Privacy Policy

Last updated: October 5, 2025

Who we are

Zefara OÜ (“Zefara,” “we,” “our,” or “us”) respects your privacy. This Privacy Policy explains how we collect, use, and protect information in line with applicable data protection laws, including the EU/EEA General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and other international standards.

Scope

This Policy applies to:

  • Visitors to zefaraou.com,
  • People who contact us (e.g., via form or email),
  • People who subscribe to newsletters or updates,
  • Individuals who submit materials (e.g., manuscripts, proposals, portfolios) now or in the future,
  • Other publishing stakeholders who correspond with us (e.g., publishers, distributors, translators, designers).

This Policy does not apply to websites we link to. See Section 7.

What We Collect

We collect only what you voluntarily provide or what’s necessary to operate the site:

Contact details: name, email, and any info you include in your message.

Submissions & professional materials (authors/creatives/publishers): bios, manuscripts, proposals, CVs, portfolios, sample chapters, and related correspondence.

Newsletter: email address and consent preferences.

Basic site usage data: IP address and device/browser metadata may be processed through essential cookies/logs to keep the site secure and functioning.

We do not collect payment information on this site and do not run intrusive tracking.

Please avoid submitting sensitive data (e.g., health, racial/ethnic origin, political opinions). If you choose to include it (e.g., in a biography), you explicitly consent to our processing solely for the relevant purpose (e.g., evaluating a submission).

How We Use Information

Respond to inquiries and provide support.

Review and manage submissions and potential collaborations.

Send newsletters/updates (only with your consent, and you can unsubscribe anytime).

Improve site reliability, security, and user experience.

Comply with legal obligations (e.g., business, tax, or regulatory requirements).

Legal Bases (GDPR)

If you are in the EEA/UK:

Legal obligation: compliance with applicable laws.

Consent: newsletters, non-essential cookies, submissions, contact forms.

Legitimate interests: site security, responding to communications, operating a publishing studio.

To exercise rights, email privacy [@] zefaraou.com. We may need to verify your identity.

Your Privacy Rights

Depending on your location, you may have the right to:

  • Access the data we hold about you,
  • Correct inaccurate data,
  • Delete your data,
  • Restrict or object to certain processing,
  • Port your data in a machine-readable format,
  • Opt out of marketing communications (unsubscribe any time),
  • California residents (CCPA/CPRA): request to know, delete, and opt out of sale or sharing. We do not sell or share personal information as defined by CPRA.

Cookies & Analytics

  • We may use essential cookies for core functionality and security.
  • Any non-essential analytics tools (e.g., Plausible/Matomo or Google Analytics) will be used only with consent via a cookie banner.
  • You can control cookies in your browser and through our banner (where applicable).

For full details, see our Cookie Policy.

Third-Party Links & Author Websites

Our site may include hyperlinks to third-party websites (for example, “Read more” links to an author’s own website, bookshops, distributors, book fairs, social media, or media articles).

To the maximum extent permitted by law, Zefara disclaims liability for any loss or damage arising from your use of third-party sites.

These sites are independent from Zefara. We do not control and are not responsible for their security, privacy practices, cookies, content, accuracy, availability, or terms.

When you click a link and leave zefaraou.com, any data you provide or that is collected about you on the third-party site is governed by that site’s policies, not this Policy.

A link from us does not imply endorsement or affiliation. You access third-party sites at your own discretion, and we recommend reviewing their Privacy Policy and Terms before interacting with them.

Sharing with Service Providers & Transfers

We may share personal data with trusted service providers (e.g., hosting, email/newsletter platforms, IT/security). They process data under contract and only as instructed by us.

If data is transferred outside the EEA/UK, we use appropriate safeguards (e.g., EU Commission adequacy decisions or Standard Contractual Clauses).

We do not sell personal data and do not share it for cross-context behavioral advertising

Retention

Contact inquiries: retained only as long as needed to address your request (and to maintain business records if applicable).

Newsletter: retained until you unsubscribe (then we keep a minimal suppression record if required).

Submissions & professional materials: retained for the evaluation period and any subsequent collaboration; otherwise deleted or archived per our internal policy. You may request earlier deletion unless we must retain for legal reasons.

Legal/accounting obligations may require longer retention.

Security

We apply reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. No system is completely secure.

Children’s Privacy

Our site is not directed to children under 13 (or under 16 in some jurisdictions). We do not knowingly collect children’s data. If we discover such data, we will delete it.

International Visitors

By using our site or submitting information, you acknowledge your data may be processed in Estonia and in other countries where our providers operate, under appropriate safeguards.

Changes to this Policy

We may update this Policy. Changes will be posted here with an updated “Last updated” date.

Contact

For privacy questions, rights requests, or complaints, contact:

Email: privacy [@] zefaraou.com
Postal Address: Zefara OÜ, Tallinn, Estonia