1. Introduction
Zibyl (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our personal cash flow forecasting application at app.zibyl.com (the “Service”).
By using Zibyl, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Password (hashed and salted — we never store plaintext passwords)
Financial Data You Enter
Zibyl is a manual-entry application. We collect only what you choose to enter:
- Account names, types, and balances
- Transaction descriptions, amounts, and dates
- Recurring rule configurations
- What-if scenario data
- User preferences and settings
What We Do Not Collect
- Bank account credentials or login details
- Bank account numbers, sort codes, or routing numbers
- Data from third-party financial services
- Location data, contacts, or device identifiers beyond basic analytics
3. How We Use Your Information
We use your information solely to:
- Provide the Zibyl forecasting service
- Authenticate your account and maintain your session
- Send password reset emails when requested
- Improve the Service based on aggregate usage patterns
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Data Storage & Security
Your data is stored in a PostgreSQL database hosted by Supabase. We employ the following security measures:
- Row-Level Security (RLS) — Every database query is scoped to your authenticated user ID. Other users cannot access your data at the database level.
- Encryption in transit — All data is transmitted over HTTPS/TLS.
- Encryption at rest — Database storage is encrypted at the infrastructure level.
- Encrypted backups — Exported backup files are encrypted with AES-256-GCM.
- No bank connections — We never connect to financial institutions, eliminating credential-based attack surfaces.
5. Third-Party Services
Zibyl uses the following third-party services:
- Supabase — Database hosting and authentication. Supabase Privacy Policy
- Vercel — Application hosting. Vercel Privacy Policy
We do not use third-party analytics, advertising, or tracking services.
6. Data Retention
We retain your data for as long as your account is active. You may:
- Export all your data at any time via encrypted backup
- Delete specific data (transactions, accounts, etc.) from the Settings page
- Request complete account deletion by contacting us at hello@zibyl.app
Upon account deletion, all associated data is permanently removed from our systems.
7. Your Rights
You have the right to:
- Access your data — export via backup at any time
- Correct your data — edit any record in the application
- Delete your data — remove individual records or request full account deletion
- Portability — download your data in standard formats (JSON backup, Excel export)
8. Cookies
Zibyl uses essential cookies only:
- Authentication cookies — To maintain your logged-in session
- Preference cookies — To remember settings like theme and currency
We do not use tracking cookies, advertising cookies, or third-party cookies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy.
10. Contact
If you have questions about this Privacy Policy or your data, contact us at: