Privacy Policy

1. What Information We Collect

Account Information

When you create a ZenView account, we collect:

• Email address — for authentication and account recovery
• Password credentials — handled by Supabase Auth using secure password hashing (we do not see your actual password)
• User ID and authentication session data
• Account creation date

Subscription and Payment Information

If you subscribe to ZenView, we collect:

• Payment information — processed securely through Stripe (our payment processor)
• Subscription status — active, canceled, or expired
• Subscription tier — which plan you're subscribed to
• Billing dates — when your subscription starts and renews

We do not store your full credit card numbers. All payment processing is handled securely by Stripe, which is PCI-DSS compliant.

Application Configuration Data

To provide the Services, ZenView stores configuration needed to run protection and recover it after restarts:

• Whitelisted apps and domains — items you choose to exempt from monitoring
• Strictness mode — Normal or Strict sensitivity settings for content detection
• Cooldown duration — your configured cooldown period
• Protection state — whether protection or cooldown is currently active
• Pending protected changes — changes that are delayed until cooldown finishes
• Detection sound preference

Live protection state, cooldown state, pending changes, and block history are persisted locally by ZenCore so protection can resume after force-quit, user switching, or reboot. Account, subscription, and synced configuration records are stored in Supabase where applicable.

Device Credentials

ZenView uses a device API key so the desktop app can authenticate backend flows. The plain API key is stored in macOS Keychain on your device. We store only a SHA-256 hash of that key in Supabase.

Technical Information

ZenView sends a small set of operational health events needed to keep installation, updates, permissions, UI/Core connectivity, recovery, and protection reliability observable. These events may include:

• App version, build mode, operating system version, device architecture, Electron/Node version, and coarse process type
• Fixed-schema reliability events such as install/update status, permission validation, Core connection status, protection readiness, heartbeat, capture health, and enforcement success or failure
• A hashed installation identifier used to correlate reliability events without sending the raw installation ID

Operational health events do not include user/account identifiers, raw installation IDs, raw file paths, whitelisted apps, window titles, URLs, NSFW scores, detection thresholds, screenshots, or page content.

Optional Diagnostics

During onboarding and in Settings, you can choose whether to share richer diagnostic logs. If enabled, ZenView may send detailed app errors and diagnostic logs through our telemetry proxy to help us debug beta issues. You can change this setting at any time, including while protection or cooldown is active.

Diagnostic events are sanitized before forwarding. We strip or redact known sensitive fields such as emails, tokens, API keys, file paths, URLs, domains, app names, window titles, scores, thresholds, tracked/whitelisted app lists, and user IDs.

Support and Feedback Information

When you contact us for support or provide feedback:

• Bug reports — your description, optional reproduction details, app/system version details, and optional diagnostic logs if you consent to include them
• Uninstall feedback — reasons for uninstalling (optional, submitted if you choose)
• Support communications — messages you send to our support team

2. What We DO NOT Collect

We want to be absolutely clear about what we don't collect:

• No uploaded screenshots, screen recordings, or page content - content detection happens locally on your device
• No browsing history, URLs, domains, or window titles in remote telemetry
• No NSFW scores, detection thresholds, or whitelist lists in remote operational health events
• No advertising profiles - we don't use your data for ads or cross-site marketing
• No accountability partner monitoring - unlike other apps, we don't send your activity to anyone else
• No raw device API keys in our backend - only hashed key records are stored server-side

3. How We Use Your Information

We use your information to:

1. Provide the Services — Authenticate your account, sync your settings where applicable, restore local protection state after restarts, and enable blocking functionality
2. Process payments — Manage your subscription and billing through Stripe
3. Maintain reliability — Observe fixed-schema operational health signals needed for installs, permissions, updates, UI/Core connectivity, recovery, and enforcement reliability
4. Improve the Services — Debug issues, fix bugs, and improve app performance using optional diagnostics when you have consented
5. Communicate with you — Send important updates about your account, subscription changes, or critical service announcements
6. Provide support — Respond to your questions and troubleshoot technical issues

We will never:

• Sell your personal information to third parties
• Use your data for advertising purposes
• Share your activity with accountability partners, family members, employers, or advertisers
• Track your browsing or app usage for marketing

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Contract Performance — To provide the Services you've subscribed to and fulfill our obligations to you
• Legitimate Interest — To maintain reliability, improve our Services, prevent fraud, and ensure security
• Consent — For optional communications, feedback collection, and optional desktop diagnostics
• Legal Obligation — To comply with applicable laws and regulations

You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

4. How We Protect Your Data

On-Device Processing

• AI detection runs entirely on your Mac - using Apple's CoreML framework, all content scanning happens locally
• Screen content is discarded after analysis - screenshots used for detection are not saved to disk or uploaded
• No remote access - we cannot remotely view your screen or activity

Data Security Measures

• Encryption in transit — All data transmitted to our servers uses industry-standard TLS/SSL encryption
• Encrypted storage — Sensitive data is encrypted at rest in our database
• Secure authentication — Passwords are hashed and salted; we use Supabase's enterprise-grade auth system
• Limited data retention — We only keep data as long as necessary to provide Services

Third-Party Service Providers

We work with trusted third-party services that help us operate:

• Supabase — Database and authentication (SOC 2 Type II certified)
• Stripe — Payment processing (PCI-DSS Level 1 certified)
• Cloudflare R2 — Secure distribution of app updates
• Vercel — Website hosting, Web Analytics, and Speed Insights
• Axiom — Operational health events and optional diagnostics sent through our telemetry proxy

These providers are contractually obligated to protect your data and use it only for providing services to us.

5. Data Sharing and Disclosure

We do not sell, rent, or share your personal information except in the following limited circumstances:

Service Providers

We share data with third-party service providers (listed above) who need it to provide services on our behalf. They are bound by confidentiality agreements and data protection obligations.

Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (court orders, subpoenas, warrants)
• Requests from government authorities
• Compliance with applicable laws and regulations
• Protection of our rights, property, or safety, or that of our users or the public

Business Transfers

If ZenView is acquired by or merged with another company, user information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the app before any such transfer.

6. Your Data Rights

Depending on your location, you may have the following rights:

Access and Portability

You can request a copy of the personal information we hold about you.

Correction

You can update your account information directly in the app or by contacting us.

Deletion

You can request deletion of your account and associated data. Note that some information may be retained for legal or legitimate business purposes (e.g., billing records, fraud prevention).

Opt-Out

You can opt out of promotional communications by following the unsubscribe link in our emails. Note that we may still send you essential service-related communications.

Withdraw Consent

Where we process data based on consent, you can withdraw that consent at any time.

To exercise these rights, contact us at: contact@getzenview.com

We will respond to your requests within 45 days of verification.

7. Data Retention

We retain your personal information for as long as:

• Your account is active
• Necessary to provide you Services
• Required to comply with legal obligations
• Needed to resolve disputes or enforce our agreements

When you delete your account:

• Personal information is removed from active systems within 30 days
• Some data may be retained in backups for up to 90 days before permanent deletion
• Anonymized usage statistics may be retained indefinitely for product improvement

8. Children's Privacy

ZenView is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we discover we have collected information from a minor, we will delete it immediately.

9. International Users

ZenView is operated from Poland and uses service providers in the European Union and United States. By using our Services, you consent to the transfer of your information to these locations.

European Users (GDPR)

If you're in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to object to processing
• Right to restriction of processing
• Right to lodge a complaint with your local data protection authority

California Users (CCPA)

If you're a California resident, you have rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to deletion of personal information
• Right to opt-out of sale (note: we don't sell your information)
• Right to non-discrimination for exercising your rights

10. Cookies and Tracking

Our Website

Our marketing website (getzenview.com) may use:

• Essential cookies - required for the site to function
• Vercel Web Analytics and Speed Insights - privacy-focused page view and performance measurement without third-party cookies
• Local storage or preference cookies - used for theme, language, sidebar state, and any cookie-consent choice

You can control cookies through your browser settings.

Desktop Application

The ZenView desktop app does not use browser cookies. It runs screen-content detection locally, sends minimal operational health events for reliability, and sends richer diagnostics only when you have enabled diagnostic sharing.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Legal or regulatory requirements
• New features or services

We will notify you of significant changes by:

• Email to your registered address
• Prominent notice in the app
• Update to the "Last Updated" date above

Your continued use of ZenView after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

• Email: contact@getzenview.com
• Support: contact@getzenview.com
• Business Location: Warsaw, Poland

For EU privacy inquiries, you can reach us at: contact@getzenview.com

13. Your Trust Matters

We built ZenView because we believe recovery should be private and dignified. This Privacy Policy reflects our commitment to protecting your data while providing you with effective tools for your journey.

Unlike surveillance-based solutions, ZenView processes everything on your device — your recovery is yours alone. We see our role as providing you with technology that respects your privacy while supporting your goals.