Privacy Policy

Effective Date: May 21, 2025

1. Introduction

Welcome to zerotap! This Privacy Policy explains how INSCODE ("we," "us," or "our"), the owner and data controller, collects, uses, shares, and protects information in relation to our mobile application zerotap (the "App"). zerotap is an application that autonomously performs actions on your device based on high-level tasks you provide. The app decides what screen gestures and device controls are needed to accomplish your requested task. This policy applies to all users of the App and is compliant with the General Data Protection Regulation (GDPR) and other relevant European data protection laws.

By using the zerotap App, you agree to the collection and use of information in accordance with this policy.

Important: You acknowledge and agree that you are solely responsible for all actions performed by the App based on your instructions. The App should only be used under your direct supervision and control. Never leave the App operating unattended.

2. Information We Collect

We collect minimal information necessary to provide and improve our service:

• Task Descriptions: When you use the core functionality of the App, you provide high-level task descriptions. The app then autonomously determines what actions to take on your device to accomplish these tasks. These task descriptions are sent to our processing services solely for the purpose of interpreting and executing the appropriate actions. Your data is not stored on our servers - it is only processed to provide the service. The task descriptions are processed ephemerally.
• Screen Content: To properly understand your device's state and execute tasks accurately, the App may send information about your screen content to our servers. This may be in descriptive form or as screenshots. This screen content is NOT stored on our servers - it is only processed temporarily to provide the service and then immediately deleted. The screen content is processed ephemerally and solely for the purpose of understanding the context needed to perform the requested tasks.
• Usage Data: We automatically collect certain information about how you interact with the App. This may include information such as your device type, operating system version, unique device identifiers, IP address, crash data, and usage patterns within the App (e.g., features used, frequency of use). This data is primarily collected through third-party services like Google Analytics and Supabase.
• Account Information: We collect and permanently store basic information about users, including email address, user ID, device ID, and the number of remaining available actions (credits/tokens). This information is necessary for account management, service provision, and tracking usage entitlements.
• Payment History: When you make purchases within the App, we permanently store your payment history. This information is used for accounting purposes, customer support, and legal compliance.
• Problem Reports: If you want to report a problem with the task, you may choose to include screen data (such as screenshots or descriptions) to help us understand and resolve the issue. This data will only be stored if you explicitly consent to sharing it during the problem reporting process. If you provide consent, this information will be stored for the purpose of diagnosing and resolving the reported issue.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Operate the App: Primarily to process the task descriptions you input, autonomously determine the necessary actions, and perform the appropriate screen gestures and device control actions to accomplish your requested tasks. We also use your account information to track your remaining available actions (credits/tokens).
• To Improve and Maintain the App: Analyzing usage data helps us understand user needs, identify bugs, improve performance, and develop new features. Problem reports that you submit with your consent are used to diagnose and resolve issues.
• To Process Payments and Maintain Records: We use and store payment history to process transactions, provide customer support related to purchases, and maintain necessary financial records.
• To Ensure Security: Monitoring for fraudulent or unauthorized activity using device IDs and account information.
• To Comply with Legal Obligations: Fulfilling legal requirements and responding to lawful requests from authorities, which may include maintaining certain user and payment records.
• To Manage Your Account: Using stored account information for authentication, tracking usage entitlements, and providing user-specific services.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Performance of a Contract: Processing your input text is necessary to perform the core service (rephrasing) you requested when using the App.
• Legitimate Interests: We process usage data based on our legitimate interest in understanding how our App is used, improving our services, and ensuring security, provided these interests are not overridden by your data protection rights.
• Consent: In some cases (e.g., potentially for certain types of analytics or marketing communications if implemented later), we may rely on your explicit consent. You have the right to withdraw your consent at any time.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share your information with trusted third-party service providers only to the extent necessary for them to perform services on our behalf, under strict confidentiality and data processing agreements. These include:

• Azure OpenAI: We share the text you input with Microsoft Azure's OpenAI service, which performs the actual text processing. Your text is processed according to their terms and privacy policies. We do not control their data handling practices after the data is transferred. See Azure Legal Information and OpenAI Privacy Policy.
• fly.io: We use fly.io services for hosting our backend infrastructure. Data processed by fly.io is subject to their Privacy Policy. See fly.io Privacy Policy.
• Supabase: We use Supabase for database services. Data stored in Supabase is subject to their Privacy Policy. See Supabase Privacy Policy.
• Google Firebase: We use certain Firebase services for app infrastructure. Data processed by Firebase is subject to Google's Privacy Policy. See Firebase Privacy and Security and Google Privacy Policy.
• Google Analytics: We use Google Analytics to collect and analyze usage data to understand how our App is used. This helps us improve the user experience. Data collected by Google Analytics is subject to Google's Privacy Policy. You can learn more about how Google uses data here: How Google uses information from sites or apps that use our services.

We may also disclose your information if required by law or in response to valid requests by public authorities (e.g., a court or a government agency).

6. Data Retention

As stated above, the text you input is processed ephemerally and is not stored on our servers. Your data is only processed to provide the service you requested.

Usage data collected via analytics services is retained for a period necessary to fulfill the purposes outlined in this policy (e.g., for trend analysis), typically in an aggregated and anonymized form where possible.

Account information is retained as long as your account is active or as needed to provide you services and comply with legal obligations.

7. Data Security

We implement appropriate technical and organizational measures to protect the information we process against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure.

8. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. This is particularly relevant as we utilize services from global providers like Microsoft (Azure), Google (Firebase, Analytics), fly.io, and Supabase.

We ensure that any such transfers are conducted in compliance with GDPR requirements, typically through mechanisms like Standard Contractual Clauses (SCCs) or by ensuring the provider adheres to frameworks like the EU-U.S. Data Privacy Framework (where applicable).

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following data protection rights:

• The right to access: You can request copies of your personal data.
• The right to rectification: You can request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure ('right to be forgotten'): You can request that we erase your personal data, under certain conditions.
• The right to restrict processing: You can request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing: You can object to our processing of your personal data based on legitimate interests.
• The right to data portability: You can request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• The right to withdraw consent: If we are processing based on consent, you can withdraw it at any time.

To exercise any of these rights, including requesting the deletion of your personal data, please contact us at insmobileapps@gmail.com. We will respond to your request, and if applicable, fulfill your data deletion request within one month.

10. Data Deletion and Account Management

Complete Account Deletion: If you wish to delete your account and have all your personal data removed from our systems, please send an email request to insmobileapps@gmail.com with the subject line "Account Deletion Request". Please include your email address or device ID associated with your account in the email. We will process your request and delete your account and associated personal data within one month of receiving your request. Note that some information may be retained for legal and accounting purposes as required by law.

Partial Data Deletion: If you wish to delete only specific parts of your data while maintaining your account, you can request this by sending an email to insmobileapps@gmail.com with the subject line "Partial Data Deletion Request". In your email, please clearly specify which data you would like removed (e.g., payment history, usage data, specific problem reports). Include your email address or device ID associated with your account. We will process your request within one month of receiving it and confirm once the specified data has been deleted.

11. Children's Privacy

zerotap is not intended for use by children under the age of 13 (or the relevant age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy within the App or on our website and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact the Data Controller:

INSCODE
insmobileapps@gmail.com