Privacy Policy
Last updated: 2026-05-04
Zero is a personal-finance application that helps a household run a zero-based budget. This policy describes what we collect, why we collect it, who we share it with, and how long we keep it. Plain English first; legal language only where it must be.
Who runs Zero
Zero is operated as a single-operator service. Contact: hello@getzero.ca. For everything in this document, "we" means that single operator and "you" means the user of the app.
What we collect
- Account information. Email address, hashed password, full name, household name. Provided by you at signup.
- Bank-connection metadata. When you connect a bank via Plaid we receive an access token, the institution name, and a list of accounts (name, mask, type, subtype, balances). The access token is encrypted with AES-256-GCM before it is written to our database.
- Transaction data. Pulled from Plaid for the accounts you have linked. Includes date, merchant name, amount, and a Plaid-supplied category. We do not receive your bank login credentials.
- Application data you create. Budget categories, sinking funds, debt totals, transaction assignments, splits, due dates, and other budgeting structure.
- Operational logs. Vercel records request metadata (path, status code, latency, IP address) for at most 30 days for debugging and abuse prevention.
How we use it
- To show you your own budget, transactions, and balances.
- To sync new transactions from Plaid on a daily schedule.
- To respond to webhooks from Plaid that signal new data or that your bank has logged you out and needs to be reconnected.
- To diagnose and fix bugs you report or that show up in logs.
We do not sell your data. We do not share your data with advertisers. We do not share aggregated, anonymized, or otherwise repackaged versions of your data with third parties for marketing.
Who we share it with
- Plaid Inc.Plaid is the network that connects Zero to your bank. We send Plaid your bank-account selection and receive transactions in return. Plaid's end-user privacy notice is shown to you inside Plaid Link before you authorize a connection. See Plaid's consumer policy.
- Supabase. Hosts our PostgreSQL database and authentication service. Data is stored in their managed infrastructure under our project.
- Vercel. Hosts the application code and serves HTTPS traffic.
- Law enforcement / legal process. Only with valid legal process, and only the minimum we are compelled to disclose.
We do not use any third-party analytics or advertising trackers.
Where we store it
Application data and access tokens are stored in our Supabase PostgreSQL instance. Plaid access tokens are encrypted at rest with AES-256-GCM; the encryption key is held only by our server runtime and never sent to the browser. All traffic between your device and Zero is encrypted with TLS.
How long we keep it
| Category | Retention |
|---|---|
| Auth identity, profile, household | Until you delete your account |
| Plaid access tokens | Until you disconnect a bank or delete your account; revoked at Plaid in real time |
| Transactions, budget data | Until you delete your account |
| Database backups | Up to 7 days (Supabase point-in-time recovery) |
| Operational request logs | 30 days (Vercel) |
Your rights
- Access and portability. Email us and we will provide a copy of your account, household, and transaction data in a machine-readable format.
- Correction. Most fields are editable directly in the app (Settings, transaction edit, budget rename). For anything that is not, email us.
- Deletion.The Settings page has a "Delete account" control. Clicking it disconnects every linked bank from Plaid (calling Plaid's
/item/removeon your behalf), permanently deletes every database row associated with your household, and removes your auth user from Supabase. Backups expire on the schedule above and cannot be selectively restored. - Disconnect a bank.The Accounts page lets you disconnect any single linked bank without deleting your account. Disconnecting calls Plaid's
/item/removeand stops further syncing. - Withdraw consent. You may revoke our access to your bank at any time from inside the app or by contacting your bank.
Children
Zero is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a minor has signed up, contact us and we will delete the account.
Security
Our security posture, including access controls, encryption, MFA policy, and patch SLA, is documented at SECURITY.md in our public repository.
Changes to this policy
If we change this policy in any material way we will update the "Last updated" date above and announce the change in the app on next sign-in. Trivial wording changes will not trigger an announcement.
Contact
Questions or requests: email hello@getzero.ca with the subject Zero privacy.