ZapNPrivacy Policy
Last updated: January 2026
ZapN (“we”, “us”, “our”) respects your privacy. This Privacy Policy explains what personal data we collect, why, how we use it, and your rights. It applies when you use our website and services at zapn.io (the “Service”).
We act as data controller for the personal data we process for the Service.
1. What We Collect
1.1 Account data (when you sign in with Google or LinkedIn)
- Email address and name (from your Google or LinkedIn account)
- Account and profile data we store: email, full name, subscription status (Free/Pro), and identifiers for billing (e.g. Stripe customer ID) when you subscribe
Legal basis: Performance of our contract with you (providing the Service) and, where relevant, your consent via your identity provider (Google or LinkedIn).
1.2 Link and click data
- Links you create: destination URL, short slug, optional title, whether the link is active, and click count
- Click analytics (Pro): for each click on your links we may store:
- Timestamp, referrer (e.g. the page the user came from), country and city (from IP), IP address, and user agent
Legal basis: Performance of our contract (shortening and redirecting) and, for analytics, our legitimate interest in offering and improving the Service. For Pro users, detailed analytics are part of the product.
1.3 Payment data
- We use Stripe for payments. We do not store your full card number. We store Stripe customer and subscription IDs so we can manage your Pro subscription. Stripe’s use of your payment data is governed by Stripe’s Privacy Policy.
Legal basis: Performance of our contract (billing for Pro).
1.4 Technical and usage data
- Session and auth: We use local storage and similar technologies to keep you signed in (e.g. via Supabase). We do not use marketing or non‑essential cookies for the core Service.
- Logs: Our infrastructure (e.g. Supabase) may log IP, timestamps, and request metadata for security and operations.
Legal basis: Legitimate interest (security, availability, debugging).
2. Purposes of Use
We use your data to:
- Create and manage your account, and provide the link shortening and management features
- Generate and display click counts and, for Pro users, referrer, country, and time‑based analytics
- Process subscriptions and payments via Stripe
- Comply with legal and tax obligations
- Secure and improve the Service, and prevent abuse
3. Retention
| Data | Retention |
|---|---|
| Account and profile | For the lifetime of your account. After you delete your account, we may retain some data as required by law (e.g. tax, disputes) or for legitimate purposes (e.g. fraud) for a limited period. |
| Links and click data | For as long as the link exists and you have an account. We may anonymise or delete click-level data earlier in accordance with our data retention practices. |
| Payment-related records | As required by tax and commercial law (often several years). |
| Logs | For a limited period as needed for security and operations. |
4. Your Rights (including under the GDPR)
If you are in the European Economic Area (EEA), UK, or another region with similar laws, you have the following rights in respect of your personal data:
- Access: You can request a copy of the personal data we hold about you.
- Rectification: You can ask us to correct inaccurate data.
- Erasure (“right to be forgotten”): You can ask us to delete your data, subject to legal or contractual obligations to retain it.
- Restriction: You can ask us to limit how we use your data in certain circumstances.
- Data portability: You can request your data in a structured, machine‑readable format where technically feasible.
- Object: You can object to processing based on our legitimate interests. We will consider your request and either stop, restrict, or explain why we continue.
- Withdraw consent: Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of earlier processing.
- Lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your country (e.g. in the Netherlands: Autoriteit Persoonsgegevens).
To exercise these rights, contact us at jeremie.bertrand@realsync.net. We will respond within the time required by applicable law (under the GDPR, generally one month).
5. Third‑Party Processors and International Transfers
We use the following main processors to run the Service:
| Processor | Role | Location / transfers | More information |
|---|---|---|---|
| Supabase | Hosting, database, auth | May include the US | Supabase Privacy |
| Stripe | Payment processing | May include the US | Stripe Privacy |
| OAuth sign‑in | Global | Google Privacy | |
| OAuth sign‑in | Global | LinkedIn Privacy |
When we send personal data to countries outside the EEA/UK, we rely on:
- An adequacy decision, or
- Standard Contractual Clauses (SCCs) or other approved transfer mechanisms, as offered by these providers.
6. Security
We use technical and organisational measures (e.g. encryption, access controls, secure providers) to protect your data. No system is completely secure; we will notify you and any relevant authority of a personal data breach where we are legally required to do so.
7. Children
The Service is not aimed at children under 16. We do not knowingly collect data from children under 16. If you believe we have done so, please contact us and we will delete it.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the new version on this page and update the “Last updated” date. For material changes, we will notify you (e.g. by email or a notice in the Service). Continued use after the effective date means you accept the updated policy.
9. Contact and Data Controller
For privacy questions, to exercise your rights, or to contact our data protection contact:
- Email: jeremie.bertrand@realsync.net
- Web: zapn.io