JINZO  ·  Legal

Privacy Policy

Effective date: May 7, 2026 · Last updated: May 7, 2026

JINZO Co. ("JINZO," "we," "us," or "our") is a semiconductor supply chain intelligence company. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit jinzo.co (the "Site"), submit a waitlist or design-partner application, or otherwise interact with us.

We take data protection seriously. Our platform is built for industries governed by BIS, ITAR, IATF 16949, and AS5553 requirements, and we apply the same rigor to the personal data we handle.

1. Information We Collect

1.1 Information You Provide

When you submit a waitlist or design-partner application, we collect:

• Full name and work email address
• Company name and company website
• Role title and role category
• Company annual revenue band
• Engagement intent (design partner or waitlist)
• Urgency and timeline preferences
• Operational pain areas and current tooling (multi-select responses)
• Free-text description of supply chain challenges (optional)

1.2 Information Collected Automatically

When you visit the Site, we automatically collect:

• IP address (used to derive approximate country; not stored in raw form)
• Browser type and user-agent string
• Referring URL and UTM campaign parameters
• CTA attribution (which button led to the form)
• Timestamps of form submissions

We do not use cookies for tracking. We use Cloudflare Web Analytics, which is privacy-first and does not use client-side state or fingerprinting.

1.3 Information We Do Not Collect

We do not collect financial account information, government-issued identification numbers, ECCN or export classification data, or any controlled technical data through this Site. The waitlist form is for business-contact information only.

2. How We Use Your Information

• Evaluate applications: Determine whether your team is a fit for JINZO's design-partner program or waitlist.
• Communicate with you: Respond to your application, provide product updates, and coordinate next steps.
• Improve our product: Understand which industries, roles, and operational challenges drive demand so we can build the right product.
• Comply with legal obligations: Respond to lawful requests from regulators or law enforcement.

We do not use your information for automated decision-making or profiling. We do not sell, rent, or trade your personal information.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

• Consent: You provide information voluntarily by submitting the application form.
• Legitimate interest: Evaluating business inquiries, improving our product, and communicating about services relevant to your stated needs.
• Legal obligation: Compliance with applicable law.

4. Data Sharing and Sub-Processors

We share personal data only with the infrastructure providers necessary to operate the Site and process applications:

• Cloudflare, Inc. (San Francisco, CA) — Site hosting, DNS, DDoS protection, Turnstile bot verification, Web Analytics.
• Supabase, Inc. (San Francisco, CA) — Database hosting and Edge Functions (application processing).
• Resend, Inc. (San Francisco, CA) — Transactional email delivery (confirmation and internal routing).

All sub-processors are US-based. We do not share personal data with advertising networks, data brokers, or any third parties beyond those listed above.

If we engage additional sub-processors in the future, this policy will be updated accordingly.

5. International Data Transfers

If you are located outside the United States, your personal data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) where required by GDPR and UK GDPR. Cloudflare and Supabase maintain their own data-processing agreements that incorporate SCCs.

6. Data Retention

• Active applications: Retained for the duration of the engagement evaluation and any resulting business relationship.
• Inactive applications: Retained for two (2) years after last contact, then deleted.
• Attribution and analytics data: Retained in aggregate form only; individual IP addresses are not stored.

You may request earlier deletion at any time (see Section 7).

7. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request that we limit processing of your data.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interest.
• Withdraw consent: Where processing is based on consent, withdraw at any time.

To exercise any of these rights, email contact@jinzo.co. We will respond within 30 days (or sooner where required by applicable law).

California Residents (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To submit a request, email contact@jinzo.co.

8. Data Security

We implement industry-standard security measures to protect your personal data:

• All data in transit is encrypted via TLS 1.3.
• Database access is restricted to authenticated Edge Functions with row-level security.
• Bot verification via Cloudflare Turnstile prevents automated abuse.
• Honeypot fields detect and reject bot submissions.
• Personal email domains are rejected to ensure business-contact quality.
• Sub-processor access is scoped to the minimum necessary for service delivery.

No method of electronic transmission or storage is 100% secure. If you believe your information has been compromised, contact us immediately at contact@jinzo.co.

9. Children's Privacy

JINZO is a business-to-business service. We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have collected data from a minor, we will delete it promptly.

10. Third-Party Links

The Site may contain links to third-party websites (e.g., BIS, DDTC, SEMI, JEDEC). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies independently.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date at the top of this page. Continued use of the Site after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions, data-subject requests, or complaints:

JINZO Co.
Email: contact@jinzo.co
Website: jinzo.co

If you are in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data-protection authority.