Privacy Policy
This Privacy Policy explains how Zoraro (“we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you visit zoraro.com or place an order with us. Zoraro is operated by The Investment Management Office LLC, the data controller for all personal data processed through this website. We serve customers in the United States, Australia, and Canada, and we take our privacy obligations under the applicable laws of each jurisdiction seriously.
Data controller
The Investment Management Office LLC — trading as Zoraro
As the data controller, The Investment Management Office LLC determines the purposes and means of processing your personal data in connection with the zoraro.com online store. Shopify Inc. acts as a data processor on our behalf for platform and payment functions.
Registered entity
The Investment Management Office LLC
8 The Green Ste 29054
Dover, Delaware 19901
United States of America
Privacy contact
For all privacy-related requests:
info@zoraro.com
+1 (740) 272-5703
zoraro.com
Data We Collect
We collect only the personal data that is necessary to fulfil your order, provide customer support, and operate our store lawfully. We do not collect data we do not need, and we do not retain data beyond the periods described in this Policy.
Personal Data
Full name
Email address
Shipping address
Billing address
Phone number (if provided)
IP address
Browser type and version
Device type and operating system
Order Data
Items purchased and quantities
Order history
Payment method type (e.g., Visa, Mastercard — not full card number)
Order number and transaction reference
Shipping carrier and tracking number
We never store full card numbers, CVV codes, or card expiry dates
What we do not collect
We do not collect sensitive personal data such as health information, racial or ethnic origin, religious beliefs, or biometric data. We do not knowingly collect personal information from children under 13. If you believe a minor has provided us with personal data, please contact us at info@zoraro.com and we will delete it promptly.
How We Use Your Data
We use your personal data only for the purposes listed below. We process your data on the basis of contractual necessity (to fulfil your order), legitimate interest (fraud prevention, site improvements), legal obligation (tax compliance), and consent (marketing emails).
Order fulfilment
Processing and confirming your order
Payment processing via Shopify Payments
Arranging shipping and providing tracking updates
Managing returns, refunds, and exchanges
Customer service
Responding to your enquiries and support requests
Handling warranty and after-sales matters
Sending order confirmations and shipping notifications
Following up on unresolved issues
Legal & compliance
Fraud prevention and detection
Tax and accounting obligations
Responding to lawful government or regulatory requests
Site security and abuse prevention
Marketing (with consent)
Sending promotional emails and product updates where you have opted in
Site improvements via aggregated analytics data
You may unsubscribe at any time via the link in any marketing email
We do not send marketing without your consent
Data Sharing & Third Parties
We share your personal data only with the service providers that are essential to operating our store and fulfilling your order. All third-party providers are bound by confidentiality obligations. We never sell your personal data to anyone, for any purpose, ever.
Zoraro does not sell, rent, trade, or otherwise transfer your personal information to any third party for their own marketing, commercial, or advertising purposes. This includes California residents under the CCPA, Australian consumers under the Privacy Act, and Canadian residents under PIPEDA. Your data is used only to serve you.
Who we share data with
Shopify Inc. — our e-commerce platform and payment processor. Processes order, customer, and payment data on our behalf under a data processing agreement.
Payment processors (Stripe / PayPal) — process your payment securely under PCI DSS compliance. We share only what is required to authorise and complete your transaction.
Shipping carriers — USPS, FedEx, UPS (US); AusPost (Australia); Canada Post (Canada). Your name and delivery address are shared to fulfil shipment and provide tracking.
Google Analytics — anonymised, aggregated site traffic analysis. Does not receive personally identifiable information.
Email service provider (optional, marketing only) — receives your email address solely to send you communications you have consented to receive.
Who we do not share with
Data brokers or data aggregators
Social media platforms for advertising targeting without your consent
Any third party for their own marketing purposes
Any purchaser of personal data — we never sell data
Any party outside the scope of order fulfilment and support without your explicit consent or a legal obligation requiring us to do so
Shopify as data processor
Shopify processes your data on our behalf and is bound by strict data processing obligations.
Shopify Inc. (headquartered in Ottawa, Canada) provides the e-commerce platform and payment infrastructure that powers zoraro.com. In this role, Shopify acts as a data processor: it processes your personal data only on our instructions and subject to a Data Processing Agreement. Shopify maintains its own privacy programme and security infrastructure, including PCI DSS Level 1 compliance for payment data and SOC 2 certification for platform security.
What Shopify processes
Order data, customer contact details, payment method information, shipping details, and site analytics. Shopify does not use this data for its own marketing or sell it to third parties on our behalf.
Data location
Shopify stores data on servers in the United States and Canada. Your data may be processed in either jurisdiction. Shopify's privacy policy is available at shopify.com/legal/privacy.
Cookies & Tracking Technologies
We use cookies and similar tracking technologies on zoraro.com to enable essential site functions, analyse traffic, and (where you have consented) deliver personalised advertising. You can control cookie use through your browser settings at any time.
How to opt out
Browser settings: Most browsers allow you to block or delete cookies via their privacy or security settings. See your browser’s help documentation for instructions.
Google Analytics opt-out: Install the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.
Do Not Track: We honour browser Do Not Track (DNT) signals where technically feasible.
California CCPA opt-out
California residents have the right to opt out of the sale or sharing of personal information for cross-context behavioural advertising purposes.
We do not sell personal information as defined under the CCPA. Analytical cookies that may share pseudonymous identifiers with analytics platforms are subject to your right to opt out.
To exercise this right, email info@zoraro.com with subject “CCPA — Opt Out of Sharing”.
Note on essential cookies
Disabling essential cookies may prevent core site features from functioning correctly, including the shopping cart and checkout process. We recommend keeping essential cookies enabled for the best shopping experience on zoraro.com.
California Privacy Rights (CCPA)
If you are a resident of California, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information. This section describes those rights and how to exercise them.
California Consumer Privacy Act (CCPA / CPRA)
California residents have meaningful rights over their personal information.
The CCPA grants California residents rights including the right to know, delete, correct, and opt out of the sale or sharing of personal information. These rights apply to personal information collected, used, disclosed, or sold by Zoraro (The Investment Management Office LLC) in relation to California residents.
Right to Know
You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
Right to Delete
You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (e.g., where retention is required to complete a transaction, detect fraud, or comply with a legal obligation).
Right to Correct
You have the right to request that we correct inaccurate personal information we maintain about you, taking into account the nature of the data and the purposes of the processing.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge different prices, provide a different quality of service, or suggest that you will receive a different quality of service because you exercised your rights.
Opt-out of sale of personal information
We do not sell your personal information as that term is defined under the CCPA. We do not transfer your personal information to third parties in exchange for monetary or other valuable consideration. You therefore have nothing to opt out of with respect to the sale of your data — but we are committed to being transparent about this. If you have questions, please contact us.
How to exercise your rights
Email: info@zoraro.com
Subject line: “CCPA Request”
Include your full name, email address, and a description of your request. We may need to verify your identity before processing your request.
We will acknowledge your request within 10 business days and respond in full within 45 days. If additional time is needed (up to a further 45 days), we will notify you of the extension and the reason for it.
Authorised agents
You may designate an authorised agent to make a CCPA request on your behalf. To do so, your agent must provide written permission signed by you, and we may still require you to verify your identity directly with us to confirm the agent’s authority.
We respond to California residents’ requests at no charge. We will not discriminate against you for exercising any of your CCPA rights.
Australian Privacy Rights
If you are located in Australia, this section describes your rights and our obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act.
Privacy Act 1988 (Cth) & Australian Privacy Principles
The Privacy Act 1988 (Cth) regulates the handling of personal information about individuals in Australia. The 13 Australian Privacy Principles (APPs) set out how organisations must collect, hold, use, disclose, and manage personal information. Zoraro complies with these principles when handling personal information of Australian customers.
How to make a request (Australia)
Email: info@zoraro.com
Subject line: “Australian Privacy Request”
Include your full name, email address used for your Zoraro order(s), and a description of your request. We will verify your identity before processing.
We will acknowledge within 5 business days and respond in full within 30 days.
OAIC contact details
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218, Sydney NSW 2001
Enquiries: 1300 363 992 (within Australia)
Canadian Privacy Rights (PIPEDA & CASL)
If you are located in Canada, this section describes your rights and our obligations under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, as well as Canada’s Anti-Spam Legislation (CASL).
PIPEDA & Provincial Privacy Laws
PIPEDA (S.C. 2000, c. 5) applies to private-sector organisations that collect, use, or disclose personal information in the course of commercial activities across Canada. In British Columbia and Alberta, PIPA (Personal Information Protection Act) may apply provincially. In Québec, Law 25 (Act respecting the protection of personal information in the private sector, LPRPDE / Law 25) applies. We comply with these laws when handling personal information of Canadian residents.
CASL — Canada’s Anti-Spam Legislation
We comply with CASL. Commercial emails are only sent with your express or implied consent.
Canada’s Anti-Spam Legislation (CASL, S.C. 2010, c. 23) requires that commercial electronic messages (CEMs) be sent only with the recipient’s express or implied consent, must identify the sender, and must include a functioning unsubscribe mechanism.
Consent we rely on
Express consent: You have actively opted in to receive marketing emails (e.g., by checking a box at checkout or subscribing on our website.
Implied consent: You are an existing customer who has purchased from us within the last 24 months, and the CEM relates to our products or services.
Unsubscribe guarantee
Every commercial email we send includes a clearly identified, functioning unsubscribe mechanism. Once you unsubscribe, we will honour your request and stop sending commercial emails within 10 business days. We will not charge you for unsubscribing, nor will we use a business or technical measure to prevent you from unsubscribing.
How to make a request (Canada)
Email: info@zoraro.com
Subject line: “Canadian Privacy Request” or “CASL Unsubscribe”
We will acknowledge access requests within 5 business days and respond in full within 30 days. Unsubscribe requests are honoured within 10 business days.
Office of the Privacy Commissioner
Office of the Privacy Commissioner of Canada (OPC)
30 Victoria Street, Gatineau, Québec K1A 1H3
Toll-free: 1-800-282-1376
Data Retention & Security
We retain personal data only for as long as necessary for the purposes for which it was collected or as required by applicable law. We implement industry-standard security measures to protect your data against unauthorised access, loss, or disclosure.
Order data
Retained for 7 years from the date of the transaction to comply with US federal and state tax and accounting obligations (including IRS requirements under IRC §6001). After this period, data is securely deleted or anonymised.
Marketing data
Retained for as long as you remain subscribed to marketing communications. Upon unsubscribe, we retain a suppression record of your opt-out to ensure we do not contact you again. If no commercial email has been sent for 3 years, the record is reviewed and deleted unless you are also an active customer.
Account & customer data
Retained until you request deletion of your account or personal data (subject to our legal retention obligations). We will confirm deletion within 30 days of a valid request.
Analytics & cookies
Aggregated analytics data is retained in line with Shopify and Google Analytics default retention periods (typically 26 months). Session-level cookie data is purged at the end of each browsing session.
Security measures
Your data is protected by industry-standard technical and organisational security controls.
We partner with Shopify, a leading e-commerce platform with robust security infrastructure and a dedicated security team, to store and process your personal information. Payment data is processed exclusively by PCI DSS-certified processors — we never see or store your full card details, CVV, or card expiry date.
Technical measures
SSL/TLS encryption on all pages. PCI DSS compliance via Shopify Payments. Access controls and role-based authentication for internal systems. Regular security updates and monitoring via Shopify’s platform infrastructure.
Organisational measures
Access to personal data restricted to personnel who require it to fulfil orders or provide customer support. Data processing agreements with all third-party service providers. Incident response and breach notification procedures in place.
Data breach notification
While we implement strong security measures, no system is 100% secure and we cannot guarantee absolute security of your personal data. In the event of a data breach that creates a real risk of significant harm to you, we will notify you and the relevant regulatory authority as required by applicable law — including within 72 hours of discovery where required. Breach notifications will describe the nature of the breach, the data involved, likely consequences, and the steps we have taken or will take to address it.
Changes to This Policy & Contact
We review and update this Privacy Policy periodically to reflect changes in our business practices, applicable law, and the services we offer. When we make material changes, we will notify you.
Policy updates
We may update this Privacy Policy at any time. The effective date at the top of this page always reflects the current version. For material changes — those that meaningfully affect your privacy rights or how we handle your data — we will notify you by posting a prominent banner on zoraro.com before the changes take effect. We encourage you to review this Policy periodically.
Governing law
This Privacy Policy is governed by the laws of the State of Delaware, USA, without regard to conflict of law principles, except where superseded by mandatory consumer privacy laws applicable in your jurisdiction (including the CCPA for California residents, the Privacy Act 1988 for Australian residents, and PIPEDA for Canadian residents).
Privacy contact
The Investment Management Office LLC — Zoraro
For all privacy-related enquiries, data access requests, correction requests, deletion requests, or complaints, please contact us using the details below. We take every privacy request seriously and will respond promptly and fairly.
Mailing address
The Investment Management Office LLC
8 The Green Ste 29054
Dover, Delaware 19901
United States of America
Contact details
Email: info@zoraro.com
Phone: +1 (740) 272-5703
Website: zoraro.com
Subject line: “Privacy Request”
Response times: California residents — we will respond to CCPA requests within 45 days. Australian residents — we will respond within 30 days. Canadian residents — we will respond within 30 days. All other requests — we aim to respond within 30 days. We will acknowledge your request within 5 business days of receipt.
We would prefer to resolve directly
We take all privacy concerns seriously and will do our best to address your query promptly and fairly. While you always have the right to contact the relevant regulatory authority in your jurisdiction (the OAIC in Australia, the OPC in Canada, or the California Attorney General for CCPA matters), we ask that you contact us first at info@zoraro.com so we have the opportunity to resolve your concern directly before escalation.
Privacy questions?
We respond to all privacy requests within 30–45 days depending on your jurisdiction.
info@zoraro.comThis Privacy Policy applies to the processing of personal information of individuals in the United States (including California), Australia, and Canada by Zoraro (The Investment Management Office LLC) via zoraro.com. It is effective from 25 June 2026. California residents are covered by the CCPA/CPRA. Australian residents are covered by the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Canadian residents are covered by PIPEDA and CASL. The Investment Management Office LLC, 8 The Green Ste 29054, Dover, Delaware 19901, United States of America.