Security Policy

Effective date: 01 January 2026

Time Standard: Eastern Standard Time (EST), permanently fixed at UTC–05:00, with no adjustments for Daylight Saving Time or any other time-change system. This fixed UTC–05:00 standard is the sole legally controlling time zone for all deadlines, interpretations, notices, and obligations under these Terms, regardless of user location or local timekeeping practices.

Controller & Operator: 冷z LLC (legally registered; pronounced “Leng Z LLC”), doing business as “Chill Zone” (trade name only; not a separate legal entity). For absolute legal clarity, “冷z” and “Leng Z” refer to the same legal entity without exception.

Address: 74 E Glenwood Ave, Smyrna, DE 19977 Unit #5219
Contact: legal@chillzonecool.com
Website: https://chillzonecool.com

I. Scope of this Security Policy

This Security Policy applies to all use of:

• The Chill Zone website at https://chillzonecool.com and all related subdomains;
• All accounts, sessions, and access mechanisms;
• All digital and physical products and related services;
• All systems, infrastructure, and networks controlled by 冷z LLC (“Leng Z LLC”).

This Policy forms part of, and is incorporated into, our Terms & Conditions, User Conduct & Acceptable Use Policy, DMCA & Copyright Policy, and Privacy Policy.

II. No absolute security guarantee

We implement reasonable and commercially appropriate technical and organizational safeguards designed to protect our systems and data. However, no internet-connected service can be guaranteed to be completely secure.

By using Chill Zone, you acknowledge and accept that:

• Security risks may still occur despite reasonable protections;
• We do not warrant uninterrupted, error-free, or breach-free operation;
• Your use of Chill Zone is subject to the limitations of liability set forth in our Terms & Conditions.

III. Our security measures (high-level)

Without disclosing sensitive implementation details, our security practices may include:

• Use of reputable hosting, networking, and security service providers;
• Encryption of data in transit using HTTPS/TLS where supported;
• Restricted administrative access and role-based controls;
• Monitoring and logging of certain technical events for security and abuse detection;
• Routine updates and patching of systems where operationally feasible;
• Backup and continuity measures subject to technical and legal constraints;
• Requiring key vendors and processors to maintain their own appropriate security controls.

These measures may change over time as risks, technology, and legal requirements evolve.

IV. Payment and financial data

Payments are processed by third-party payment providers such as Stripe. Chill Zone does not store full payment card numbers on its own servers.

Payment security is also governed by the policies and systems of the relevant provider. We are not responsible for security failures on systems we do not control.

V. User security responsibilities

Users share responsibility for maintaining security. You agree to:

• Keep account credentials confidential and secure;
• Use strong, unique passwords;
• Protect your devices with reasonable security measures;
• Log out from shared or public devices;
• Promptly notify us of suspected unauthorized access or security incidents.

VI. Prohibited security-related activity

The following activities are strictly prohibited, regardless of intent:

• Hacking, attacking, probing, scanning, or testing our systems without written authorization;
• Attempting to bypass authentication, rate limits, DRM, or access controls;
• Scraping, crawling, or automated access of any kind;
• Introducing malware or malicious code;
• Brute-force attacks, credential stuffing, or automation abuse;
• Using AI systems or automated tools to extract, analyze, or learn from Chill Zone systems or content.

Attempted violations are treated as violations, even if unsuccessful.

VII. Monitoring, investigation, and enforcement

To protect Chill Zone, we may monitor and log certain technical information for security, fraud prevention, and abuse detection purposes.

Where we reasonably determine that prohibited activity has occurred, we may take proportionate enforcement actions permitted by law, including:

• Suspension or termination of access or accounts;
• Technical restrictions such as IP blocking;
• Removal of content or disabling of features;
• Reporting to service providers or authorities where appropriate;
• Pursuing legal remedies consistent with applicable law.

VIII. Security incidents and breach response

If we become aware of a security incident affecting our systems or user data, we will take steps we deem appropriate to investigate and mitigate the issue.

Where legally required, we will notify affected users and regulators using the contact information available to us.

IX. Changes to this Security Policy

We may update this Security Policy to reflect changes in our practices, risks, or legal requirements. Updates take effect upon publication with a revised effective date. Continued use of Chill Zone constitutes acceptance of the updated Policy.