Privacy Policy

Last updated: 7 May 2026

ZipOrder is a mobile and web product operated by Zero Core Studio LLC ("we", "us"). This policy explains what data we collect, why, how long we keep it, and the rights you have under GDPR (EU) and KVKK (Turkey).

1. Data we process

• Account data: email address, sign-in tokens, locale preference, optional business name. Authentication runs through Supabase Auth (EU region) — by email magic link, password, or via Apple / Google native sign-in. When you use Apple sign-in we receive only your email and a stable Apple-issued user id; when you use Google sign-in we receive your email, name and profile photo URL.
• Uploaded source files: images, PDFs, spreadsheets you upload for AI extraction. Stored in Cloudflare R2 (EU jurisdiction) and automatically deleted 72 hours after upload.
• Extracted items: product names, prices, units that our AI parses out of your uploads. Stored as structured rows in our database (Railway, EU).
• Catalogs and orders: any catalog you publish, and any order created from it, including the customer name, contact, and (when the customer chooses to fill it in) an optional delivery address. The address field is opt-in — customers may skip it and arrange delivery on WhatsApp instead. Names, contacts and addresses on catalog-driven orders are anonymized 30 days after the order is created.
• Subscription state: trial start / end timestamps, current plan (monthly / yearly), cancellation status. Held in our database and synced from RevenueCat (which receives the receipt from Apple App Store or Google Play). We do not see your payment-card details.
• Anonymous analytics events (only after opt-in): app screen views, feature use counts, error counts. Mobile uses Firebase Analytics; web uses Google Analytics 4. No PII is sent — only aggregate behaviour. Disabled by default; users grant the opt-in on first launch (mobile) or via the cookie banner (web).
• Operational telemetry: error logs, request metadata and per-job AI cost / token counts for cost control and reliability.

2. Why we process it

• To provide the core service (scanning, cart building, sharing).
• To send transactional emails (sign-in links, new-order notifications, subscription lifecycle reminders, data exports).
• To bill subscriptions (paid through Apple App Store or Google Play; receipts mediated by RevenueCat).
• To prevent abuse (rate limiting, anti-fraud signals on trial signups).
• To meet legal obligations (record keeping, tax where applicable).

3. Sub-processors

We rely on the following processors:

• Supabase (EU, Ireland) — authentication and email dispatch for sign-in
• Railway (EU) — application hosting, PostgreSQL, Redis
• Cloudflare R2 (EU jurisdiction) — temporary object storage for uploads
• Google AI Studio (Gemini API) — AI vision/text extraction. Inputs are the source file or its text
• Resend — transactional email delivery
• Expo (650 Industries) — push-notification delivery to mobile devices
• RevenueCat — subscription billing receipts & state synchronisation between the App Store / Play Store and our database
• Sentry (Functional Software, Inc.) — error monitoring; PII redacted before transmission
• Google (Firebase Analytics + Google Analytics 4) — anonymous product analytics, only after explicit user consent

The full list — including each vendor's data scope, region and contract URL — lives on our Subprocessors page.

4. Cookies & similar technologies

On the marketing website (ziporder.io) the only cookies we use are the strictly-necessary ones for navigation (Next.js routing state, locale preference). Analytics scripts (Google Analytics 4) are not loaded until the visitor explicitly accepts the cookie banner. Declining the banner means analytics never runs and no analytics cookies are set.

Supplier-configured third-party trackers on catalog pages. Some supplier-controlled catalog pages under /u/<username>/<slug> may include a Meta (Facebook) Pixel and/or a separate Google Analytics 4 measurement ID that the supplier connected from their own ZipOrder profile to measure traffic to their shop. These third-party scripts are subject to the same cookie consent banner as our own analytics — they are blocked at the page-script level until the visitor explicitly accepts the banner, the catalog is in an indexable state (active subscription, not paused), and the supplier has configured a non-empty ID. Declining the banner means neither our own nor any supplier-configured tracker fires, no third-party cookies are set, and no visitor IP is sent to Meta or Google.

Inside the mobile app there are no traditional cookies. The equivalent — Firebase Analytics' anonymous identifier — is set only after the user grants the analytics opt-in on first launch and can be revoked anytime from Profile → Privacy.

5. Retention

• Source files (R2): up to 72 hours after upload
• Public order/catalog share links: 30 days after creation; PII on expired catalog orders is anonymised by an automated job
• Account data and orders: kept while your account exists. You can delete everything at any time from Profile → Delete my account

6. Your rights

Under GDPR Articles 15–22 and KVKK Article 11 you may:

• Access your data — use the in-app "Email me my data" button to receive a JSON copy.
• Erase your data — use "Delete my account"; this removes your auth row, all your scans, catalogs and orders.
• Rectify or restrict processing — contact us via the email below.
• Lodge a complaint with your local supervisory authority (e.g. KVKK in Turkey, your DPA in the EU).

7. Children

ZipOrder is not directed at users under 16. If you believe a minor has signed up, contact us so we can remove the account.

8. Contact

Privacy requests and questions: legal@ziporder.io.