Privacy Policy

Effective Date: January 8, 2026

1. Introduction

ZenNudge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ZenNudge (the "App").

Our Privacy Promise: ZenNudge is designed with privacy at its core. We never access your bank accounts, never sell your data, and give you full control over your information.

Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the App.

2. Information We Collect

2.1 Information You Provide

When you use ZenNudge, you may provide us with the following types of information:

Category Data Types Purpose
Account Information Email address, authentication provider (Google or Apple) Account creation, authentication, and account recovery
Financial Goals Goal names, descriptions, target amounts, progress notes Track your savings goals and display progress
Bill Information Bill names, amounts (fixed or ranges), due dates, payment account nicknames Send bill reminders and track payment history
Spending Tracking Purchase amounts, merchant names, dates, notes, spending triggers Help you understand and manage impulse spending
Location Preferences State, county, city (user-entered, not GPS) Display relevant financial deadlines (taxes, renewals)
Life Events Event types (marriage, job change, etc.), dates Suggest relevant financial deadlines based on life changes

2.2 Information Collected Automatically

When you use the App, we automatically collect certain information:

  • Device Information: Device type, operating system version, app version, available memory, and timezone
  • Device Identifier: IDFV (Identifier for Vendor) for App Attest security validation and audit logging - this identifier is unique to your device for our app only and helps prevent unauthorized API access
  • Usage Analytics: Anonymous app usage patterns (screens viewed, features used, product interactions) without personal identifiers
  • Crash Data: Stack traces, exception information, and app state at crash time to improve app stability
  • Performance Data: App start time, frame rates, and transaction traces to optimize app performance
  • Diagnostic Data: Error logs and debugging information (with sensitive data automatically removed before transmission)

What We Do NOT Collect: We never collect your bank credentials, account numbers, credit card numbers, Social Security numbers, Advertising Identifier (IDFA), precise or coarse GPS location, contacts, photos or videos, audio data, browsing history, search history, health & fitness data, or any data from other apps on your device.

2.3 Information NOT Included in Analytics

Our analytics explicitly exclude:

  • Personal information (names, email addresses)
  • User-generated content (goal names, notes, bill descriptions)
  • Specific financial amounts or merchant names
  • IP addresses or device identifiers
  • Individual check-in responses or progress notes

2.4 Summary of Data Collection

The following table summarizes all data types collected by ZenNudge:

Data Type Linked to Identity Used for Tracking Purpose
Email Address Yes No App Functionality
Name Yes No App Functionality
User ID Yes No App Functionality, Analytics
Device ID (IDFV) Yes No App Functionality (App Attest security)
Crash Data Yes No App Functionality
Performance Data Yes No Analytics
Other Diagnostic Data Yes No Analytics
Financial Info Yes No App Functionality (bill amounts, financial goals)
Product Interaction Yes No Analytics, App Functionality
Other Usage Data Yes No Analytics, App Functionality

2.5 Data We Do NOT Collect

ZenNudge explicitly does not collect the following data types:

  • Advertising Identifier (IDFA)
  • Precise Location
  • Coarse Location
  • Contacts
  • Photos or Videos
  • Audio Data
  • Browsing History
  • Search History
  • Health & Fitness Data
  • Sensitive Info (biometric data, racial/ethnic data, etc.)

3. How We Use Your Information

We use the information we collect to:

  • Provide App Functionality: Display your goals, bills, and spending data; send reminders and notifications
  • Personalize Your Experience: Show relevant financial deadlines based on your location and life events
  • Improve the App: Analyze anonymous usage patterns to enhance features and fix bugs
  • Maintain Security: Detect and prevent fraud, abuse, and security incidents
  • Communicate With You: Send important updates about your account or the App

We do not use your information to:

  • Sell or rent your data to third parties
  • Display targeted advertisements
  • Create marketing profiles
  • Share with data brokers

4. Data Storage & Security

4.1 Where Your Data Is Stored

Your data is stored in two locations:

  • On Your Device: Authentication tokens are stored securely in iOS Keychain (encrypted by Apple's security framework)
  • Cloud Storage: Account and app data is stored on Supabase, a secure cloud database provider with industry-standard encryption

4.2 Security Measures

We implement robust security measures to protect your data:

  • Encryption: All data transmitted between your device and our servers uses HTTPS/TLS encryption
  • Secure Token Storage: Authentication tokens are stored in iOS Keychain with device-level encryption
  • Data Sanitization: Sensitive patterns (emails, passwords, tokens) are automatically removed from error logs before transmission
  • App Integrity: We verify app signatures and detect jailbroken devices to prevent tampering
  • Access Controls: Your data can only be accessed with your authenticated account

4.3 Data Breach Response

In the unlikely event of a data breach, we will:

  • Notify affected users within 72 hours of discovery
  • Provide information about what data was affected
  • Take immediate steps to secure your account
  • Report to relevant authorities as required by law

5. Third-Party Services

ZenNudge uses the following third-party services to provide app functionality:

SDK Version Purpose Data Collected
Sentry 8.56.2 Error monitoring & crash reporting Crash data, device info, performance metrics
Supabase 2.8.0 Backend services & authentication User data, authentication tokens
Google Sign-In 7.0.0 / 9.0.0 OAuth authentication OAuth tokens, email (with consent)
Apple Sign-In 7.0.0 OAuth authentication OAuth tokens, email/name (with consent)

5.1 Sentry (Error Monitoring)

We use Sentry for crash reporting and error monitoring. When the app crashes or encounters an error, Sentry receives:

  • Crash Data: Stack traces, exception information, app state at crash time
  • Device Information: Device model, iOS version, app version, available memory
  • Performance Data: App start time, frame rates, transaction traces
  • User Context: Anonymous user ID (for correlating crashes to sessions)

This data is linked to an anonymous session ID to help us identify recurring issues. Sentry does not track you across other apps or websites. For more information, see Sentry's Privacy Policy.

5.2 Supabase (Backend Services)

Your data is stored securely on Supabase servers. Supabase provides:

  • Secure Storage: Your goals, bills, and check-in history
  • Authentication Services: For Apple and Google Sign-In
  • Real-time Synchronization: Across your devices
  • User Account Data: Email address, display name (from OAuth providers)
  • Authentication Tokens: OAuth tokens, session tokens
  • App Data: Goals, bills, check-ins, and other user-created content
  • Device Identifier: IDFV (Identifier for Vendor) for App Attest security validation and audit logging (prevents unauthorized API access)

Your data is encrypted in transit and at rest. Supabase does not sell your data or use it for advertising. For more information, see Supabase's Privacy Policy.

5.3 Google Sign-In

When you sign in with Google, we receive:

  • Email Address: Used to identify your account
  • Name: Display name (for display purposes)
  • OAuth Token: Temporary authentication token

We do not access your Google contacts, calendar, or other Google services. Authentication is handled securely through Google's OAuth system. For more information, see Google's Privacy Policy.

5.4 Apple Sign-In

When you sign in with Apple, we receive:

  • Email Address: Real or relay email (your choice during sign-in)
  • Name: Full name (optional, only on first sign-in)
  • Apple User ID: Unique identifier for your Apple account

Apple Sign-In is designed to protect your privacy. You can use Apple's email relay feature to keep your real email private. For more information, see Apple's Privacy Policy.

Important: None of these third-party services use your data for tracking across other apps or websites. All data sharing is strictly for providing app functionality.

6. Your Privacy Rights

You have the following rights regarding your personal data:

6.1 Access Your Data

You can view all your personal data within the App at any time. For a complete data export, contact us at adarsh.thampy@gmail.com.

6.2 Correct Your Data

You can edit or update your information directly within the App, including goals, bills, spending entries, and profile settings.

6.3 Delete Your Data

You can delete your account and all associated data at any time through the App settings. When you delete your account:

  • All your goals, bills, check-ins, and spending data are permanently deleted
  • Your authentication tokens are removed from your device
  • Analytics events associated with your account are deleted
  • This action cannot be undone

6.4 Data Portability

You can request a copy of your data in a machine-readable format by contacting us at adarsh.thampy@gmail.com.

6.5 Opt-Out of Analytics

While our analytics are anonymous and do not contain personal information, you can contact us to opt out of analytics data collection entirely.

7. Children's Privacy

ZenNudge is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at adarsh.thampy@gmail.com and we will delete such information.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

8.1 Right to Know

You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose, and the categories of third parties with whom we share it.

8.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

8.3 Right to Correct

You have the right to request correction of inaccurate personal information.

8.4 Right to Opt-Out of Sale/Sharing

We do not sell or share your personal information. ZenNudge does not sell, rent, or share your personal information with third parties for their marketing purposes.

8.5 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights.

8.6 Sensitive Personal Information

ZenNudge collects financial information (bill amounts, spending data) that may be considered sensitive under CPRA. This information is used solely to provide App functionality and is never sold or shared for advertising purposes.

To exercise these rights, contact us at adarsh.thampy@gmail.com or use the data deletion feature in the App.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

9.1 Legal Basis for Processing

We process your personal data based on:

  • Contract Performance: To provide the App services you requested
  • Legitimate Interests: To improve our App and prevent fraud
  • Consent: For optional features like push notifications

9.2 Your GDPR Rights

In addition to the rights listed in Section 6, you have:

  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

9.3 International Data Transfers

Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place, including encryption and contractual protections with our service providers.

10. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:

  • Account Data: Retained until you delete your account
  • Goals, Bills, Spending Data: Retained until you delete the items or your account
  • Analytics Events: Retained for up to 365 days, then automatically deleted
  • Error Logs: Retained for up to 90 days for debugging purposes

When you delete your account, all associated data is permanently deleted from our systems within 30 days.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

  • Update the "Effective Date" at the top of this policy
  • Notify you through the App or via email
  • Obtain your consent if required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

We aim to respond to all privacy inquiries within 30 days.