Privacy Policy
This policy explains what data ZoBud collects, why we collect it, how we process it, and what rights you have.
Important Notice
ZoBud is a wellness and productivity app, not a medical device. It does not diagnose, treat, cure, or prevent disease.
What We Collect
Data We Collect
- Account data: email, password hash, and optional profile name.
- Productivity content: tasks, task steps, session history, streak/XP stats, and optional mood check-ins.
- Voice data: audio you record for transcription and resulting transcript text.
- Subscription data: entitlement state and purchase-related metadata from RevenueCat and app stores.
- Diagnostics: crash and performance data used to keep the app secure and stable.
✕Data We Do Not Collect
- ✕No precise location: no GPS/background location tracking.
- ✕No contacts: we do not upload your address book.
- ✕No ad tracking SDKs: no cross-app advertising profile for mobile users.
- ✕No biometrics: no face ID templates, fingerprints, or health sensors are collected by us.
App Permissions and Purpose
Microphone: used only when you start voice input to record audio for transcription.
Speech recognition (iOS): requested by iOS voice components used for voice-to-text workflows.
Internet: required to sync data, call API endpoints, and process AI features.
Billing: required for in-app subscriptions through Apple App Store / Google Play.
Vibration and wake lock: used to support timer/session UX and notifications while focus sessions are active.
Legal Basis, Purpose, and Retention
| Data Type | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Account data (email, password hash, auth identifiers) | Create and secure your account, authenticate login | Contract performance | Until account deletion |
| Tasks, session history, streak, and mood check-ins | Provide core productivity features | Contract performance | Until account deletion |
| Voice recordings and transcripts | Voice-to-text task input and AI assistance | Consent and contract performance | Audio processed transiently; transcript retained if saved by user |
| Subscription and transaction records | Billing, entitlement enforcement, tax and accounting | Contract performance and legal obligation | As required by tax/accounting law (up to 7 years) |
| Crash/performance diagnostics | Security monitoring and bug fixing | Legitimate interests | Limited retention based on provider settings |
| Support communications | Respond to requests and resolve support issues | Legitimate interests | Typically up to 24 months |
AI and Voice Processing Disclosure
- AI features are optional product features.
- Task text may be sent to our configured AI provider for analysis.
- Voice input uploads recorded audio to our backend and then to the configured AI provider to generate transcripts.
- We do not sell your personal data.
Third-Party Processors
| Service | Purpose | Data Shared | Policy |
|---|---|---|---|
| RevenueCat | Subscription purchases and entitlement sync | App user ID, subscription status, transaction metadata | View |
| Google AI (Gemini) | Task analysis, task breakdown, voice transcription | Task text and voice audio submitted by the user | View |
| Google Sign-In | Account authentication | Google ID token, email, profile name | View |
| Sign in with Apple | Account authentication | Apple identity token, Apple subject identifier, optional name/email | View |
| Brevo | Transactional emails (welcome and password reset) | Email address, optional display name | View |
| Sentry | Crash and performance diagnostics | Crash traces, device/app metadata, technical diagnostics | View |
| Matomo (Website) | Website analytics | Page views and usage events for zobud.com | View |
| AWS infrastructure | Cloud hosting and data storage | Encrypted application data stored in our backend systems | View |
Your Rights
Access
Request a copy of your personal data by emailing [email protected].
Rectification
Correct account data in app or contact support for assistance.
Erasure
Delete your account in Settings. We delete account data from core systems without undue delay, except records we must retain by law.
Restriction, Objection, Portability
You may object to legitimate-interest processing, request restriction, request data portability, or withdraw consent for consent-based processing.
GDPR/UK GDPR users may also lodge a complaint with their local data protection authority. We generally respond to rights requests within 30 days.
Children and Sensitive Data
ZoBud is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, contact [email protected] and we will investigate and delete the data where required. Mood and voice input may be sensitive for some users; we process this data only to provide requested app functionality.
Security Measures
Encryption
TLS in transit and encrypted cloud storage at rest
Authentication
JWT session tokens and bcrypt password hashing
Access Control
Restricted backend/admin access on a need-to-know basis
Monitoring
Operational logging and diagnostics to detect abuse and incidents
International Data Transfers
Where Data Is Processed
Depending on infrastructure and providers, data may be processed in the EU and/or the US.
Transfer Safeguards
Where required, we rely on lawful transfer mechanisms such as Standard Contractual Clauses and equivalent safeguards.
Controller and Contact
Data Controller
ZoBud Team (operator of the ZoBud app and zobud.com)
Last Updated
March 28, 2026
Contact Information
Privacy Requests: [email protected]
General Support: [email protected]
If you need postal contact details for legal notices, request them by email.