Privacy Policy

Zam! is built with privacy as a core principle, not an afterthought. Your financial data is some of the most sensitive information in your life, and we treat it that way.

Zam! is designed to avoid advertising surveillance and data brokerage. We do not use:

• Tracking cookies - including advertising or cross-site tracking cookies
• Advertising trackers - including ad networks, retargeting pixels, or conversion pixels
• Behavioral analytics or session replay - including Google Analytics, Mixpanel, heatmaps, or session replay tools
• Fingerprinting - including browser, device, or canvas fingerprinting

Cloudflare may provide website delivery, security, performance, and aggregate web-analytics telemetry as part of hosting. Zam! does not use that telemetry to read budgets, build advertising profiles, sell financial behavior, or target ads.

Zam! uses signed-in Cloud Sync protection for real budgets. The no-account demo and any continued browser-only use rely on browser storage.

• Signed in: Cloud Sync is the default protection path. Your budget is encrypted on your device before upload, then stored as an encrypted vault.
• No-account demo: Demo mode uses sample data only for a temporary 5-minute session.
• Browser-only local use: If you keep using a browser budget without signing in, budget data stays only in that browser's localStorage.
• Trusted browser key: After Cloud Sync setup or recovery-key import, this browser may store a non-extractable WebCrypto key in IndexedDB so refreshes can keep syncing without asking for the recovery key again. The raw recovery key is not stored in localStorage and cannot be displayed from this trusted key. Zam! does not upload this trusted key or include it in device-management records, but app code running in this browser can use it locally to encrypt and decrypt your Cloud Sync vault while you are signed in.
• No servers store readable financial information, transactions, balances, budgets, categories, descriptions, notes, gift-card card numbers, gift-card balances, gift-card expiration dates, or amounts.

Note on browser-only budgets: Clearing browser data, site data, storage, or using privacy-cleanup tools can remove a browser-only budget. Zam! cannot recover browser-only budgets after browser/device storage is lost. Signing in uses Cloud Sync as the default encrypted backup path.

Gift card merchant metadata cache: If you use gift-card merchant hints, Zam! downloads one full merchant metadata bundle to this browser. Merchant searches, suggestion filtering, and selections happen locally; Zam! does not send individual merchant search terms or suggestion choices to a server. You can clear this cache in Global Settings.

Cloud Sync is the default protection path for signed-in Zam! accounts. Free Tier includes two active Cloud Sync slots for browser sync. Premium adds Multi-Device Sync Plus for unlimited active browser sync.

• Enabled by signing in: Signing in means Zam! will use Cloud Sync to protect your budget by default. The public no-account path is a 5-minute sample demo. If you continue using an existing browser-only budget, it has no recovery support if local storage is lost.
• Encrypted before upload: Your budget is encrypted on your device before it leaves. The server stores encrypted blobs, not readable transactions, balances, budgets, categories, descriptions, notes, gift-card card numbers, gift-card balances, gift-card expiration dates, or amounts.
• Encrypted version history: If you use Cloud Version History, Zam! stores encrypted vault snapshots so you can restore a previous budget version. Free accounts keep the newest encrypted safety snapshot. Premium accounts keep the newest 10 encrypted snapshots. Snapshot contents are encrypted client-side before storage. Associated metadata may include snapshot timestamps, schema/encryption version, checksum, and restore/sync status text.
• Recovery key required: Your Cloud Sync recovery key decrypts your cloud budget on another device. A trusted browser key can help this browser keep syncing after refresh, but it is not a recovery-key backup and cannot be displayed as the recovery-key text. Store the recovery key somewhere safe. If you lose it and no signed-in trusted browser still has access, we cannot recover or decrypt your synced budget for you.
• Minimal sync metadata: To enforce the Free Tier sync slot limit, we store opaque hashes of locally generated sync slot tokens and sync slot timestamps. We do not store device names, user agents, IP-derived locations, or readable budget data for this feature.
• Device management metadata: If you use Account > Devices, Zam! keeps privacy-minimal browser access records so you can revoke known browsers and release unmatched Free Tier sync slots. Free sync slots work like active browser leases: if a browser does not check in for 60 minutes, the slot can be released automatically. These records contain opaque browser hashes, timestamps, and an optional link to an existing opaque Cloud Sync slot hash. The sync slot link duplicates the same privacy-minimal sync slot hash already used for Free Tier slot accounting; it is not a new device identifier. These records do not contain device names, browser user agents, IP-derived locations, transaction data, balances, budgets, categories, descriptions, notes, gift-card card numbers, gift-card balances, gift-card expiration dates, amounts, or recovery keys.
• You control it: You can try the 5-minute demo, export your data, sign out and clear this browser, keep using an existing browser-only budget without recovery support, or reset Cloud Sync for your account.

Zam! uses minimal third-party services. Here is the complete list:

• Authentication and account email services (Supabase Auth, Google OAuth, Proton Mail/SMTP, and email magic links) - These services verify your identity, send sign-in and account-security email, host public contact mailboxes, and support signed-in sessions. Apple sign-in is visible as paused until demand justifies enabling it.
• Hosting and cloud infrastructure (Cloudflare and Supabase) - These providers host the app and store encrypted Cloud Sync data on our behalf. They cannot read your budget because it is encrypted before it reaches their servers.
• Payments (Stripe) - Payments are processed by Stripe. Zam! does not receive or store full card numbers. Stripe receives payment, device, fraud-prevention, and checkout data under Stripe's privacy and legal terms.

Zam! public contact mailboxes are hosted with Proton Mail. Email is a support channel, not encrypted Cloud Sync budget storage. Proton or other email providers involved in delivery may process message contents, headers, sender and recipient addresses, timestamps, IP-related metadata, country or region hints, user agent or browser/device hints, and related security records as needed to deliver, secure, retain, or legally process email. Do not send recovery keys, magic links, passwords, full card numbers, gift card numbers, PINs, or raw budget exports by email.

Operational providers may retain limited logs or delivery metadata needed for security, abuse prevention, debugging, compliance, and service reliability. This can include Supabase Auth audit events, Supabase platform or log explorer entries, Cloudflare audit, security, delivery, performance, and aggregate web-analytics metadata depending on enabled features, Proton or Supabase SMTP delivery metadata, and Stripe billing or payment records. Zam! does not use these provider records to read budget contents, build advertising profiles, or sell financial behavior.

Our infrastructure and payment providers may be subject to U.S. federal, state, local, or other lawful requests, including legal process such as subpoenas or court orders. If legally required, the information available to provide would be limited to account, billing, operational metadata, encrypted vault data, and encrypted version-history snapshots if present. Zam! does not hold your Cloud Sync recovery key and cannot decrypt your synced budget contents.

We will never:

• Sell your data to anyone, for any reason
• Share your data with advertisers or data brokers
• Allow third parties to access your decrypted information
• Use your data to train AI models or machine learning systems

You have the right to:

• Access - View all data stored in the app at any time (it's your data)
• Export - Download transaction data with CSV export
• Delete - Clear your data locally, reset your encrypted Cloud Sync vault, or delete your Zam! account
• Try before signing in - Use the 5-minute sample demo, or keep using an existing browser-only budget with no recovery support if local browser storage is lost
• Leave - Stop using Zam!, clear this browser, reset Cloud Sync, delete your account, or contact support for account/data questions

Account deletion removes Zam-controlled account records, encrypted Cloud Sync vault data, encrypted version-history snapshots, and app-owned browser access records. Provider logs, security or audit records, email delivery metadata, and billing or payment records may remain according to provider retention, legal, security, tax, dispute, or abuse-prevention requirements.

We don't make account deletion difficult. Deleted Cloud Sync vaults, deleted snapshots, deleted account identities, and lost recovery keys cannot be recovered by Zam! Browser-only copies on other devices may remain until that device's local site data is cleared.

We take security seriously, even though we hold minimal data:

• All data in transit is protected with TLS/HTTPS encryption
• Cloud-synced data is encrypted end-to-end before leaving your device
• Authentication credentials are never stored in plain text
• We follow industry-standard security practices

That said, no system is perfectly secure. We encourage you to:

• Use a strong, unique password for your account
• Keep your device locked with a PIN, password, or biometric
• Clear browser data on shared or public devices
• Export regular backups of your financial data

Zam! is not intended for children under 13. We do not knowingly collect data from minors. If we learn that a child under 13 has created an account, we will delete it promptly.

Zam! is designed around user control, exportability, deletion, and minimal data collection. Privacy laws vary by location, so this policy describes the rights and controls Zam! makes available to all users rather than promising legal compliance in every jurisdiction without review.

We may update this policy as the app evolves, especially while Cloud Sync, billing, and beta support paths are being tested. When we do:

• We will notify you clearly within the app
• We will update the "Last updated" date at the top of this page
• Material changes will require your explicit consent before taking effect
• We will never quietly weaken your privacy protections

Privacy shouldn't be confusing. If anything in this policy is unclear, or if you have concerns about how your data is handled, please reach out: