Privacy Policy
Last updated: February 2026
Zeghch collects account and usage data required to provide authentication, deal redemption, fraud prevention, and platform operations. We do not sell personal data.
Data Controller
Heavens LLC is the data controller for Zeghch. Registration No: 50456518 Tax Code: 02660767 Sayat-Nova 40, Yerevan, Armenia Email: support@zeghch.am
Controller and Technology Provider Roles
Heavens LLC operates Zeghch and acts as the data controller for personal data processed through the platform. HafenTech (Germany) owns/provides Zeghch technology and intellectual property. If HafenTech personnel or systems access production personal data for support, maintenance, hosting configuration, or development operations, HafenTech must be treated as a processor/service provider acting under Heavens LLC instructions. TODO: confirm HafenTech production data access scope, role, and DPA status with legal counsel.
Applicable Armenian Data Protection Law
Zeghch processes personal data in accordance with applicable Armenian law, including the Armenian Law on Protection of Personal Data HO-49-N, and other laws that may apply to platform operations, accounting, security, and legal compliance.
Supervisory Authority
The supervisory authority for personal data protection in Armenia is the Personal Data Protection Agency of the Ministry of Justice of Armenia. You may contact this authority if you believe your personal data rights have not been respected. TODO: confirm exact supervisory authority contact details with legal counsel.
What We Store
- Account and profile data
- Deal activity and redemption records
- Security, audit, and abuse-prevention logs
How We Use Data
- Provide account access and platform features
- Process and verify redemptions
- Prevent fraud and abuse
- Maintain legal and financial records where required
Data Sharing
We share data only when necessary for service delivery, legal compliance, or trusted infrastructure providers acting on our behalf.
International Data Transfers and Service Providers
Zeghch uses trusted infrastructure and operations providers to run the platform. These providers may process personal data outside Armenia depending on their configured regions, support operations, and subprocessors. We do not sell personal data.
| Provider | Purpose | Data processed | Possible countries/regions | Safeguards / documentation |
|---|---|---|---|---|
| Supabase | Authentication, database, storage, session management | Account data, profile data, deal and redemption records, uploaded deal images, auth/session identifiers | Cloud processing may occur outside Armenia. TODO: confirm configured production region. | Supabase contractual terms, security documentation, RLS policies, encryption, access controls. See Supabase privacy/security documentation. |
| Vercel | Hosting, deployment, edge/network delivery, web analytics infrastructure | HTTP request metadata, IP address, device/browser metadata, page performance data, deployed application assets | Global edge/network processing may occur outside Armenia. TODO: confirm configured production region. | Vercel contractual terms, privacy/security documentation, HTTPS, deployment access controls. |
| Upstash | Rate limiting and abuse prevention | IP-derived rate-limit keys, route buckets, request timing metadata, authenticated user-rate-limit keys where applicable | Redis region depends on configured Upstash database. TODO: confirm configured production region. | Upstash contractual terms, TLS, limited-purpose low-cardinality rate-limit data. |
| Vercel Analytics and Speed Insights | Aggregated usage and Core Web Vitals/performance measurement after analytics consent where required | Page visits, referrer/path metadata, device/browser performance metrics, web vital events | Vercel analytics processing may occur outside Armenia. TODO: confirm configured production region. | Aggregated analytics, consent gating for analytics, Vercel privacy/security documentation. |
| Sentry / Better Stack-compatible monitoring | Server-side error monitoring, operational alerting, uptime/error diagnostics | Error details, request context, stack traces, operational metadata, limited user or entity identifiers when included in error context | Monitoring provider region depends on configured project. TODO: confirm configured production region. | Provider contractual terms, access controls, minimization of sensitive data in error context. |
| Resend | Business submission and support email notifications | Business submission contact details, email metadata, support notification content | Email infrastructure may process data outside Armenia. TODO: confirm configured production region. | Provider contractual terms, limited notification purpose, support mailbox access controls. |
Where exact production regions are controlled by provider or project settings and are not present in this repository, Zeghch must confirm them before final legal approval. Provider documentation should be reviewed together with signed or accepted contractual terms.
Retention
We retain data only as long as needed for operational, security, legal, and accounting purposes.
Your Rights
You may request access, correction, or deletion of your personal data where applicable law permits.
How to Make a Data Subject Request
To exercise your privacy rights, email Heavens LLC at support@zeghch.am from the email address connected to your Zeghch account where possible. Include the request type and enough information for us to identify the relevant account, vendor profile, redemption, or business submission.
- 1Submit your requestTell us whether you are requesting access, correction, deletion, restriction, objection, withdrawal of consent, or a copy of your data.
- 2Verify identityWe may ask for reasonable information to confirm that the request comes from the data subject or an authorized representative before changing or disclosing personal data.
- 3Receive a responseWe aim to respond within 30 days. TODO: confirm the final response period and extension rules with Armenian legal counsel.
- 4Handle exceptions safelySome data may need to be retained where required for accounting, fraud prevention, security logs, dispute handling, or legal obligations.
Internal handling steps are documented in the Zeghch Data Subject Request workflow. The workflow must be reviewed before launch and whenever legal requirements or platform data flows change.
Contact
For privacy requests, contact Heavens LLC at support@zeghch.am