Privacy Policy

1. Information We Collect

We may collect information you provide directly to us, including:

• Name, email address, phone number, company name, and other contact details submitted through our contact form or other information request forms.
• Account information, such as your name, email address, username, password, and other profile details used to create and manage your account.
• Billing and transaction information related to purchases or subscriptions made through Stripe; payment card details are processed by Stripe and are not stored by ZippyPro.
• Communications you send to us, including customer service inquiries sent to customercare@zippypro.app.
• Any other information you choose to submit through the Services.

We may also collect information automatically when you use the Services, including:

• Device information, such as IP address, browser type, device type, operating system, and unique device identifiers.
• Usage information, such as pages viewed, features used, referring pages, session duration, clicks, and other interaction data.
• Cookie, pixel, and similar tracking data collected through analytics and advertising technologies.

2. Tracking Technologies

ZippyPro uses cookies, pixels, tags, and similar technologies to operate the Services, understand usage, improve performance, and support advertising and remarketing activities. Based on the information provided, the Services may use tracking and advertising tools from Google, Meta, and ByteDance, as well as general analytics technologies.

These technologies may collect information about your browsing behavior, device, and interactions with the Services over time. You can manage some cookie settings through your browser, but blocking certain cookies may affect how the Services function.

3. How We Use Information

We may use personal information to:

• Provide, maintain, and improve the Services.
• Create and manage user accounts and authenticate logins.
• Process payments, subscriptions, invoices, and related customer service through Stripe.
• Respond to contact requests, information requests, and support inquiries.
• Send transactional messages, security alerts, service notices, and account-related communications.
• Monitor usage, troubleshoot issues, detect fraud, and protect the security and integrity of the Services.
• Measure marketing effectiveness and deliver advertising or retargeting campaigns.
• Comply with legal obligations and enforce our terms, policies, and contractual rights.

4. How We Share Information

We do not sell your personal information for money. We may share personal information in the following circumstances:

• Service providers: with vendors that help operate the Services, including hosting, analytics, customer support, communications, and payment processing providers such as Stripe.
• Advertising and analytics partners: with Google, Meta, ByteDance, and similar providers that support analytics, attribution, audience measurement, and advertising services.
• Legal compliance and protection: when required by law, subpoena, court order, or other legal process, or when reasonably necessary to protect rights, safety, users, or the Services.
• Business transfers: in connection with a merger, acquisition, financing, asset sale, or similar corporate transaction.
• With your direction or consent: when you ask us to share information or connect with a third-party service.

5. Service Providers & Infrastructure

ZippyPro uses the following categories of service providers to operate the Services. These providers may process personal information on our behalf:

• Hosting & Database: Supabase (database, authentication, serverless functions)
• Deployment & CDN: Vercel (web hosting and content delivery)
• Payment Processing: Stripe (subscription billing and payment processing)
• AI Services: OpenAI (powers AI agents, content generation, and workflow automation features)
• Communications: Twilio (SMS and voice), Resend (transactional email delivery)
• Analytics & Advertising: Google, Meta, and ByteDance (analytics, attribution, and advertising)
• Third-Party Integrations: QuickBooks, Google Drive, Thumbtack, Angi, and other services you choose to connect

Each provider processes data in accordance with their own privacy policies and our contractual agreements. We select providers that maintain appropriate security practices.

6. AI-Powered Features & Data

ZippyPro includes AI-powered features such as AI agents, automated workflow suggestions, content generation, and intelligent estimating tools. When you use these features:

• Your prompts, inputs, and relevant account data may be sent to our AI service provider (OpenAI) to generate responses and perform automated tasks.
• We do not use your data to train third-party AI models. Data sent to AI providers is used solely to process your requests.
• AI-generated outputs (estimates, messages, recommendations) may be stored within your account as part of normal service operation.
• You may opt out of AI-powered features at any time by not using them; core platform functionality does not require AI features.

AI-generated content is not guaranteed to be accurate and should be reviewed before use. See our Terms of Service for additional AI-related disclaimers.

7. Client & Crew Portal Data

ZippyPro enables registered users ("Account Holders") to provide their clients and crew members with access to portal features. This creates a layered data relationship:

• Account Holders: ZippyPro acts as the data controller for the personal information of registered users who create and manage accounts directly with us.
• Portal Users (Clients & Crew): When Account Holders invite clients or crew members to access portals, ZippyPro acts as a data processor on behalf of the Account Holder. The Account Holder determines what data is shared through portals and is responsible for obtaining any necessary consent from their clients and crew.

Data collected through client portals may include: name, email address, project information, estimates, invoices, and payment status. Data collected through crew portals may include: name, contact information, job assignments, schedules, time tracking, and authentication credentials.

If you are a client or crew member accessing ZippyPro through a portal, the Account Holder's privacy practices govern how your information is used. For questions about your data, contact the business that invited you to the portal.

8. Biometric & Authentication Data

The Crew Portal supports authentication via PIN codes and device-based biometric methods (fingerprint or face recognition via WebAuthn/FIDO2). Regarding biometric authentication:

• How it works: Biometric authentication is processed entirely on the crew member's device using the WebAuthn standard. ZippyPro receives only a cryptographic key pair — we never receive, store, or process actual biometric data (fingerprints, facial scans, etc.).
• What we store: A public key credential ID and public key associated with the device. These cannot be used to reconstruct biometric information.
• PIN codes: PIN codes are cryptographically hashed before storage. We do not store PINs in plaintext.
• Retention: Authentication credentials are retained while the crew member's account is active and deleted when the Account Holder removes the crew member or closes their account.

If you are located in a jurisdiction with biometric privacy laws (such as Illinois, Texas, or Washington), please be aware that ZippyPro's biometric authentication does not collect biometric identifiers as defined under those laws, because actual biometric data never leaves the device.

9. Payments

Payments for paid Services may be processed by Stripe. Stripe collects and processes payment information according to its own privacy policy and terms. ZippyPro does not store full payment card numbers on its own systems.

10. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain accounts, complete transactions, resolve disputes, enforce agreements, and comply with legal obligations. Specific retention periods include:

• Active accounts: Data is retained for the duration of your subscription and account activity.
• After account closure: Account data is retained for 30 days following termination to allow for data export, after which it may be permanently deleted.
• Billing records: Transaction and billing records may be retained for up to 7 years to comply with tax and accounting obligations.
• Communication logs: Customer support communications may be retained for up to 3 years.
• Analytics data: Aggregated, de-identified usage data may be retained indefinitely for service improvement purposes.

11. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. However, no method of transmission over the Internet or method of electronic storage is completely secure, and no security measure can guarantee absolute security.

12. Geographic Scope

ZippyPro primarily serves users in the United States and Canada. If you access the Services from another jurisdiction, you understand that your information may be transferred to and processed in the United States or other countries where service providers operate, which may have data protection laws different from those in your location.

13. Age Restrictions

The Services are intended only for adults age 18 and older. ZippyPro does not knowingly collect personal information from children. If ZippyPro becomes aware that personal information has been collected from a person under 18, that information may be deleted.

14. Your Choices

Depending on where you live, you may have certain rights regarding your personal information, such as the right to request access to, correction of, or deletion of certain personal information, subject to applicable law. You may also opt out of marketing emails by using the unsubscribe link in those emails, where available.

You may contact ZippyPro at customercare@zippypro.app to submit privacy-related questions or requests.

15. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions (such as completing a transaction, detecting security incidents, or complying with legal obligations).
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of "Sharing": Under the CCPA/CPRA, disclosing personal information to advertising and analytics partners (such as Google, Meta, and ByteDance) for cross-context behavioral advertising may constitute "sharing." You have the right to opt out of this sharing. To opt out, contact us at customercare@zippypro.app or adjust your cookie settings in your browser.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of personal information collected (in the preceding 12 months): Identifiers (name, email, IP address); commercial information (subscription history, transaction records); internet/electronic activity (browsing history, usage data, device information); professional information (company name, job role); and inferences drawn from the above.

To exercise your rights, contact customercare@zippypro.app. We will verify your identity before processing requests. We do not sell personal information for monetary consideration.

16. Do Not Track & Global Privacy Control

Some browsers offer a "Do Not Track" (DNT) setting. There is currently no industry standard for how companies should respond to DNT signals, and ZippyPro does not currently respond to DNT browser signals.

ZippyPro will honor Global Privacy Control (GPC) signals where required by applicable law. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of personal information under the CCPA/CPRA.

17. Third-Party Services

The Services may link to or integrate with third-party websites, tools, and services. This Privacy Policy does not apply to the privacy practices of third parties, and ZippyPro is not responsible for their practices. Users should review the privacy policies of those third parties, including Stripe, Google, Meta, and ByteDance, where applicable.

18. Changes to This Policy

ZippyPro may update this Privacy Policy from time to time. When changes are made, the updated version will be posted with a revised "Last updated" date. Continued use of the Services after an update becomes effective means the updated Privacy Policy applies going forward.

19. Contact Information

For questions about this Privacy Policy or ZippyPro's privacy practices, contact:

ZippyPro
Email: customercare@zippypro.app