GDPR Notice

Last updated: 7 May 2026

This notice is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (the "General Data Protection Regulation" / "GDPR"). It describes how ZipOrder ("we", "us") processes personal data when you use our mobile and web product. The legal controller is named in Section 1 below.

Please also read our Privacy Policy for a plain-language summary of the same practices, and our Subprocessors page for the list of third-party services that may process your data on our behalf.

1. Controller

The data controller is Zero Core Studio LLC, a company incorporated under the laws of the United States. For data protection matters you can reach us at legal@ziporder.io.

2. Categories of personal data we process

• Account data: email address, sign-in tokens, locale preference, optional business name and contact details. When you sign in with Apple we additionally receive a stable Apple-issued user id; when you sign in with Google we receive your name and profile photo URL alongside the email.
• Content data: catalogs, items, prices, orders and uploaded source files (images / PDFs / spreadsheets).
• Third-party data on a public order page: the name and contact info a customer enters when submitting an order through your catalog. We disclose this to you (the supplier) and anonymize it on the public link 30 days after the order is placed.
• Service telemetry: error reports (PII redacted) and basic logs needed to operate the service. Always-on; legitimate interest under Art. 6(1)(f).
• Optional product analytics: anonymous app usage events (feature taps, screen views, error counts) sent to Firebase Analytics on mobile and Google Analytics 4 on the web. Disabled by default; processed only after explicit opt-in via the on-device consent dialog (mobile) or cookie banner (web). Withdrawable at any time from Profile → Privacy (mobile) or by clearing cookies (web).
• Billing data: subscription status received from Apple App Store / Google Play / RevenueCat. We do not see your payment card details.

3. Purposes and legal bases

• Provide the service (Art. 6(1)(b) — performance of the contract): account, content and order data.
• Operate, secure and improve the service (Art. 6(1)(f) — legitimate interests): logs, error monitoring, abuse prevention. You may object at any time.
• Comply with legal obligations (Art. 6(1)(c)): tax records, lawful requests from authorities.
• Optional product analytics (Art. 6(1)(a) — your consent, captured by the in-app opt-in dialog or the web cookie banner): Firebase Analytics for mobile and Google Analytics 4 for web. We collect only anonymous events; no PII is sent.
• Optional analytics tags you configure on your catalog (Art. 6(1)(a) — your visitors' consent, governed by your own privacy notice): if you enter a Facebook Pixel or Google Analytics ID into your ZipOrder profile, we inject those tags into your public catalog page. You become the controller for that processing; we operate as your processor.

4. Recipients and international transfers

We use the subprocessors listed on the Subprocessors page. EU data is stored in the EU (Frankfurt for the database, Ireland for authentication, EU region for object storage). Some subprocessors (e.g. Sentry, Resend) are based in the United States; transfers rely on the EU Commission's adequacy decision for the EU–US Data Privacy Framework or on Standard Contractual Clauses.

5. Retention

• Source documents (uploaded scans / PDFs): 72 hours after processing, then deleted from object storage.
• Customer PII (per-order) — name, email, phone, delivery address, location coordinates: anonymized 30 days after the order is placed; the order record itself (items, totals, status) is kept anonymized for the supplier's analytics.
• Order share links: expire 30 days after the order is placed; expired links return 404.
• Paused catalogs: 30 days after subscription lapse the catalog is soft-deleted (slug removed), 120 days after the catalog is hard-deleted.
• Phone verification details: the verified E.164 number is retained as long as the account is active; one-time OTP codes expire in Twilio after 10 minutes and are never persisted in our database.
• Sign-in logs (SignInLog): retained 13 months for security / audit purposes; deleted automatically afterwards.
• Abuse reports + admin actions (AdminAction): retained indefinitely for legal compliance and account-recovery investigations. These records survive even if the underlying account is deleted (Art. 17(3)(e) — legal claims exception).
• Account & catalog data: kept until you delete your account or the lapsed-account window (120 days after a paused subscription) ends.
• Backups: rolling 30-day window, then overwritten.

6. Your rights

You have the following rights under the GDPR:

• Access (Art. 15) — request a copy of your data. Available self-service via Profile → Privacy → Request data export.
• Rectification (Art. 16) — correct any inaccurate data via the app, or by writing to us.
• Erasure (Art. 17) — delete your account and all associated data via Profile → Privacy → Delete account.
• Restriction (Art. 18) and objection (Art. 21) — write to legal@ziporder.io.
• Portability (Art. 20) — the data export above is provided in a machine-readable JSON format.
• Withdraw consent (Art. 7) — at any time, with no effect on processing already carried out.
• Lodge a complaint with your local supervisory authority. A list of EU authorities is available at edpb.europa.eu.

7. Automated decision-making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you. The AI scanner extracts information from the documents you upload but every item remains editable; the final catalog is always your decision.

8. Updates

We may update this notice when our practices change. Material changes will be communicated via the app or by email. Older versions are kept on file at legal@ziporder.io.