request to form a contract or perform a contract between you and us. However, we may ask you for clear consent in case of doubt.
Article 6.1(c): legal obligation
We process your personal data to fulfil our legal obligations, such as complying with tax or regulatory requirements. If you request to exercise your rights under the GDPR, we may ask you for some personal data for verification purposes to identify you and comply with the applicable law.
Article 6.1(f): legitimate interest
We process your personal data for the purposes of our legitimate interests, such as:
-
preventing fraud,
-
ensuring the security of our Website and Service, and
-
providing you with a seamless user experience.
We only collect and use the strictly necessary data to achieve these purposes, provided that your fundamental rights and freedoms are not overridden.
6. How We Use Your Information
When acting as a data controller, we use your personal data for the purposes listed in the table below, where we also detail the types of personal data processed, legal bases we rely on to do so, third parties with whom we may share your personal data and information on the source of such data:
| Purpose of Processing | Types of Personal Data | Legal Grounds | Third-party Recipients | Source |
|---|---|---|---|---|
| Provide, operate, and maintain our Service | — Account Information — Usage Data — Technical Data — Log Data |
Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client |
| Process and store your uploaded files and game builds | — Account Information — User Content |
Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client |
| Authenticate your identity and manage your account | — Account Information — Authentication Service Data |
Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client, AWS Cognito |
| Generate game launchers and installers as requested | — Account Information — User Content |
Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client |
| Communicate with you about your account and our Service | — Account Information — Communication Data |
Your consent (Article 6(1)(a)) Performance of a contract (Article 6(1)(b)) |
Contractors | Client, Website Visitor |
| Monitor and analyze usage patterns to improve our Service | — Usage Data — Technical Data — Log Data — Cookies Data |
Your consent (Article 6(1)(a)) Our legitimate interest (Article 6(1)(f)) | AWS, Google Analytics, Contractors | Client, Website Visitor |
| Detect, prevent, and address technical issues and security threats | — Usage Data — Technical Data — Log Data — Cookies Data |
Our legitimate interest (Article 6(1)(f)) | AWS, Contractors | Client |
| Comply with legal obligations and enforce our Terms of Service | — Account Information — Cookies Data |
Legal obligation (Article 6(1)(c)) | AWS, Contractors | Client, Website Visitor |
| Process billing and payments (if applicable) | — Account Information — Payment Data |
Performance of a contract (Article 6(1)(b)) | Contractors | Client |
7. Use of Cookies
When you visit our Website, we may automatically gather certain information through cookies. These cookies, for example, can help us understand your interactions with our Website and Service, enhance your browsing experience, improve our Website and Service, and conduct marketing activities.
Depending on the period of expiry, cookies may be either persistent or session:
- a persistent cookie is stored by a web browser and remains valid until its set expiry date (unless deleted by the user before the expiry date);
- a session cookie will expire at the end of the user session when the web browser is closed.
There are two types of cookies, depending on the provider:
- first-party cookies are placed on websites by hosts of domains;
- third-party cookies are placed on websites by domains other than the one the user is visiting.
Depending on the purpose, there are four main types of cookies, namely:
- necessary cookies enable users to use websites by providing basic functions, e.g., ensuring security. Websites cannot function properly without these cookies;
- preference (or functionality) cookies enable websites to remember your choices (such as language preferences, username, region).
- performance (or statistics) cookies are used to collect information about how users interact with websites (e.g., page visits and page load speed). These cookies are sometimes placed by third-party providers of web traffic analysis services.
- targeting (or marketing) cookies are used to track the visitor’s interest in a particular product, measure the number of unique visits, recognise returning users, and deliver a targeted advertisement to users.
The following table sets out the different categories of cookies we use, their providers, purposes and storage periods:
| COOKIE NAME | DOMAIN | PURPOSE | RETENTION |
|---|---|---|---|
| _ga | .zillatech.io | A persistent statistics related cookie. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It helps Google Analytics track user interactions across sessions and devices. | 13 months |
| _ga_* | .zillatech.io | A persistent statistics related cookie. This is a variant of the _ga cookie, used by Google Analytics 4 (GA4) to persist session state. The * is replaced by a unique string for each property or data stream. | 13 months |
| .AspNet.SharedCookie | .prod.zillatech.io | A session cookie. The total number of data chunks into which the original file or dataset is divided. | 14 days |
| .AspNet.SharedCookieC* | .prod.zillatech.io | A session cookie. Stores an authentication information as well as authorization information (roles,permissions) of a user. The * is replaced by a sequence number in cookies data chunks. | 14 days |
Please note that cookies are integral to our Website's functionality. If you choose to block or delete some cookies, certain features of our Website may not work properly or may be inaccessible.
8. Data Storage and Security
8.1 Where We Store Your Data
Your data is stored on secure cloud infrastructure provided by Amazon Web Services (AWS). This includes:
- User account data (sensitive information) stored in AWS Cognito
- Authentication data managed by AWS Cognito
- User account data (system internals, email) stored in secure database
- Uploaded files stored in AWS S3 + backups on our internal storage systems
- Distributed files using AWS CloudFront with HTTPS/TLS encryption
8.2 Security Measures
We have implemented appropriate organisational, technical, administrative, and physical security measures designed to protect your personal data from unauthorised access, disclosure, use, and modification. Thus, we have implemented the following industry-standard security measures to protect your data:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of data at rest
- Secure authentication via AWS Cognito
- Regular security audits and updates
- Access controls and authentication for all systems
- Monitoring and logging of security events
We regularly review our security procedures and policies to consider appropriate new technology and methods.
8.3 Data Retention
We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. When you delete your account, we will delete or anonymize your personal data within 30 days, unless we are required to retain it for legal or regulatory purposes.
9. Data Sharing and Disclosure
We may share your information only in the following circumstances:
9.1 Sharing data with data processors
- AWS (Amazon Web Services, Inc., USA): Cloud infrastructure and authentication, and user management. You may read its Privacy Policy here.
- Google Analytics (Google Ireland Limited, Ireland): Website analytics and usage tracking services. You may read its Privacy Policy here.
All service providers are bound by data protection agreements and process data only as instructed.
As part of our business operations, we may engage specialists who may receive your personal data, including technical, sales, legal and marketing professionals, to provide you with better client service and ensure the accuracy and transparency of our business. These specialists are referred to as Contractors.
9.2 Legal Requirements
We may disclose your information if required to:
- Comply with legal obligations, court orders, or government requests
- Enforce our Terms of Service
- Protect the rights, property, or safety of Loopzilla Technologies DOO, our users, or the public
- Detect, prevent, or address fraud or security issues
9.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Policy.
10. Your Privacy Rights
You may exercise the following rights by submitting a data subject request at admin.contact@zillatech.io.
Please note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
| Right under the GDPR | Description | How to exercise it |
|---|---|---|
| Right to withdraw consent (Art. 7) | You can withdraw your consent for data processing at any time. | You can submit a request. |
| Right to be informed (Art. 13, 14) | You have the right to be informed about the collection and use of your personal data. | All information about our collection and use of your personal data is described in this Policy. |
| Right of access (Art. 15) | You have the right to confirm whether your personal data is being processed by us and access such data, along with specific information. | You can submit a request. |
| Right to rectification (Art. 16) | You have the right to correct inaccurate personal data about you and to have incomplete personal data completed. | You can submit a request. |
| Right to erasure (“right to be forgotten”) (Art. 17) | You have the right to have your personal data deleted without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the personal data have to be erased for compliance with a legal obligation in the European Union or an EU Member State law; the personal data have been collected in relation to the offer of information society services referred to in Article 8(1); the personal data have been unlawfully processed. | You can submit a request or use a dedicated page on our platform. |
| Right to restriction of processing (Art. 18) | You can limit the way in which we use your data where one of the following applies: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise, or defence of legal claims; you have objected to processing, pending the verification of that objection. | You can submit a request. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise, or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest. |
| Right to data portability (Art. 20) | You have the right to receive your personal data in a structured, commonly accepted, and machine-readable format and have the right to request that we transmit this data directly to another controller to the extent that the legal basis for our processing of your personal data is your consent or performance of a contract and the processing is carried out by automated means. | You can submit a request or use a dedicated page on our platform. |
| Right to object (Art. 21) | You have the right to object to our processing of your personal data at any time to the extent that the processing is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. Also, you have the right to object to our processing of your personal data for direct marketing purposes (including profiling). | You can submit a request. |
| Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22) | This right restricts us from making solely automated decisions, including those based on profiling, which produce legal or other significant effects for data subjects. | We DO NOT use automated decision-making and profiling. |
| Right to lodge a complaint (Art. 77) | You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates the requirements of the GDPR. | You can submit the complaint to the data protection authority. |
| Right to compensation (Art. 82) | Any person who has suffered material or moral damage as a result of a violation of GDPR requirements has the right to receive compensation from the controller or processor for the caused damage. | Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under the law of the EU Member State referred to in Article 79(2). |
CALIFORNIA PRIVACY RIGHTS
Under the California Consumer Privacy Act (CCPA), amended with the California Privacy Rights Act (CPRA), California residents have certain rights regarding our collection, use, and sharing of their personal information.
We may collect various categories of personal information when you use and/or access our Website and Service.
In particular, depending on actual circumstances, we may collect the following categories of personal information specified in the CCPA when you use and/or access our Website and Service:
- Category A – Identifiers;
- Category B – Personal information categories listed in the Cal. Civ. Code § 1798.80(e);
- Category D – Commercial information;
- Category F – Internet or other similar network activity.
You can find a detailed description of the personal information that we may collect from you above in the “Personal Information We Collect” section of this Policy. The purposes of the collection and/or use of personal information are stated in the “How We Use Your Information” section of this Policy. Note that in the “Data Sharing and Disclosure” section of this Policy, you can review the categories of third parties with whom we may share your personal information. The terms used within those sections of this Policy are taken from the GDPR in consideration of the definitions established in the CCPA.
If you are a California resident, to the extent provided for by the CCPA and subject to applicable exceptions, you have the following rights in relation to the personal information we have about you:
- Right to obtain information. You can request information about what personal information has been collected about you and how we have used that personal information during the preceding 12 months.
- Right of access. You can request a copy of the personal information that we have collected about you during the preceding 12 months.
- Right to deletion. You can request us to delete the personal information that we have collected from you unless it is necessary for us to maintain your personal information in certain cases under the CCPA, such as protection against malicious, deceptive, fraudulent, or illegal activity.
- Right to be free from discrimination relating to the exercise of any of your privacy rights.
The CPRA amended the CCPA and added new additional privacy protection rights for California residents, as follows:
- Right to correct inaccurate personal information. You can request us to correct the inaccurate personal information about you.
- Right to limit the use and disclosure of sensitive personal information. This right allows you to limit the use and disclosure of your sensitive personal information by the company. We don’t intentionally collect any sensitive personal information about you.
We take the protection of your privacy seriously, so in no way will we discriminate against you for exercising any of your rights granted by the CCPA, as amended.
You can exercise your rights under the CCPA, as amended by sending us an email by any other means of communication convenient for you, including those listed in the “Contact Us” section of this Policy.
Please note that we may need to confirm your identity to process your requests to exercise your rights under the CCPA, as amended. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
11. International Data Transfers
We may transfer your personal data to countries outside the European Union (EU) and the European Economic Area (EEA) that are not deemed to provide an adequate level of data protection under Article 45 of GDPR (adequacy decision).
In such cases, we will ensure that appropriate safeguards are implemented in accordance with the GDPR to protect your personal data, in particular, the standard contractual clauses adopted by the European Commission. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with these third parties to ensure that your personal data is adequately protected.
We put supplementary technical and organisational measures in place when transferring data outside the EU and the EEA (e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc).
12. Children's Privacy
Our Website and Service are intended for general audiences and are not directed to children under the age of 18. By submitting your personal data to us, you acknowledge that you have reached the age of 18, and under the laws of your country of residence, you have all rights to provide us with your personal data for processing.
Under the GDPR, we do not knowingly collect any personal data from children under the age of 16 (or a lower age if provided by EU member state law, provided that such lower age is not below 13 years).
Under the U.S. Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect any personal information from children under the age of 13 without seeking any required parental approval.
If we learn we have collected or received personal data from a child, we will delete that information. If you have any reason to believe that a child has provided their personal data to us, please contact us at admin.contact@zillatech.io.
13. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify affected users within 72 hours as required by GDPR
- Report the breach to relevant supervisory authorities
- Provide information about the nature of the breach and steps being taken
14. Third-Party Links
Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email or through a prominent notice on our Service
- Obtain your consent if required by applicable law
If you continue to use our Website and Service or otherwise provide us with your personal data after the new version of the Policy goes into effect, we assume that you agree to the changes.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Company: Loopzilla Technologies DOO
- Email: admin.contact@zillatech.io
- Address: UL. MAJORA MILOVANA MEĆIKUKIĆA 14, BAR, Crna Gora
For GDPR-related inquiries, you may also contact your local data protection authority.
17. Supervisory Authority
If you are located in the European Economic Area (EEA) and have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection supervisory authority. You can find a full list of EU supervisory authorities through this link.
We encourage you to reach out to us initially with any concerns you may have regarding the processing of your personal data. You may use the following email to address your inquiries: admin.contact@zillatech.io.