Legal
Privacy Policy
Last updated: July 8, 2026
Zylon (“Zylon,” “we,” “us,” or “our”) operates a social accountability platform available as a mobile application (iOS and Android, the “App”) and a website at zylon.app (the “Website”), together the “Service.” This Privacy Policy explains what personal information we collect, why we collect it, how it’s used, and the rights you have over it.
1.Overview
Zylon is operated by an individual/business based in South Africa. If you have questions about this policy or how your data is handled, contact us at support@zylon.app.
By creating an account or otherwise using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
2.Who This Policy Applies To
This policy applies to all users of Zylon worldwide. Where a specific legal framework grants you additional rights — such as the GDPR (EU/UK), the CCPA/CPRA (California), or POPIA (South Africa) — those additional rights are described in Section 9.
3.Information We Collect
We collect the minimum information needed to run the Service. The tables below reflect exactly what is stored in our systems.
3.1 Account & Profile Information
| Data | Purpose | Source |
|---|---|---|
| Email address | Account creation, login, password reset, transactional notifications | Provided by you, or shared by Google/Apple if you use social sign-in |
| Password (hashed) | Authentication | Provided by you (not applicable if using Google/Apple Sign-In) |
| Username | Public identity within the app | Provided by you |
| Full name | Displayed on your profile (optional) | Provided by you, or shared by Google/Apple if you use social sign-in |
| Profile photo (avatar) | Displayed on your profile | Uploaded by you, or shared by Google/Apple if you use social sign-in |
| Bio | Displayed on your profile (optional) | Provided by you |
We support Sign in with Apple, Google Sign-In, and email/password (all handled through our authentication provider, Supabase). When you use Google or Apple sign-in, the provider shares your name, email address, and (optionally) profile photo with us, as permitted by your settings with that provider. We never receive your Apple ID or Google account password.
3.2 Content You Create
| Data | Purpose |
|---|---|
| Goals (title, category, target date, motivation text) | Core functionality — tracking your progress toward a stated goal |
| Weekly progress updates (“Win” and “Challenge” text, plus optional advice requests) | Core functionality — the accountability loop |
| Photos attached to updates | Shared visual progress; stored via our storage provider (Supabase) |
| Comments and replies on other users’ updates | Core functionality — the support/contribution system |
| “Helpful” marks on comments | Reputation and rank calculation |
| Likes on comments | Engagement features |
| Follows (who you follow / who follows you) | Social graph features |
Photo library access: we request access to your photo library only so you can choose to attach existing photos to your updates.
Because Zylon’s goal-history feature is public by design (past goals and updates are visible on user profiles as proof of progress), be mindful that content you post is generally visible to other users of the Service, consistent with how the app is described to you at the point of posting.
3.3 Subscription & Payment Information
Zylon Pro subscriptions are managed through RevenueCat, which syncs subscription status between Zylon and the Apple App Store or Google Play Store. We store your subscription status (active/inactive), product identifier, entitlement ID, purchase and expiration dates, renewal status, and your chosen posting/contribution commitment frequency (a Pro feature).
3.4 Notifications
- Push notification token — delivering push notifications to your device via Expo's notification service
- Device type — routing notifications correctly (iOS vs. Android)
- Notification preferences — respecting your chosen notification settings (all / important only / none)
- In-app notification history — comments, replies, helpful marks, follows, rank changes, and accountability reminders relevant to you
3.5 App Settings
We store your language preference, dark mode setting, and mention preferences, so your app behaves consistently across sessions and devices.
3.6 Automatically Collected / Technical Information
| Data | Purpose | Source |
|---|---|---|
| Device type, OS version, app version | Debugging, compatibility, crash diagnosis | Expo Device / Expo Application / Expo Constants |
| Crash reports and error logs | Identifying and fixing bugs | Sentry |
| Product usage/interaction data (e.g. screens viewed, features used, session activity) | Understanding how the Service is used, improving the product | PostHog |
| IP address | Security, rate-limiting, and abuse prevention (e.g. on our waitlist form) | Automatically collected by our hosting/network infrastructure |
3.7 What We Do Not Collect
We do not collect or store your precise geolocation. We do not access your contacts, calendar, or other apps on your device, and we do not access your microphone. We do not request any device permissions beyond photo library access and push notifications, both described above.
5.How Long We Keep Your Information
- Account and content data: retained for as long as your account is active.
- Account deletion:if you delete your account through the app, your profile and associated personal data are removed from active systems. Some content (e.g. comments you left on others’ posts) may be anonymized rather than fully deleted where removing it entirely would break the context of another user’s conversation.
- Uploaded media: when a photo or its parent content is deleted, it is queued for permanent removal from our storage provider.
- Crash/analytics data: retained according to Sentry’s and PostHog’s standard retention windows, typically 90 days, after which it is automatically purged.
- Password reset codes: single-use and expire shortly after issuance.
6.Security
We use industry-standard measures to protect your information, including encrypted connections (HTTPS/TLS) between the app and our servers, database-level access controls (Row Level Security), and hashed password storage. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security, but we take reasonable steps to protect your information from unauthorized access, alteration, or disclosure.
7.Children's Privacy
Zylon is not directed at, and is not intended for use by, anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected information from a child under 13, we will take steps to delete it promptly. If you believe a child under 13 has provided us with personal information, contact us at support@zylon.app.
8.International Data Transfers
Zylon is operated from South Africa, and our service providers (Supabase, Expo, Vercel, RevenueCat, PostHog, Sentry) may store or process data in other countries, including the United States and the European Union. Where required, we rely on appropriate safeguards (such as standard contractual clauses used by our providers) to ensure your information receives an adequate level of protection wherever it is processed.
9.Your Rights
Depending on where you live, you may have some or all of the following rights regarding your personal information. To exercise any of these, contact us at support@zylon.app.
9.1 All Users
- Access: request a copy of the personal data we hold about you.
- Correction: update inaccurate information (most can be edited directly in-app via your profile settings).
- Deletion: request deletion of your account and associated personal data, subject to Section 5.
- Portability: request your data in a portable format.
9.2 If You’re in the European Economic Area or UK (GDPR)
In addition to the rights above, you have the right to object to or restrict certain processing, and the right to lodge a complaint with your local data protection authority. Our legal basis for processing your information is generally: performance of a contract (providing the Service you signed up for), your consent (e.g. for optional push notifications), and our legitimate interests (e.g. security, fraud prevention, and product improvement via analytics).
9.3 If You’re in California (CCPA/CPRA)
You have the right to know what personal information we collect, to request deletion, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share your personal information with third parties for cross-context behavioral advertising. California residents may designate an authorized agent to make requests on their behalf.
9.4 If You’re in South Africa (POPIA)
As the responsible party under the Protection of Personal Information Act, we process your personal information lawfully and only for the purposes described in this policy. You have the right to request access to, correction of, or deletion of your personal information, and to object to processing in certain circumstances, in accordance with POPIA.
11.Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we’ll notify you via the app, email, or a notice on our website prior to the change taking effect. The “Last updated” date at the top of this page reflects the most recent revision.
12.Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at support@zylon.app.