Skip to Main Content
Why Zembula
Solutions
Solutions by Zembula
Dimensions™
A woman lying on a couch, holding a credit card and looking at a laptop screen.
Daily Email Personalization
Zembula Dimensions™

The most efficient way to deliver high fidelity personalization in your daily email, and drive over 11x return on spend (works seamlessly with your existing email service provider).

Abandoned BrowseAbandoned CartWelcomeShipment TrackingLoyaltyBirthdayReactivationSubscription
Curator™ AI
A white square with "AI" and small sparkling stars in the center, set against a dark blue gradient background.
AI Photography Catalog Expansion
Zembula Curator™ AI

Infinitely expand your brands photography with Curator™ AI. Generate new product photography that’s indistinguishable from the originals, and combines multiple products together.

Email Modules
Classic Real-Time Email Modules

The classic real-time email modules you’ve seen and used before, except updated with more functionality, so they perform better.

Product / Category RecsRevealHero Personalization1:1 Content BlocksCountdown TimersAdd to CalendarWeatherVideoPolls
Platform
Composition Engine
Key Platform Features
Zembula's Composition Engine

Create, manage, deploy, and target an unlimited number of personalized messages. Deliver any of the messages from your pool through a single image URL and link embedded within email, SMS, mobile, or on your website.

Visual EditorDecision EngineEnterprise SecurityData ManagementQA suiteBehavioral trackingLongitudinal TestingBlock ManagementCreative Level Insights
Integrations
Logos of nine companies: Salesforce, Oracle, mParticle, MuleSoft, Klaviyo, Bluecore, Salesforce Marketing Cloud, and CrowdTwist, displayed on a dark blue background.
Connect with
100+ integrations

Zembula connects with any enterprise data source. If you don’t see a specific data source here or have a custom data source, we will always connect it for free.

 

Zembula's Integrations
Resources
Illustration Of Cloud Computing With Two Large Servers, A Smaller Server, And Three Cloud Icons Against A Blue Background.
Featured Resource
What is a Composition Engine?

Learn how we make your marketing efforts more manageable with Zembula’s Composition Engine

Download our Benchmark ReportCase StudiesInsights: Our learningsBlog: What's new
Pricing
Log inBook a Demo

Privacy Policy

Privacy Policy
Information Collection and Use Personal Information of Children Under 13 Use of Your Personal Information Business Transitions Links Security Correcting, Updating, Deleting and Deactivating Personal Information Notification of Changes Your California Privacy Rights Contact Information

PRIVACY POLICY

1. Introduction

Zembula, Inc., an Oregon corporation (“Zembula,” “we,” “us,” or “our”), is committed to protecting the privacy and security of the personal information we collect and process. This Privacy Policy describes how we collect, use, disclose, retain, and safeguard information when you visit our website at www.zembula.com (the “Site”), interact with our marketing communications, or otherwise engage with us.

This Privacy Policy does not govern the Zembula platform or application (accessible at scratch-it.com), which is subject to separate terms and data processing agreements between Zembula and its customers. For information about how data is handled within the Zembula platform, please refer to your applicable customer agreement and Data Processing Addendum.

We maintain a SOC 2 Type II attestation covering security, availability, confidentiality, and privacy controls. The practices described in this Privacy Policy are consistent with the organizational and technical safeguards validated through that independent audit.

2. Information Collection and Use

We collect information in the following categories:

2.1 Information You Provide Directly

When you fill out a form, request a demo, subscribe to a newsletter, or otherwise contact us, you may provide: name, business email address, company name, job title, phone number, and any other information you choose to include in your message. If you make a purchase, we may also collect billing information such as credit card type, number, expiration date, and billing address.

2.2 Information Collected Automatically

When you visit the Site, we and our service providers automatically collect certain technical and usage data, including:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Referring/exit URLs
  • Pages viewed, links clicked, and time spent on pages
  • Date and time of visit
  • Approximate geographic location (derived from IP address)

This data is collected through cookies, pixels, log files, and similar tracking technologies as described in Section 6 below.

2.3 Business Visitor Identification (Monaco)

We use Monaco, a third-party business intelligence service, to identify the companies and organizations visiting our Site. Monaco maps visitor IP addresses to publicly available business records (such as company name, industry, company size, and general location) through a process known as IP-to-company deanonymization.

This process identifies businesses, not individual people. Monaco does not resolve IP addresses to named individuals, personal email addresses, home addresses, or other directly identifying personal information. No individual-level profiles are created through this service.

We rely on this technology for the legitimate business purpose of understanding which organizations are evaluating our products and services, enabling our sales and marketing teams to engage with prospective business customers.

For visitors located in the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland, we process this data under the lawful basis of legitimate interest (Article 6(1)(f) GDPR), as described further in Section 9. For all visitors, you may opt out of this tracking as described in Section 6.

2.4 Information from Third-Party Sources

We may receive business contact information from marketing partners, public databases, data enrichment providers, or social media platforms (such as LinkedIn) in connection with our business-to-business marketing activities.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Responding to your inquiries and fulfilling your requests
  • Providing, operating, and improving the Site
  • Sending marketing and promotional communications (where permitted and with your consent where required)
  • Analyzing Site traffic and usage patterns to improve user experience
  • Identifying prospective business customers through company-level analytics
  • Administering promotions, surveys, or other Site features
  • Detecting, preventing, and responding to security incidents, fraud, or abuse
  • Complying with legal obligations and enforcing our terms
  • Supporting internal operations, including auditing, data analysis, and troubleshooting

We process only the minimum amount of personal information necessary to achieve each stated purpose (data minimization), and we do not use information for purposes materially different from those described here without providing notice and, where required, obtaining consent.

4. How We Share Your Information

Zembula does not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

We may disclose information in the following circumstances:

Service Providers and Contractors. We share information with third-party vendors who perform services on our behalf, such as hosting, analytics, email delivery, CRM, and payment processing. These providers are contractually bound to use personal information only for the purposes specified by Zembula and in accordance with applicable data protection requirements. Where required, we maintain Data Processing Agreements (DPAs) with these providers.

Analytics and Marketing Technology Partners. We use Google Analytics, HubSpot, Monaco, and other analytics and marketing tools that may collect or receive data from the Site. These partners process data on our behalf to help us understand Site usage and improve our marketing effectiveness. See Section 6 for details and opt-out options.

Legal Obligations and Enforcement. We may disclose information when we have a good-faith belief that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service or other agreements; (c) protect the rights, property, or safety of Zembula, our users, or the public; or (d) detect, prevent, or address fraud, security, or technical issues.

Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will provide notice before personal information becomes subject to a different privacy policy.

With Your Consent. We may share information for other purposes with your explicit consent.

5. Categories of Personal Information Disclosed for a Business Purpose

Our primary goal in collecting information from you is to provide you with a smooth, efficient and In the preceding 12 months, we have disclosed the following categories of personal information to service providers and contractors for business purposes:

  • Identifiers (e.g., name, email address, IP address) disclosed to hosting, analytics, CRM, and email service providers
  • Commercial information (e.g., records of services purchased or considered) disclosed to CRM and billing providers
  • Internet or electronic network activity (e.g., browsing history, search history, interaction with the Site) disclosed to analytics and marketing technology providers
  • Professional or employment-related information (e.g., job title, company name) disclosed to CRM and marketing automation providers
  • Geolocation data (approximate, derived from IP address) disclosed to analytics providers

6. Cookies, Tracking Technologies, and Your Choices

6.1 Technologies We Use

We use the following categories of tracking technologies on the Site:

  • Strictly Necessary Cookies. Required for the Site to function (e.g., session management, security). These cannot be disabled.
  • Analytics Cookies. Used to understand how visitors interact with the Site (e.g., Google Analytics). These help us measure traffic, identify popular content, and improve Site performance.
  • Marketing/Functional Cookies. Used to deliver relevant content, track marketing campaign effectiveness, and support CRM functionality (e.g., HubSpot tracking code).
  • Business Intelligence Tools. Monaco’s IP-to-company identification operates through server-side IP address resolution and does not rely on cookies placed on your device.

6.2 Managing Your Preferences

You can manage your cookie preferences at any time by clicking the “Cookie Settings” link in the Site footer or by adjusting your browser settings. Most browsers allow you to block or delete cookies, though doing so may affect Site functionality.

6.3 Global Privacy Control and Do Not Track

We honor the Global Privacy Control (GPC) signal. When we detect a GPC signal from your browser, we treat it as a valid opt-out request for the sale or sharing of personal information (though Zembula does not sell or share personal information) and limit non-essential tracking accordingly. We also respect browser-based Do Not Track signals to the extent technically feasible.

6.4 Opting Out of Monaco

Because Monaco operates via server-side IP resolution rather than client-side cookies, browser cookie settings do not prevent this processing. If you wish to opt out of IP-to-company identification, you may contact us at privacy@zembula.com with the subject line “Monaco Opt-Out,” and we will ensure your request is honored. Note that this identification occurs at the company level only and does not identify you as an individual.

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law, contract, or regulatory obligation. Specific retention practices include:

  • Account and contact data provided through forms is retained for the duration of the business relationship and for a reasonable period thereafter to support follow-up or re-engagement, unless you request deletion.
  • Analytics and log data is retained in accordance with the default retention settings of our analytics providers (e.g., Google Analytics data retention is configured to [14/26/38/50] months).
  • Monaco data is processed in real time for company identification and is not stored by Zembula in a personally identifiable form.

When personal information is no longer needed, it is securely deleted or anonymized in accordance with our Data Management Policy.

8. Data Security

We implement organizational and technical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent)
  • Role-based access controls limiting access to personal information based on job function
  • Regular vulnerability assessments and infrastructure patching
  • Security awareness training for all employees
  • Incident response procedures tested at least annually
  • Third-party vendor security assessments conducted in accordance with our Third-Party Management Policy

Our security controls are independently validated through our SOC 2 Type II audit. While no method of transmission or storage is completely secure, we take commercially reasonable steps to protect your information consistent with industry standards.

9. International Data Transfers and Legal Bases (EEA, UK, and Switzerland)

9.1 Legal Bases for Processing

If you are located in the EEA, UK, or Switzerland, we process your personal data under the following lawful bases:

  • Consent (Article 6(1)(a) GDPR): Where you have opted in to receive marketing communications or accepted non-essential cookies.
  • Performance of a contract (Article 6(1)(b) GDPR): Where processing is necessary to respond to your request or provide a requested service.
  • Legitimate interest (Article 6(1)(f) GDPR): Where we have a genuine business need that does not override your fundamental rights, including: operating and improving the Site, understanding business visitor traffic through company-level analytics (Monaco), and ensuring network security. We have conducted a legitimate interest assessment for our use of Monaco and have determined that the processing is proportionate (company-level identification only, no individual profiling) and does not infringe on visitors’ rights and freedoms.
  • Legal obligation (Article 6(1)(c) GDPR): Where processing is necessary to comply with applicable law.

9.2 International Transfers

Zembula is based in the United States. If you are visiting the Site from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. We rely on appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission where applicable, and we evaluate supplementary measures on a case-by-case basis.

9.3 Your Rights Under GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data, subject to legal exceptions.
  • Restriction: Request that we limit how we process your data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest, including company-level identification via Monaco.
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@zembula.com. We will respond within 30 days (or within the timeframe required by applicable law). If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

10. Your Privacy Rights Under U.S. State Laws

10.1 California (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to Know: Request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties to whom we have disclosed it.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: Zembula does not sell personal information and does not share personal information for cross-context behavioral advertising. No opt-out is required, but we honor GPC signals as described in Section 6.3.
  • Right to Limit Use of Sensitive Personal Information: We do not collect or process sensitive personal information beyond what is necessary for the purposes disclosed in this policy.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

The consumer’s right to know is not limited to a 12-month look-back period. If we retain your personal information for longer than 12 months, you may request information about personal information collected prior to the 12-month period (back to January 1, 2022).

To submit a request, contact us at privacy@zembula.com or use the contact information in Section 14. We will verify your identity before processing your request. You may also designate an authorized agent to submit a request on your behalf. We will respond within 45 days (which may be extended by an additional 45 days if reasonably necessary).

10.2 Other U.S. State Privacy Laws

Residents of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia (and other states with applicable privacy laws) may have similar rights to access, delete, correct, and opt out of certain processing. To exercise rights under your state’s privacy law, please contact us at privacy@zembula.com.

11. Children’s Privacy

The Site is a business-to-business platform not directed to individuals under 16. We do not knowingly collect personal information from children, and if we become aware that such information has been collected, we will delete it promptly.

12. Third-Party Links

The Site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party site you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on this page with a revised “Last Updated” date and, where appropriate, provide additional notice (such as a banner on the Site or an email notification). We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a privacy concern, please contact us:

Email: privacy@zembula.com

Mailing Address:
Zembula, Inc.
8065 SE Grand Ave
Suite 140
Portland OR 97202

For security incidents or data breach concerns, contact: security@zembula.com

Grow your revenue and customer loyalty

Book a Demo
A Bearded Man Wearing A White Shirt Looks At His Phone While Holding A Credit Card, With Icons Of A Star Mail Envelope And A Dollar Graph Connected In The Background.