Privacy Policy

We process account data such as email address, credentials managed by Supabase, language preferences, country, and profile settings.

We also process financial data entered or confirmed by the user in ZionFlow, including accounts, cards, balances, budgets, expenses, income, subscriptions, goals, and transactions.

Gmail reading is optional and requires explicit consent before connecting or syncing. We use the gmail.readonly permission to search for bank notifications from verified senders or senders configured by the user.

ZionFlow does not send, modify, delete, or mark emails as read. Reading is used to prepare expense candidates that the user reviews before saving.

When an email cannot be interpreted with deterministic rules, we may send sanitized evidence to an AI provider, currently Groq, to extract data such as amount, currency, date, merchant, bank, and card last four digits.

Before processing, references, links, email addresses, long numbers, and unnecessary data are reduced. We do not use Gmail-derived data for advertising, selling data, credit-worthiness decisions, or training general models.

OAuth tokens, derived email data, and sensitive financial fields are encrypted where applicable. Data access is limited to visible product functionality.

When Gmail is disconnected or consent is revoked, ZionFlow deletes email staging, candidates, and unapproved evidence. Expenses manually approved by the user remain as user-created financial records.

Users may request access, correction, update, or deletion of their data under Dominican Republic Law No. 172-13 on Personal Data Protection and other applicable rules.

ZionFlow’s use of information received from Google Workspace APIs will adhere to the Google API Services User Data Policy, including Limited Use requirements.