Skip to main content
Legal Document

Privacy Policy

Last updated May 2, 2026Questions? privacy@getzerodue.com

Plain English Summary

  • We don't sell your data. Not to advertisers, data brokers, or anyone else — ever.
  • No ad trackers on this site or in the app. No Facebook pixel, no Google Ads, no behavioural retargeting.
  • We don't train AI models on your financial data.
  • Your workspace is yours. Export your records at any time. When you delete your account, we de-identify your personal details (name, email, login history) immediately; remaining records are anonymised and kept only as long as legitimate or legal needs require.
  • The full policy below covers the legal specifics, but those five points are the spirit of it.

Introduction

ZeroDue is a personal finance tool built around debt freedom. This policy explains what we collect, how we use it, what we don't do with it, and how you can take it back.

Information We Collect

We only collect what is necessary to operate and improve ZeroDue. This includes:

  • Personal Information: Name, email address, and securely hashed account credentials.
  • Financial Information: Income, expenses, debts, credit cards, and subscription details. This data is logically isolated to your workspace.
  • OAuth Data: When signing in with Google, we receive your name and email. We do not store your social media passwords.
  • Usage Data: Anonymized data on features accessed and time spent to improve user experience.

How We Use Your Information

We use your data to provide, improve, and secure our service. This includes processing transactions, sending security alerts, and analyzing usage patterns to enhance our application.

How We Share Your Information

We do not sell your personal data, and we do not use it to train machine-learning models. There are no advertising trackers, retargeting pixels, or behavioural ad networks on this site or in the app. We do use Sentry for error monitoring — to detect crashes and fix bugs — which is never used for advertising or profiling. We only share data in these limited circumstances:

  • Service Providers: Strictly the partners we need to run the product — Stripe (payments), our transactional email provider, Sentry (error monitoring), and our cloud hosting and database providers.
  • Legal Requirements: If we receive a valid legal request (subpoena, court order). Where law allows, we will notify the affected user before disclosure.
  • Workspace Members: If you invite a partner or family member to your workspace, they can see the workspace data — that's by design.

Workspace Data Isolation

Your financial data is logically separated from all other users within our secure infrastructure. Key points:

  • Every piece of financial data you enter is tied to your unique workspace identifier, ensuring complete separation from other users.
  • Our application code is built to enforce this separation at every query, ensuring you can only ever access your own workspace's data.
  • This model allows you to securely invite team members to your workspace in the future, knowing your data boundaries are strictly maintained.

How We Protect Your Data

We use strong, industry-standard security measures to protect your information.

  • Encryption: AES-256 for data at rest (managed database) and modern TLS (1.2+) for data in transit.
  • Authentication: Secure JWT sessions, OAuth 2.0, and role-based access controls.
  • Infrastructure: Regular security audits and continuous monitoring on secure cloud infrastructure.
  • Payment Security: All billing is handled by PCI-compliant providers (Stripe). We never store your full credit card details.

Your Data Rights

You have full control over your data, including the right to access, correct, delete, and export it at any time. To exercise these rights, please contact us at privacy@getzerodue.com.

Data Retention

While your account is active, we keep your data so the product works. When you leave, you have two distinct choices, both in Settings → Data & Privacy:

  • Close your account. Your personal details — name, email address, and login history — are de-identified immediately, and any subscription is cancelled, but the now-anonymised financial records are kept for the legitimate-business and legal retention window described below.
  • Erase all my data. The GDPR right to erasure: this permanently and irreversibly deletes all your financial data and your payment profile with our billing provider. There is no recovery.

For records we retain after an ordinary account closure:

  • Anonymised financial records may be retained for legitimate business and legal purposes (for example fraud prevention and tax/accounting requirements), and only for as long as those purposes require.
  • Encrypted backups roll off on their own schedule, typically within 90 days.
  • Some records we're legally required to keep (e.g. invoices for tax purposes) are retained for the period the law requires — nothing more.

Third-Party Services

We partner with industry-standard secure providers for critical services. You can view their privacy policies for more information:

Contact Us

If you have any questions about this Privacy Policy, please contact our privacy team at privacy@getzerodue.com. We respond to all privacy-related inquiries within 3 business days.