Privacy Notice

Last updated: 1 December 2023


Purpose of this notice 


At Zappar we understand that privacy is important and are committed to ensuring that personal information is processed in accordance with applicable data protection and privacy laws, including the European General Data Protection Regulation ("GDPR") and the UK Data Protection Act 2018 (the “UK DPA”). We have put together this Privacy Notice which you are currently reading to help you understand what information we collect from users of Zapworks and how we use and share this information. It also contains important information about your rights. The Privacy Notice is an essential part of your engagement with Zappar and it is important that you read it carefully. By engaging with us in the ways set out in this Privacy Notice, you confirm that you have read and understood the entirety of this notice, as it applies to you.





This Privacy Notice applies as between Zappar Limited and Zapworks users. The Privacy Notice deals with our use of information collected by us in relation to your use of Zapworks.

In general, this Privacy Notice does not apply to “User Content” and the terms of the Zapworks Data Processing Addendum will apply to our processing of User Content on behalf of a ZapWork user in connection with the Services. There may be an exception, where you are a hobbyist (i.e have a Hobby plan) and Zappar is deemed to be a data controller with respect to “Your Content” (as defined in this Privacy Notice). We have therefore included some guidelines for Your Content in the section of this Privacy Notice headed “Information that we may collect”.

Please also be aware that this Privacy Notice only applies to your use of Zapworks. If you use our ZAPPAR, ZAPBOX or ZAPVISION mobile application, or any other application or product provided by Zappar, or a Zappar licensee, or if you are simply browsing our website, a different privacy policy will accompany that product/service, and you should refer to the policy for that service, which may differ from the one set out below. Equally, this Privacy Notice does not extend to any websites or services of third parties which can be accessed from Zapworks including, but not limited to, any links we may provide to social media sites.

IMPORTANT NOTICE REGARDING CHILDREN UNDER 13: This Privacy Notice generally applies to all users of Zapworks. If, however, a user identifies themselves as under the age of 13 (a "Child"), we will collect, use and share the Child's information as described in the section below headed "Children's Privacy".



What means what?


In this Privacy Notice some of the words we use have capital letters. This is because we have given these words a particular meaning. These words are listed below:


“Anonymous Information”

means information that does not identify and cannot reasonably be used to identify a specific individual. When Anonymous Information is linked with Personal Data, this Anonymous Information is normally treated by Zappar as Personal Data.

“Content Trigger”

means the mechanism by which a Zap can be activated, including zapcode scanning, QR code scanning, deep links and other content triggers. 


(depending on the context) means any or all information that you or your device send, submit or transmit to Zappar via the Services. Information also includes information automatically collected by us and information about you, which we obtain from other sources.

“IP Address”

means an Internet Protocol address, a number that is automatically assigned to your device when you use the Internet and which may vary from session to session.

“Personal Data”

means any information we hold about you which could be used to identify who you are, e.g. your name, email, home address, IP Address and may include other information such as identification numbers and location data.


means our ZAPWORKS service and technology available at together with its related databases, features, functionality, plug-ins, software, tools, zapcodes, documentation and web pages including any modifications or updates thereto.


means you, the natural person visiting the ZAPWORKS website, using the Services, or registering as a user of the Services.

“Your Content”

means any and all data or content controlled by you that you create, enter, upload, import, post, transmit or otherwise make available via the Services, including animation, documents, images, links, sound files, videos and text.

“Zapbox app”

means any application developed by Zappar for use with our mixed reality kit called ZAPBOX.

“Zappar” or “we”

means Zappar Limited a private limited company incorporated in the United Kingdom and registered in Scotland with company number SC394617.

“Zapworks Account”

means the Zapworks account (also referred to as a “workspace”) or login credentials registered with Zappar by which you access the Services.

“Zappar App”

means either our augmented reality mobile application called ZAPPAR; or our Zappar Scanning SDK where it is included within a third party application that is being used to consume content published on our platform.

Zappar Web Application

means our WebAR application available at 


means an augmented, virtual or mixed reality content experience.



Identity of the data controller


The data controller is Zappar Limited, a private limited company incorporated in the United Kingdom and registered in Scotland (company number SC394617). Our contact details are shown below in the section headed “Contacting Us”.

For the purposes of UK and EU data protection law Zappar will be acting as a "data controller" only where we determine the purposes for which and the manner in which Personal Data is used. For certain pieces of Person Data  (e.g. any Personal Data included within Your Content) it is you and not Zappar who will determine the purposes for which and the manner in which the Personal Data is used. In this instance, you will be acting as the "data controller" and we will be acting as the "data processor". In these instances, the Zapworks data processing addendum applies instead of this Privacy Notice:



Your rights


As a data subject, you have the following rights under UK and EU data protection legislation (including GDPR), which we will always work to uphold:

  • The right to be informed about our collection and use of Personal Data;

  • The right of access to the Personal Data we hold about you (see “How can you access your Personal Data?”);

  • The right to rectification if any Personal Data we hold about you is inaccurate or incomplete (please contact us using the details in “Contacting Us”);

  • The right to be forgotten – i.e. the right to ask us to delete any Personal Data we hold about you in certain circumstances;

  • The right to restrict (i.e. prevent) the processing of your Personal Data in certain circumstances;

  • The right to data portability. This means that, if you have provided Personal Data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that Personal Data to re-use with another service or business in many cases;

  • The right to object to us using your Personal Data for a particular purpose or purposes; and

  • Rights with respect to automated decision making and profiling.


When making a request, please be aware that we may be unable to delete Information that resides in our archives, and the requested removal of certain Information may mean we are no longer able to provide you with all or certain parts of the Services.


If you have any cause for complaint about our use of your Personal Data, please contact us using the details provided in the section headed “Contacting Us” and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO).

The ICO’s contact details are:


Information Commissioner’s Office

Wycliffe House

Water Lane





Helpline number: 0303 123 1113


European Representative under Article 27 of GDPR 


We have appointed EU Rep as our Representative under Article 27 of the EU General Data Protection Regulation. All GDPR queries from EU Data Subjects or Data Protection authorities should be addressed to BizLegal Ltd trading as EU Rep have their registered office at 27 Cork Road, Middleton Co. Cork, Ireland. Company number 635921. 

Information that we may collect


As and when you visit, browse or use the Services, we may collect certain Information from you. Some of this Information may be Personal Data and some of the Information may be Anonymous Information. We use your Information in accordance with the terms of this Privacy Notice.


Your Zapworks Account & transactional data

By creating a Zapworks Account or using the Services you will allow others, including Zappar, to identify you. To open a Zapworks Account or use the Services you may need to provide us with some or all of the following items of Personal Data: your first name and last name, billing address, email address, password, date of birth. Your date of birth is not stored by Zappar. we only use it once to confirm your age.

Alternatively, you can sign up for or log into the Services by using your Google, Microsoft, Slack or Facebook account. If you use this option we will receive some details about your account in order to authenticate the login.

Business and education users can also create an organisation contact within our systems. This organisation contact enables business and education users to delegate access to their Zapworks Account to certain named users within their organisation. Zappar will collect and store any information which you enter into your organisation contact e.g. names of authorised users.

We will also collect and store transactional data relating to your Zapworks Account e.g. login credentials, login attempts, payment status, transaction history, and activity logs containing information relating to your use of the Services. We do not store:

  • User passwords (we store only PBKDF2 hashes of passwords for comparison during login attempts);

  • Full payment card numbers (these are stored by our merchant services provider, currently, Braintree).


If you choose to email or write to us about your Zapworks Account or the Services, or submit a contact or support request via the Zapworks website, we may also collect Information about you from the content of your letter, email or submission e.g. your name, email address, postal address and your likes/ dislikes.

We may also collect the following categories of Information from you whether or not you create a Zapworks Account (e.g. if you are simply browsing our Zapworks website).


Your Content (Hobbyists)

Once your access to the Services has been activated, you will be able to enter or upload content to your Zapworks Account (e.g. music files, photos, videos and other digital content) and to publish and make content available to the public (e.g. by connecting it to your zapcodes, or using another Content Trigger). Once entered or uploaded, Your Content will be stored on our secure servers for the purposes of making Your Content available as and when you choose to publish it. Some of Your Content may contain your personal information. We will process the personal information contained in that content in accordance with this Privacy Notice.

Before entering, uploading or publishing any content on the Services please BE AWARE of the following important matters:

The nature of the Services means that Your Content will potentially be available to ALL users of the Zappar App or Zappar Web Application who activate the Content Trigger regardless of whether or not they are known to you or have been specifically selected by you to receive that content.

It is not possible to make Your Content private i.e. only accessible by certain selected people; although you can choose whom you share your Content Triggers with. Please be careful when publishing content that contains or depicts personal information about yourself or others, e.g. audio, photos or videos featuring you or your friends' image or voice.

We strongly advise you to be selective about what personal information you include in Your Content and not to include any of the following types of personal information in any submission to the Services: telephone numbers, addresses, full name, location information or any information of a sensitive nature. Please also make sure that your submission complies with our code of conduct (see Section 11 of the Terms of Use for the Services).

If you enter or upload information about or depicting someone other than yourself (e.g. a photo of a friend or a work colleague) you must get their permission first.

Even if you subsequently remove content that you published via the Services, copies may still remain cached or saved on someone's device and therefore capable of continued viewing.




Forums and competitions

If you participate in any of our forums, we will collect your user name and store and publish any messages you submit.

If you participate in one of our competitions, then in addition to your entry we may collect your name, email address and other contact information.


Information collected from other sources

We may from time to time engage the services of other companies to handle certain tasks relating to the Services. This may include payment processing, search engine facilities, storage and serving of content, advertising and marketing, and analytics. These companies may send us certain Personal Data relating to you. We may also collect information about you from publicly available sources, such as via the Internet and social networks, including through public or licensed APIs. If we do collect such information from third parties, we will only use that information in accordance with this Privacy Notice. Equally, these companies may collect personal information directly from you. If they do, that company and not Zappar will be the data controller in respect of any information you provide to them (e.g. your credit card details) and you should check their privacy policy to find out how they will use your information.


Payment processing

Zappar uses a payment solution supplied by a third party to enable us to accept payments for the Services. This third party payment solution is integrated with our own systems and works as follows: upon your request to checkout and pay, our website will display a form to you that collects the required payment data. The text boxes for entering your details into the form are served from the third party's website and when you submit the form the payment data and other details are sent directly to the third party. This method prevents your sensitive data from ever residing on our servers and enables Zappar to achieve PCI compliance.


Zapalytics and information about your device

The Services can be used with the Zappar App and the Zappar Web Application. Zapworks Studio 6 onwards is integrated with the Zapbox App


When you use the Zappar App, Zapbox App or the Zappar Web Application, e.g. to scan ('zap') a zapcode, our servers will automatically collect information from your device, including the following:


  • An Installation ID (see below);

  • The IP Address linked to the device: we will process this to infer coarse user location (Country and City), and then discard the IP Address;

  • The time;

  • The make and model of your device (including operating system version);

  • The version of the application being used; and

  • Information about your use of the application (we call this “Zapalytics”).


We may use this Anonymous Information in the following ways: (i) to analyse and optimise your use of the Services; (ii) to provide notifications within a Zap based on your in-Zap activities; and (iii) to develop new features and functionality which we believe may be of use to you or other users of the Services.


Zapalytics Installation ID

The Installation ID is a unique installation ID generated by the Zappar App or ZapBox App when it is first run. In the case of WebAR, we use a cookie to set the ID on your device. The ID is a random number seeded from the system time and cannot be used to identify who you are. The ID is stored in the app's storage directory (or locally) on your device and is used to anonymously track your use of the application in various ways, e.g.:


  • when you open the mobile application or launch the Zappar Web Application;

  • when you tap "Zap";

  • the names and time of scan of Zaps accessed;

  • how long you spend interacting with a Zap;

  • when you perform certain actions during a Zap e.g. completing a game, high score achieved.


The Installation ID is not accessible to other apps or sites on your device and does not track you beyond the mobile application or Zappar Web Application. We do not share the Installation ID within any third party.

Log Data 

Our system will automatically record and store information created by your access to and use of the Services, including specific actions performed by you within the Services (collectively, "Log Data"). This may include information about your device, your IP Address, browser type, the pages that you visit, time spent on pages and other statistics. We use this information to better tailor the Services to our users' needs and to provide you with targeted communications that you are happy to receive from us. We may also link this automatically collected information to Personal Data (e.g. if you submit a "get in touch" request to us or register for a Zapworks trial). We may also add Log Data to our customer relationship management system. We do not use any Log Data to track you outside of our services.



Legal basis for processing Personal Data


Our legal basis for collecting and using your Personal Data will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only where (i) we need the Personal Data to perform a contract with you; (ii) the processing is in our legitimate interests and not superseded by your rights; (iii) we have a legal obligation to process your Personal Data; or (iv) we have your consent to do so (e.g. you have ticked a box, or signed up for a newsletter).


Under our terms of use for the Services, “performance of contract” as a legal basis for processing your Personal Data refers to when we make the Services available to you, provide customer support, integrate the Services with technology and distribution platforms such as Apple iOS and Google Android, and inform you of service-related changes. If there is no legal contract between you and Zappar (e.g. because you are a minor), then we will process Personal Data for these purposes on the basis of our legitimate interests.


We process your Personal Data on the basis of our “legitimate interests”, for example, when we provide you with the Services, carry out marketing, keep the Services secure, for engineering purposes, analysing users behavior across the Services, providing customer support, and running, growing and developing our business.


We have a “legal obligation” to process your Personal Data when complying with a legal obligation, such as preventing a crime or fraud or maintaining tax records. This ground may also include our obligation under the UK DPA and GDPR to protect your Personal Data.


If you have questions about the legal basis for collecting and using your Personal Data, please contact us using the contact information provided in the section headed “Contacting Us”.


How does Zappar use your information?



Lawful Basis for Personal Data processing 

To enable us to provide you with all of the features and functionality of the Services, including your zapcode(s).

Performance of a contract - if you do not provide the Personal Data requested we cannot identify you as an authorised user.

To enable you to upload, enter, change, edit, publish, share and communicate Your Content.

Performance of a contract - if you do not provide the Personal Data requested we cannot identify you as an authorised user and carry out the requested action.

To provide you with personalised content and communications that you are happy to receive from Zappar in relation to the Services.

Legitimate interests - marketing; providing the Zappar Services and carrying out an action you have requested.

To provide you with promotional emails, newsletters and other messages that relate to the Services, including communication through third parties.

Legitimate interests - marketing; providing the Zappar Services and carrying out an action you have requested.

Distribution of advertising and promotional materials of Zappar and/or third parties among users as a targeted audience, including distribution on third party websites and platforms. 

Legitimate interests - marketing and advertising of the Services.

Targeting of advertising and/or promotional materials, including targeting on third party websites and platforms.

Legitimate interests - marketing and advertising of the Services.

To provide customer service in relation to your use of the Services e.g. service updates, responding to service requests.

Performance of a contract, or legitimate interests. Where no contract is in force, the legitimate interests are providing you with customer care and product support.

Generally, to administer, support, analyse, improve, promote and develop the Services, including updating our software installed on your device.

Legitimate interests - providing the Services and running, growing and improving the Services. 


To understand how users navigate our online ecosystem in order to inform strategy for ongoing improvements. 

Detecting, preventing, or otherwise addressing fraud, security or technical issues.

Legal obligation, i.e. compliance with data protection law. 


Our legitimate interest of keeping our platform secure.

To enforce the Zapworks Terms of Use and to deal with any complaints, legal claims or legal proceedings relating to the Services.

To exercise, establish or defend our legal rights, or to protect your vital interests or those of any other person.

As otherwise described in this Privacy Notice.

Please refer to the relevant section.



Profiling and automated decision making


We do create and maintain user profiles relating to some visitors to our websites. These profiles are created when a visitor fills in a form on or, or registers for a Zapworks trial. No profiles are created for visitors who just browse the site(s). Our aim is to limit the Personal Data contained in these profiles to that required to achieve our legitimate interest of helping users get the best from our Zapworks tools and better tailoring communications we send people.


We also apply some automatic decision making: we use a marketing automation tool - currently provided by HubSpot - which decides the type of communication you will receive (e.g. email, newsletter, blog content, tutorial content) based on who you are (e.g. a designer) and what actions you have performed within the Services. This means you may receive a different communication from someone else. In our view, this is the only consequence of the automation tool we use.



Marketing communications


We would like to send you information about products and services of ours (including ZAPWORKS) that may be of interest to you. This may include marketing communications on social media platforms (including Facebook) used by you. If at any time you decide that you no longer wish to be contacted for this purpose, you can opt out by either changing the mailing settings within your Zapworks Account or letting us know and we will remove you from our mailing list. Please note that it is not possible to opt out of service-related emails as these are necessary for the security and performance of the services.




We may from time to time contact selected customers to ask them if they would be willing to provide a testimonial for the Services. We will agree on the wording of any testimonial with you. Once agreed, the testimonial will be displayed on the ZAPWORKS website or sometimes via press releases depending on what is agreed at the time.



Where will your information be processed? 

Your Personal Data may be transferred to, and processed in, countries other than the country of which you are a resident. These countries may have data protection laws that are different from the laws of your country.


We use Amazon Web Services (“AWS”) to store and process data on our behalf in connection with the Services. We primarily use AWS servers located in Ireland to store and process your Information; however AWS also use various servers located around the world to cache data locally and speed up access to content.


We may engage other businesses to carry out data processing on our behalf. For example, we may engage someone to provide payment services, to host the Services, to administer electronic mailings on our behalf, or to provide analytics services. We will continue to be the data controller in respect of any Personal Data transferred to or shared with such third parties and shall remain responsible for the processing undertaken by them.


The following is a list of the main businesses who currently process data on our behalf in relation to the Services:



Processing purpose(s)

Data Storage Location

Amazon Web Services

Content hosting and serving

Primary storage location is Ireland but content may be cached locally to improve content delivery performance


Payments for Zapworks

May store data in the USA and other countries worldwide


Subscription management

May store data in the USA and other countries worldwide

Functional Software, Inc. dba Sentry

Error tracking, crash reporting

USA and any other country in which their subprocessors maintain facilities


Business email and analytics services



Customer relationship management tools, customer support, and analytics services HubSpot may store data on a global basis, including the USA


Manage customer emails and distribution of product notifications



To manage subscription renewals



We may also share Information between our group countries, which are located in countries worldwide.

The following is a list of businesses we previously used to process data on our behalf in relation to the Services:



Processing purpose(s)


Data Storage Location

Fresh Desk 


User support requests





Analytics services






Transfers outside of the United Kingdom and Europe

If you use the Services while you are outside the United Kingdom or European Economic Area (EEA), your Personal Data may be transferred to countries outside the United Kingdom or EEA to enable us to provide you with those services. The circumstances in which this may happen are:


If any of our servers are located outside the United Kingdom or EEA or our service provider is located outside the United Kingdom or EEA (see the tables above).


When you use the Zappar App and Zappar Web Application. The Zappar App and Zappar Web Application are available for use internationally. This means it is possible that any Personal Data contained in Your Content (e.g. your picture) that you publish on our platform (e.g. by connecting content to a zapcode, or sharing an animated GIF) may be automatically transferred by our servers to a device, server or other computer equipment being used in a country outside the United Kingdom or EEA.


Countries outside of the United Kingdom and EEA may not have similar data protection laws to the GDPR and UK DPA. If we do transfer any of your Personal Data outside the United Kingdom or EEA (e.g. to a data processor) we shall take all steps reasonably necessary to ensure that your Personal Data is adequately protected. Such steps include only using processors who have committed in writing to comply with UK and EU data protection laws; and the use of the European Commission's or UK Information Commissioner’s standard data protection clauses or data transfer agreement, if the processor is located in a destination country whose data protection laws are not considered by the EU or UK data protection authorities to provide an adequate level of protection.




When might Zappar share your information with others?


We may disclose your Information to or share it with the following types of recipients:


  • users of the Zappar App or Zappar Web Application where you allow Your Content to be made public via a zapcode or other Content Trigger;

  • social media services or forum users you choose to share Information with;

  • any third party to whom disclosure is required to enable us to provide you with the Services including, but not limited to, our payment services provider and our server provider(s);

  • other users of the Services i.e. creators and publishers of Zaps who will get to see information about your device and your use of the Zappar App (or Zappar Web Application), but only in de-identified and aggregated form;

  • our business partners, which may include advertising, brand and retail partners for the purposes of providing certain services that are offered in conjunction with those partners;

  • other companies that we have hired to provide services on our behalf, e.g. providers of analytics and customer relationship management tools;

  • unless you have told us you do not wish to receive marketing communications, to third parties engaged by us to provide you with marketing communications about our products and services. This may also include social media platforms (including Facebook); 

  • to inform business partners about the use of the Services and products and services made available through the Services, in the form of aggregated statistics or otherwise in a format that does not identify you personally; 

  • any third party to whom we believe disclosure is necessary to protect the rights, property or safety of the Services, its users and the public. This may include exchanging Information with other companies and organisations for fraud protection and spam prevention;

  • any person to whom we believe disclosure is necessary to enable us to enforce our rights under this Privacy Notice or under our Terms of Use for the Services or to defend legal claims relating to the Zappar Services;

  • any prospective purchaser of Zappar, its parent company, or the Services or any part thereof (see below);

  • any company within the Zappar group of companies for use by them in accordance with this Privacy Notice; and

  • other outside parties (e.g. judicial, government or regulatory authorities) to comply with the law and our legal obligations.


We will not sell, trade or rent your Personal Data to anyone.



Changes of business ownership and control


Zappar may choose to expand or reduce our business and this may involve the sale and/or transfer of control of all or part of Zappar or the Services. Information provided by users will, where it is relevant to any part of our business so transferred, be transferred along with that part as one of the transferred assets. The new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use your Information for the purposes for which it was originally supplied to us.


We also reserve the right to disclose de-identified user data to the prospective buyer of such business or assets.



Links to Non-Zappar services


The Services may contain links to resources, websites, microsites and other online services that are operated by third parties i.e. businesses other than Zappar (collectively, "Third Party Services"). We do not control these Third Party Services and are in no way responsible for their content, or information collection practices. This Privacy Notice DOES NOT extend to your use of any Third Party Services.


You are advised to read the terms and conditions and privacy policy of the Third Party Service you wish to access, prior to using them, to check how they will collect, use and share your personal information and to learn whether and for what purpose they use cookies and similar technologies.



How do we keep your Personal Data secure?


Data security is of great importance to Zappar. We have put in place commercially reasonable physical, electronic and managerial security measures to protect your Personal Data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Specifically, we use the following measures:


  • The Information you send us is protected by SSL/TLS end-to-end encryption when transmitted from your device to our servers.

  • Information stored on our servers is protected by access controls, key authentication and by firewalls. We use encryption as an additional security measure, where we feel it is appropriate to do so. Content uploaded to the Services after 1 February 2023 for editing and publishing is encrypted at rest. Prior to that date such content will not be encrypted at rest.

  • Your Information will only be accessed by authorised employees. These employees are obliged to preserve the confidentiality of all information that comes to their attention, unless disclosure is compulsory by law or necessary for the fulfilment of their duties. 

  • Your Zapworks Account is protected by access authentication and we use cookies to verify that the person accessing an account is authorised to do so: see our Cookie Notice for details: Passwords are stored using industry-standard bcrypt hashing techniques.

Despite these measures, you should be aware that we cannot fully eliminate security risks associated with sharing Personal Data online. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.



How long do we keep your Personal Data for?


We will retain your Personal Data for the duration of your use of the Services and for a reasonable period thereafter for backup, archival and/or audit purposes or for as long as the law otherwise requires. Specifically, we are required by EU law to retain your IP Address and billing address for 10 years to confirm compliance with VAT rules. If we archive Your Content following the deactivation of your Zapworks Account, we reserve the right to delete that content at any time thereafter.


User profiles created by our marketing automation tool are subject to a retention period, which we keep under review. If you wish your profile deleted earlier, please contact us (see below).



How can you access your Personal Data?


You have the right to ask for a copy of any of your Personal Data held by us (where such data is actually held by us and we can identify who you are). We will normally provide copies in response to your request free of charge. We do, however, reserve the right to charge a reasonable fee for requests which are manifestly unfounded or excessive, particularly if it is repetitive and for further copies of the same information.


We will ask you to provide reasonable proof of your identity before we disclose any Information to you.



Controlling the use of your information


You may withdraw your consent for Zappar to process your Personal Data for direct marketing purposes at any time by notifying us in writing (an email will suffice).


You can opt-out from the future collection of Information by Zappar in accordance with this Privacy Notice by discontinuing use of the Services and uninstalling the Zappar App and all other software from all your devices. 



Cookies, analytics and similar technologies


Please see our separate page on cookies for information on how the Services use cookies, analytics and similar technologies.


If our use of cookies involves the processing of Personal Data, the legal basis for this will be our legitimate interests, i.e. to help us to provide you with a good experience when you use the Services (including making them more secure) and to improve the Services by understanding how you use them.


USE OF HUBSPOT: We use third-party analytics services to help understand your use of our services. In particular, we provide a limited amount of your information (such as your email address and sign-up date) to HubSpot and use HubSpot to collect data for analytics purposes when you visit our website(s) or use our product(s). As a data processor acting on our behalf, HubSpot analyses your use of our website(s) and/or product(s) and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on how HubSpot tracks website visitors, please see here:  


We may also use HubSpot as a medium for communications, either through email, or through messages within our product(s). Our legal basis for any use of Personal Data for these purposes is legitimate interests, namely improving the Services.

For more information on the privacy practices of HubSpot, please visit 

If you would like to opt out of having this information collected by or submitted to HubSpot, please contact us.



Children’s privacy


Zapworks is a general audience service. The Services are not specifically directed to, or targeted at, Children. We may, however, allow Children to use our Services with parental consent or, in the case of an Educator plan, with the consent of their school.


NOTE TO PARENTS: We are required by the Children’s Online Privacy Act (COPPA), with limited exceptions, to obtain verifiable parental consent prior to collecting, using or disclosing personal information (as defined in the COPPA Rule) from Children. If an individual identifies themselves as under 13 when registering for a Hobby plan we will not activate their access to Zapworks until we have obtained parental consent. In the case of Educator plans, COPPA allows the Child’s school, school districts and other educational institutions (collectively, “Schools”) to act as the parents’ agent and consent to the online collection of personal information from Children who are pupils or students of the School. This consent mechanism applies to our Educator plans.


If a Child wishes to use our Services without parental consent, he/she must obtain a student license from their School. Before a School is allowed to allocate student licenses, it must open an Educator plan with us and before we activate the plan we require that the School acting on behalf of the Child’s parent or legal guardian (“Parent”) (a) consents to the collection, use and disclosure of personal information from the Child, through the Services, in accordance with this Privacy Notice, and (b) agrees that the Child’s use of Zapworks are subject to our Terms of Use.


INFORMATION WE COLLECT, USE AND SHARE: in general, we collect the same information from Children that we collect from other users of the Services and use and share such information for the same purposes. In addition, our Educator plans allow Schools to review and edit the content that their pupils and students are publishing to zapcodes or other Content Triggers. Parents should take note that the Services may enable a Child to make personal information publicly available: if your Child publishes content to a zapcode or other Content Trigger that content will be viewable by anyone who scans the zapcode or activates the other Content Trigger. If your Child’s School allocates a student license to your Child, the School may share certain information about your Child with us. We may add this information to the information we have already collected from your Child via the Services, and we may use it as described in this Privacy Notice. We may also share your Child’s personal information with: (a) the Child’s Parent’s consent, or (b) your Child’s School or those directed by your Child’s School. Zappar is not responsible for any errors in any information your Child’s School provides to us.


RIGHT OF PARENTS TO REVIEW INFORMATION COLLECTED: As required by COPPA, we allow Parents to make certain choices regarding the personal information collected from their Children. Specifically, you have the right to (a) review the personal information collected from your Child; and (b) refuse to permit our further use or future online collection of personal information from your Child and to direct us to delete your Child’s personal information from our systems. A Parent may prohibit us from sharing a Child’s personal information with a third party by requesting such prohibition in writing to us, or through the Child’s School (as applicable). Notwithstanding any such requests, we may continue to share a Child’s personal information for the purposes of making the Services available to the Child (e.g. allowing content to be viewed by anyone who scans your Child’s zapcode) and for the following purposes (as mentioned in the Section “How does Zappar use your information?”: (i) any third party to whom we believe disclosure is necessary to protect the rights, property or safety of the Services, its users and the public. This may include exchanging Information with other companies and organisations for fraud protection and spam prevention; (ii) any person to whom we believe disclosure is necessary to enable us to enforce our rights under this Privacy Notice or under our Terms of Use for the Services or to defend legal claims relating to the Services; and (iii) any prospective purchaser of Zappar, its parent company, or the Services or any part thereof.


If a Parent’s Child has a Hobby plan for Zapworks, the Parent can access, change or delete the personal information that the Services have collected by either (a) logging into their Child’s account (Parents will need their Child’s login email and password); or (b) by contacting us direct at


If a Parent’s Child is using a student license provided by their School, Parents should make any permitted requests relating to their Child’s personal information to the School and have the School, as the Parent’s agent, pass on those requests to us. We may rely on the instructions that we receive from the School that we reasonably believe are given by a Child’s Parent to the School. For example, if a representative of the Child’s School contacts us and provides the account information we request, we may assume that the person contacting us is acting on behalf of the Child’s Parent.


If a Parent chooses to prohibit any future collection, use or disclosure of their Child’s personal information, the Parent may do so by submitting a written request to us to close the Child’s Zapworks plan and delete his/her information (in the case of a Hobby plan), or by terminating the Child’s access to Zapworks through the School (in the case of a student license). Upon receiving such a request from a Parent, we will delete the Child’s plan/ license and all information and content stored for such plan/ license. Zappar will not have any liability whatsoever for any deletion of a Child’s plan/ license carried out pursuant to a request made by a Parent to us or a School; or related deletion of the Child’s personal information and content. When we delete personal information and content, it will be deleted from our active database, but may remain in our archives.


In any correspondence to Zappar, such as email, Parent’s should include their Child’s login email, together with the Parent’s email address and contact phone number. To protect Children’s privacy and security, we will take reasonable steps to verify the requestor’s identity before granting access to any personal information.


Except as described above, the Services do not knowingly collect or solicit personal information from Children. In the event Zappar learns that the Services have inadvertently collected personal information from a Child without the consent of their Parent or School (e.g. a Child lies about their age when registering for Zapworks), we will delete that information as quickly as possible. If a Parent becomes aware that their Child has provided us with personal information, without proper consent, please contact us using one of the methods listed in the section below headed “Contacting us” and we will delete all such information from our systems.


PARENTAL CAUTION: Please be aware that the Services are used by a wide variety of content creators and as such some user content published on our platform may be of a nature unsuitable for children. We have no control over this and recommend that you monitor your child’s use of the Zappar App and Zappar Web Application. If you have any concerns, then do not allow your child to use the Zappar App or Zappar Web Application with certain materials containing zapcodes or other Content Triggers.


AGE SCREENING: As we wish to ensure that the Services are only used in compliance with our Terms of Use, we may use age screening. We do not store any individual’s date of birth.



Changes to our Privacy Notice


The Services, our collection and use of Personal Data and other information, and the laws and regulations which apply will change over time. We reserve the right to make changes to this Privacy Notice. When we update the Privacy Notice, we will post the new version to the Zapworks website and change the “Last Updated” date. If such changes to the Privacy Notice are material, we may opt to provide a separate notification to you. We encourage you to visit this page from time to time for the latest on our information collection practices.



Contacting us


If you have any questions about the Services or this Privacy Notice, please contact us by email or by post using the details below. Please ensure that your query is clear, particularly if it is a request for information about the Personal Data we hold about you.


Postal Address: Data Protection, Zappar Limited, The Barley Mow Centre, 10 Barley Mow Passage, London, W4 4PH, United Kingdom





Applicable law

Irrespective of which country you live in or submit Information from the law which applies to this Privacy Notice shall be English law.