Privacy Policy
This policy explains what data ZoBud collects, why we collect it, how we process it, and what rights you have.
Important Notice
ZoBud is a wellness and productivity app, not a medical device. It does not diagnose, treat, cure, or prevent disease.
What We Collect
Data We Collect
- Account data: email, password hash, and optional profile name. Your email address is used for account authentication, OTP verification, and essential account communications. Waitlist or product-update emails are sent only if you separately submit your email for that purpose.
- Productivity content: tasks, task steps, session history, streak/XP stats, and optional mood check-ins.
- Voice data: audio you record for transcription and resulting transcript text.
- Subscription data: entitlement state and purchase-related metadata from RevenueCat and app stores.
- Diagnostics and app analytics: crash data, performance data, pseudonymous screen views, and feature interactions used to keep the app stable and improve ZoBud. Analytics are disabled by default and only enabled when you explicitly opt in through the in-app Diagnostics setting. We do not send name, email, or task content to analytics services.
✕Data We Do Not Collect
- ✕No precise location: no GPS/background location tracking.
- ✕No contacts: we do not upload your address book.
- ✕No ad tracking SDKs: no cross-app advertising profile or IDFA collection for mobile users.
- ✕No third-party tracking: we do not track users across third-party apps or websites, share data with data brokers, or use personal data for advertising targeting.
- ✕No biometrics: no face ID templates, fingerprints, or health sensors are collected by us.
Analytics, Device Security, and Tracking
App analytics: we collect pseudonymous, app-instance analytics limited to screen views and feature interactions. No personally identifiable information such as your name, email, or task content is sent to analytics services. Analytics are disabled by default and only enabled when you explicitly opt in through the in-app Diagnostics setting.
Trusted-device identifier: we generate a device identifier solely for trusted-device authentication and OTP security. This identifier is linked to your account for security purposes only and is never used for advertising or shared with third parties.
Firebase Analytics: we use Firebase Analytics with IDFA collection disabled. Firebase does not collect your advertising identifier. Analytics data is pseudonymous and is not linked to your personal identity in our Firebase Analytics configuration.
No tracking: ZoBud does not track users across third-party apps or websites. We do not share your data with data brokers or use it for advertising targeting.
App Permissions and Purpose
Microphone: used only when you start voice input to record audio for transcription.
Speech recognition (iOS): requested by iOS voice components used for voice-to-text workflows.
Internet: required to sync data, call API endpoints, and process AI features.
Billing: required for in-app subscriptions through Apple App Store / Google Play.
Vibration and wake lock: used to support timer/session UX and notifications while focus sessions are active.
Legal Basis, Purpose, and Retention
| Data Type | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Account data (email, password hash, auth identifiers) | Create and secure your account, authenticate login, send OTP verification and essential account communications | Contract performance | Until account deletion |
| Trusted-device identifier | Remember trusted devices for OTP security and account protection | Legitimate interests and account security | Until account deletion or device trust reset |
| Tasks, session history, streak, and mood check-ins | Provide core productivity features | Contract performance | Until account deletion |
| Voice recordings and transcripts | Voice-to-text task input and AI assistance | Consent and contract performance | Audio processed transiently; transcript retained if saved by user |
| Subscription and transaction records | Billing, entitlement enforcement, tax and accounting | Contract performance and legal obligation | As required by tax/accounting law (up to 7 years) |
| Crash/performance diagnostics | Security monitoring and bug fixing | Legitimate interests | Limited retention based on provider settings |
| Pseudonymous app analytics | Understand screen and feature usage to improve ZoBud | Consent | Limited retention based on provider settings |
| Support communications | Respond to requests and resolve support issues | Legitimate interests | Typically up to 24 months |
AI and Voice Processing Disclosure
- AI features are optional product features.
- Task text may be sent to our configured AI provider for analysis.
- Voice input uploads recorded audio to our backend and then to the configured AI provider to generate transcripts.
- We do not sell your personal data.
Third-Party Processors
| Service | Purpose | Data Shared | Policy |
|---|---|---|---|
| RevenueCat | Subscription purchases and entitlement sync | App user ID, subscription status, transaction metadata | View |
| Google AI (Gemini) | Task analysis, task breakdown, voice transcription | Task text and voice audio submitted by the user | View |
| Google Sign-In | Account authentication | Google ID token, email, profile name | View |
| Sign in with Apple | Account authentication | Apple identity token, Apple subject identifier, optional name/email | View |
| Brevo | Essential account emails and optional waitlist updates | Email address, optional display name; waitlist emails only if separately submitted | View |
| Sentry | Crash and performance diagnostics | Crash traces, device/app metadata, technical diagnostics | View |
| Firebase Analytics | Pseudonymous app analytics for product improvement | App-instance identifier, screen views, feature interactions, and device/app metadata with advertising ID collection disabled; no name, email, or task content | View |
| Matomo (Website) | Website analytics | Page views and usage events for zobud.com | View |
| AWS infrastructure | Cloud hosting and data storage | Encrypted application data stored in our backend systems | View |
Your Rights
Access
Request a copy of your personal data by emailing [email protected].
Rectification
Correct account data in app or contact support for assistance.
Erasure
Delete your account in Settings. We delete account data from core systems without undue delay, except records we must retain by law.
Restriction, Objection, Portability
You may object to legitimate-interest processing, request restriction, request data portability, or withdraw consent for consent-based processing.
GDPR/UK GDPR users may also lodge a complaint with their local data protection authority. We generally respond to rights requests within 30 days.
Children and Sensitive Data
ZoBud is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, contact [email protected] and we will investigate and delete the data where required. Mood and voice input may be sensitive for some users; we process this data only to provide requested app functionality.
Security Measures
Encryption
TLS in transit and encrypted cloud storage at rest
Authentication
JWT session tokens and bcrypt password hashing
Access Control
Restricted backend/admin access on a need-to-know basis
Monitoring
Operational logging and diagnostics to detect abuse and incidents
International Data Transfers
Where Data Is Processed
Depending on infrastructure and providers, data may be processed in the EU and/or the US.
Transfer Safeguards
Where required, we rely on lawful transfer mechanisms such as Standard Contractual Clauses and equivalent safeguards.
Controller and Contact
Data Controller
ZoBud Team (operator of the ZoBud app and zobud.com)
Last Updated
March 28, 2026
Contact Information
Privacy Requests: [email protected]
General Support: [email protected]
If you need postal contact details for legal notices, request them by email.