Last Modified: May 20, 2019

View history of changes

Most Recent Change(s):
  • We altered the statement that formerly read, “We never see, store, or handle your credit card number, expiration date, etc.” It now reads, “We never see, store, or handle your credit card number.” The prior statement was inaccurate, as we have the ability to see credit card expiration dates. We do not, however, store them in our database.
  • Other minor wording and formatting adjustments were made.


Hello! Thank you for using the Zomia Site and its Services. Zomia is a platform where Students from marginalized communities can appeal for funding from a crowd of Lenders who support their education with affordable loans. In order to facilitate these interactions and create an engaging environment through the Site, we collect some information that you should know about. This privacy policy helps you understand what information we collect, how we use it, and your choices regarding its collection and usage. We have made an effort to break down the “legalese” so that anyone reading this page can understand it. By using the Site, you are in effect agreeing to abide by this Privacy Policy. Please also refer to the Terms of Use for the terms governing the Site and Services.

Please note that from time to time we will update our Privacy Policy. If you have any feedback regarding this policy, please send your feedback via the Site’s website contact form.


Applicant: Any individual who uses the Site to apply for a loan.

Content: Any information made accessible or available on the Site.

Lender: Any registered User of the Site who provides loan funding to Zomia Students.

Party: Any one or more persons, entities, or interested representatives in an agreement or dispute with Zomia.

Partner: Any person or entity that enters a written contractual agreement with Zomia.

Privacy Policy: The document which details Zomia’s privacy policies of and all of its subdomains.

Service: Any function of the platform that Users use and/or access, or any other off-platform service that Zomia provides.

Site: The pages and Content (including pictures, text, and links) of and any of its subdomains.

Student: Any student who has received a loan from Zomia.

Terms of Use: The rules and guidelines governing Users visiting, accessing, and using the Site.

Third Party: Any site, service, individual, or entity that is operated and controlled independently of Zomia.

Third-Party Content: Any Content or links to Content that are made accessible by Third Parties on the Site.

User: Any individual or entity that accesses the Site to use it or its Services.

User Content: any Content created by a User of the Site.

Disclosure of Personal Data

With the exception of specific cases under “When We Share Your Information,” we will never sell or share your personally identifiable information. We can, however, disclose non-identifiable information if it furthers our mission.

Active Collection

Some of the information we collect about you is voluntarily submitted by you. This type of “active” collection includes:

Third-party plug-ins

When you register for a Zomia account using an existing social media account, we receive the following information about you:

    • Amazon: first name, last name, formatted name, email address, preferred username
    • Facebook: first name, middle name, last name, formatted name, email address, preferred username, profile URL, profile picture
    • Google: first name, last name, formatted name, email address, preferred username, profile URL, profile picture, locale, date of birth, gender, preferred language, current location
    • LinkedIn: first name, last name, formatted name, email address, preferred username, profile URL, profile picture, about me, current location
    • Windows Live: first name, last name, formatted name, email address, preferred username
    • Yahoo!: first name, last name, formatted name, email address, preferred username, profile picture, timezone/UTC offset, gender, preferred language, spoken languages, current location, read connections, share content – publish content on behalf of the user

Direct registration

When you create an account directly through the Site, we collect the following information from you: name, email address, and account password. Because your password is encrypted, we are unable to recover passwords. If you forget or lose your password you will need to enter the email address associated with your account on our password reset page. A link will then be sent to that address allowing you to reset your account password.


By signing up for our newsletter, you are agreeing to be added to a listserv we maintain through MailChimp. MailChimp provides us with the following information: the type of device(s) you use to open emails we send; the location of the IP address used when opening an email; which email campaigns you open and when; and the method by which you registered for our newsletters.

Website contact form

If you contact us through the Site’s contact form, we collect the information necessary to respond to your submission. This includes your name, email address, and your question or comment, which is then saved to our CRM system.

User-generated content

We collect and associate any User-Generated Content (i.e., content created by a User) with the identity of the User. For example, Users who post on a forum will have their posts associated with their usernames. This could include posts to community forums, messages to other Users and Zomia, responses to surveys, comments on any Zomia pages, and any other content a User might create. To request removal of your personal information from our blog or community forum, contact In some cases, we may not be able to remove your personal information, in which case we will provide a reason.

Voluntary surveys and promotions

We occasionally provide Users the opportunity to participate in voluntary promotions or surveys through the Site, email, or third-party surveys. If you participate, we may request certain information that identifies you personally.

Customer Relationship Manager (CRM)

We create User profiles and then save emails, notes, and other forms of communication (e.g., Facebook’s Messenger messages, text messages, etc.) with them to our CRM system. This provides anyone on our team with a history of interaction between team members and our community, which allows team members to be informed when communicating with Users.

Lending activity

We associate your transactional information on the Site — amount lent, date of loan, which Student you support, etc. — with your profile so that you can track your support of Students and we can return repayments to your account. The information used to identify you is whatever information you provide us upon registering on the Site. We also use transactional data in aggregate to help us better understand our Site’s usage. For example, we might want to know how many Lenders have registered in a particular year, or how much they’ve lent to students and the kind of Students they support. In these cases, your data would be included in those calculations if they fit the criteria for the data we sought to collect. As of this time, your lending activity is privately available only to you (i.e., the public cannot see your lending activity). We will ask for consent if we decide to publicly release your lending activity and have it associated with personally identifiable information.

Gift cards

Whenever you purchase a gift card, we collect basic information needed to carry out the delivery of the gift card. This includes your name and email address, the recipient’s name and email address (or physical address if delivered via mail), the gift card amount, and date of purchase.

E-Card and direct messages

We support messaging through the Site between Students and Lenders in the form of direct messages and “e-cards” that include a feature photo and a quote. Whenever an e-card or direct message is sent between Lenders and Students, we archive the same information displayed on the card: the User’s name, photo, and text of the sent message.

Application data

If you are a loan applicant, we store the information you enter in the application and share that information internally with team members who are evaluating applications or Partners who need that information to evaluate your application for funding. Only team members and Partners have access to the files you submit to Zomia, including your photos, identity card(s), transcripts, test scores, letter of admittance to university, etc.

Student/Lender information

Students and Lenders can see certain information about each other. Students can see a Lender’s name, photo, reason(s) for lending, and a short bio. Lenders can see their Student’s nickname, read the Student’s online profile, and see related transaction information. Lenders also receive bi-annual updates on their Students’ grades, as reported by Students and verified by Zomia.

Activity log

We track certain actions you take on the site. Actions like logging in, adding a loan to your basket, updating the amount of funding to provide a student, completing a transaction, etc. are all logged by Zomia. Included in this log is an ID number, description of the activity completed (e.g., “logged in”), timestamp, and your User ID.

Passive Collection

With very few exceptions, every website you visit today, including Zomia’s, collects and stores information about your visit. This anonymous data helps us better understand how you use the Site, which allows us to make informed decisions on how to optimize the Site to enhance your experience while using it. Some of the information collected from your visit in this way include:


These are small text files that are stored on your browser or computer or phone that remember things like your preferences. For example, if you add a Student’s loan to your basket on the website but then leave the site for a day before completing the checkout process, it’s a cookie that remembers where you left off. Instead of needing to go back to find the Student to support, you could just return and complete the checkout process. Cookies serve other purposes as well, such as remembering your username or storing your logged-in status.

Web beacons and pixel tags

These are tiny invisible graphics with a unique identifier that are part of our pages. Web beacons allow us to track things like the number of Users who have visited specific pages, how far they scroll on each page, and other useful information about how Users use the Site.

Web beacons and pixel tags do not access any personally identifiable information. If you would like to opt out of tracking, one free browser add-on we suggest using (and we use it internally) is the Google Analytics Opt-Out Add-On


We use various behavior tracking applications to understand how Users interact with our Site. This includes Google Analytics, Google Tag Manager, and Facebook Pixel. When aggregated with other anonymous User data, we continue to learn how Users interact with the website. We’re able to know the path a particular User took to reach the Site, how many and which pages a User visits, and the country and general location of where the User accesses the site from. Important to know is that this is anonymous information we receive. We never receive information that allows us to identify a User as they use the Site.

Server data

User data (changeable through settings)

  • Full name
  • Preferred name
  • Verified email address
  • Zomia account password
  • Gender
  • Country
  • Birth date

Payment information – lenders

We do not store lender credit card information. Instead, we only keep identification information required by our payment-processing vendors Stripe and PayPal:

  • Stripe account number
  • PayPal email address

Payment information – borrowers

To enable sending funds to borrowers, we store the following information:

  • Bank account number
  • Wing account number
  • Wave account number

Data Security

Since we started Zomia, we have been vigilant about implementing security measures designed to secure your personal information from accidental loss or unauthorized access. All personal information you provide to us is stored on a secure server behind firewalls, and we do not store credit card information. All payment transactions are processed via Stripe, the leading payment processing company for small businesses. Furthermore, all data entered on the Site is encrypted using SSL technology.

Although we do our best to protect your personal information, we cannot guarantee the security of the information you transmit across the internet. Therefore, any transmission of personal information is at your own risk. Zomia cannot be held responsible for the circumvention of our security measures.

The safety of your information also depends on you. Review our “Privacy Tips” section for tips on how you can keep your password safe and confidential.

Managing Your Information

You can review and change your personal information by logging into the Site and visiting the settings page of your account profile. You may also send us an email at to correct or delete any personal information that you have previously provided. We will notify you in advance if for some reason we cannot delete your personal information except by also deleting your User account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

Third-Party Websites

Throughout the Site, you’ll see links to other organizations and information we believe might be of interest to you, or that help you understand our Students and mission. Please know that these sites are governed by their own privacy policies and, as such, by leaving Zomia’s Site, our Privacy Policy no longer applies.

When We Share Your Information

We will never sell your personal information to any Third Party. We may, however, share anonymous and/or aggregate data of site usage with Third Parties if it falls under one of the following categories:

  • to comply with any lawful requests;
  • to enforce or apply our Terms of Use and other agreements;
  • to protect the rights and property of Zomia, our team members, Users, Partners, Students, and others impacted by the website;
  • in an emergency to protect the personal safety of Zomia team members, our Users, or any other person;
  • with third-party vendors, consultants, and other service providers who need your information to perform their work. These Third Parties are legally required to keep your information private and secure. For example, when you support a student you may enter your credit card information, but even though you enter this information on our site, we use an embedded form to send the information you enter to Stripe for processing. We never see, store, or handle your credit card number. Stripe, however, requires this information to verify your identify and process your payment.


Privacy rights differ by state and country. To be certain of your privacy rights, contact the appropriate agency in your state or country that oversees privacy rights of consumers.  We may also be required to maintain your personal information for at least seven years in order to be in compliance with applicable federal and state laws regarding recordkeeping, reporting and audits.


Child Policy

In accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”), our site is not intended for children under 13. If someone you know under 13 is using the Site, please contact us at

Updates to This Policy

Occasionally we will make changes or update our Privacy Policy. You can know the last update by checking the “Last updated: {DATE}” stamp atop this page. We will include a summary of the changes made to the previous version of an updated Privacy Policy. If we make changes to how we treat personal information that materially impacts our Users, we will notify Users by email to the primary email address specified in their account and/or possibly through a notice on the User’s dashboard banner, which is viewable upon logging into the Site. You are responsible for ensuring we have an active and deliverable email address for you, and for periodically visiting our Sites and this privacy policy to check for any changes.

Privacy Tips

Don’t share your password — Your password is not known to Zomia or any Third Party, and we will never ask for your password. If you ever receive communication claiming to be from Zomia that asks for your password, immediately contact us at

Log out after use — When you are finished with a session on the Site, log out and close the browser window.

Use of public computers — After using the Site on a public computer, log out of the Site completely, then close the browser window.



If you have any questions about this Privacy Policy or our privacy practices, reach out to us via our contact form or send an email to

Change History

Date Description Original Policy Updated Policy
December 20, 2018 Original Privacy Policy publication Not applicable Not applicable
May 20, 2019 “When We Share Your Information” Correction We never see, store, or handle your credit card number, expiration date, etc. We never see, store, or handle your credit card number.