ZeroLedger

Privacy Policy

Last updated: March 15, 2026

1. Information We Collect

Account information: When you register, we collect your name and email address.

Financial data: We store the budget data, transactions, account names, and balances that you manually enter into the Service. We do not collect data from your actual bank accounts.

Usage data: We may collect basic usage information such as pages visited and features used, to improve the Service. This data is aggregated and not linked to individual users.

Cookies: We use session cookies to keep you logged in. We do not use tracking or advertising cookies.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Authenticate your identity and secure your account
  • Send transactional emails (account confirmation, password resets)
  • Respond to support requests
  • Improve the Service based on usage patterns

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Data Storage and Security

Your data is stored in Supabase, a SOC 2 Type II compliant cloud database provider. Data is encrypted at rest and in transit using industry-standard TLS encryption.

Access to your data is enforced by Row Level Security (RLS) policies — your data is only accessible to you when authenticated. No other user can access your financial data.

While we implement strong safeguards, no method of internet transmission is 100% secure. We cannot guarantee absolute security.

4. Third-Party Services

We use the following third-party services to operate ZeroLedger:

  • Supabase — database and authentication hosting
  • Vercel — application hosting and deployment
  • Google AI (Gemini) — powers the AI Insights feature. When you use AI Insights, anonymized spending summaries are sent to Google's API. No personally identifiable information is included.

Each of these providers has their own privacy policies and data processing agreements in place.

5. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update inaccurate data through the Settings page
  • Deletion: Delete your account and all associated data at any time from Settings. Data is permanently deleted within 30 days.
  • Portability: Export your transaction and budget data at any time
  • Objection: Object to processing of your data in certain circumstances

To exercise any of these rights, contact us at [YOUR_SUPPORT_EMAIL].

6. GDPR and CCPA

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). Our lawful basis for processing your data is contractual necessity (to provide the Service) and your consent (for optional features like AI Insights).

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to request deletion.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, your data is permanently removed within 30 days. Backups may retain data for up to an additional 30 days before expiring.

8. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or in-app notice at least 14 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision.

10. Contact

For privacy-related questions or to exercise your rights, contact us at:

[YOUR_COMPANY_NAME]
[YOUR_ADDRESS]
[YOUR_SUPPORT_EMAIL]

Terms of ServiceSign In