privacy policy

last updated: 2026-04-26

this policy describes what zem (the mobile app) collects, what we deliberately don’t, and how to delete your data. it covers the ios and android builds published under the “zem” name.

what we collect

• account email. needed to sign you in via apple or google, and to send the data-export download link.
• subscription state. whether you’re on trial, subscribed, or cancelled. handled by revenuecat (see third parties below). we don’t store payment details — those stay with apple, google, and revenuecat.
• anonymous usage events (only if you have telemetry turned on). limited to a fixed allow-list: trial_started, trial_ended, subscribed, cancelled, task_added, task_completed, subtask_completed, ai_split_accepted, ai_split_regenerated, mascot_evolved, notification_granted, notification_denied, share_image_generated. each event carries your opaque user id and (for some events) the subscription tier or mascot evolution stage. nothing else.

what we don’t collect

• the contents of your tasks, subtasks, or notes.
• the name you give your mascot.
• your device contacts, photos, location, calendar, or microphone.
• any advertising identifiers. we don’t run ads.
• analytics about which screens you visit or how long you spend.

where your data lives

task content, subtasks, completions, and the mascot state are stored:

• locally on your device (encrypted by the OS keystore).
• on our backend (postgres in eu-central-1), so the same account works across devices.

we use https everywhere. backups follow the standard retention of our managed database provider.

third parties

• openrouter. when you tap “split this task” we send the task title to openrouter, which routes the request to the underlying model provider on our behalf. responses are cached by us so identical titles don’t round-trip again. openrouter’s privacy policy and the upstream provider’s policy cover their handling.
• revenuecat. manages subscriptions and entitlements. receives an opaque user id and the platform store transaction. their privacy policy.
• posthog. receives the anonymous usage events listed above (only if you’re opted in). hosted in the eu region. their privacy policy.
• email provider. we use a transactional email provider to send the data-export download link. it never gets your tasks.

telemetry defaults

if your device locale is in the EU/EEA, the UK, or switzerland, telemetry is off by default. elsewhere it’s on by default. you can flip this any time from settings → account.

your rights

• export. settings → account → “export my data”. we email a download link with your tasks, subtasks, completions, and account metadata as JSON, usually within minutes.
• delete. settings → account → “delete account”. wipes the server copy of everything tied to your account, including subscription state at revenuecat. cannot be undone.
• if you’re in the EU/EEA you also have the rights granted by GDPR (access, rectification, restriction, portability, complaint to a supervisory authority). use the contact email below.

retention

account data is retained while the account exists. when you delete, the live record is removed within 24 hours; encrypted database backups age out within 30 days. telemetry events expire after 12 months.

children

zem isn’t directed at children under 13. we don’t knowingly collect data from them.

changes

material changes get a notice in the app. the “last updated” date at the top of this page reflects the most recent edit.

contact

questions, deletion requests, or GDPR data-subject requests: privacy@getzem.app.