Privacy Policy
Last updated: [effective date]
1. General Provisions
This Privacy Policy explains what personal data is collected and processed by the Zbery service (hereinafter — "Service", "we"), operated by [legal entity name] (hereinafter — "Operator"), how we use this data, and what rights users have regarding their personal data.
By using the Service, you agree to the terms of this Policy. If you do not agree — please do not use the Service.
We process personal data in accordance with:
- The Law of Ukraine "On Personal Data Protection"
- EU Regulation 2016/679 (GDPR) — for users in the EU
- Applicable Ukrainian legislation
2. Data We Collect
2.1 Data you provide via Google OAuth
When signing in with Google, we receive from Google only:
- First and last name (or display name)
- Email address
- Unique Google account identifier
- Profile photo (URL)
We do not access your Google password, contacts, emails, documents, or any other Google account data.
2.2 Data you create in the Service
- Shopping list names and their content (product names, quantities)
- Text queries to the AI assistant
- Account settings (language, theme)
2.3 Technical data
When using the Service, the following is collected automatically:
- IP address and country of connection
- Browser type and operating system
- Date and time of requests to the Service
- Referral URL
This data is used exclusively for security, technical support, and aggregate statistics.
2.4 Cookies and similar technologies
We use technical cookies necessary for the Service to function:
- Session cookie — to maintain your login session
- Theme setting — to remember your light/dark mode preference
- Language setting — to remember your selected interface language
We do not use advertising or marketing cookies from third parties.
3. How We Use Your Data
We use collected data exclusively for the following purposes:
| Purpose | Legal basis |
|---|---|
| Providing Service functionality (lists, sync) | Contract performance |
| AI processing of your text queries | Contract performance |
| Identification and authentication | Contract performance |
| Processing payments for Premium subscription | Contract performance |
| Sending important Service notifications | Legitimate interest |
| Ensuring security and protection against abuse | Legitimate interest |
| Improving the Service based on aggregate statistics | Legitimate interest |
We do not sell your personal data to third parties. We do not use your data for advertising.
4. AI Data Processing
For AI features (text recognition, list structuring), your text queries are sent to third-party AI services. At the time of this Policy's publication, we use Google's services (Gemini API).
- AI queries contain only text you entered (product names, dish names, etc.)
- We do not send your email, name, or any identifying data to AI services
- Data is not linked to your identity before transmission
- Google processes this data according to its Privacy Policy: policies.google.com/privacy
5. Third Parties and Data Transfers
We engage the following third parties to operate the Service:
| Provider | Role | Data location |
|---|---|---|
| Google LLC | OAuth authentication, AI processing | USA (with appropriate safeguards) |
| Railway (Railway Corp.) | Hosting and database | USA |
| LiqPay (JSC CB "PrivatBank") | Payment processing | Ukraine |
Payment data (card number, etc.) is never received or stored by us — it is processed directly by LiqPay.
For data transfers to the USA, we rely on EU standard contractual clauses (SCC) and the EU-US Data Privacy Framework where applicable.
6. Data Storage and Protection
- Your data is stored on secure Railway servers
- Data is transmitted exclusively via HTTPS/TLS
- Database access is restricted and monitored
- We do not store passwords (OAuth only)
Retention periods:
- Account data — retained until account deletion
- Shopping lists — retained until account or list deletion
- Technical logs — no more than 90 days
- Data after account deletion — deleted within 30 days
7. Your Rights
You have the following rights regarding your personal data:
- Right of access — to receive confirmation of whether we process your data, and a copy of it
- Right to rectification — to correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — to delete your account and all associated data
- Right to restriction — to request cessation or restriction of processing
- Right to data portability — to receive your data in machine-readable format
- Right to object — to object to processing based on legitimate interest
To exercise any of these rights — send a request to [support@zbery.app]. We will respond within 30 days.
Account deletion: you can delete your account in profile settings. All your data and lists will be deleted within 30 days.
8. Children
The Service is not intended for persons under 13 years of age. We do not knowingly collect data from children under 13. If you become aware that a child under 13 has provided us with personal data — please contact us at [support@zbery.app].
9. Policy Changes
We may update this Policy. For significant changes, we will notify you by email or a prominent notice in the Service no later than 14 days before the changes take effect. Continued use of the Service after an update constitutes acceptance of the revised Policy.
10. Contact
For questions regarding personal data protection, please contact:
If you believe your rights have been violated, you also have the right to file a complaint with the Ukrainian Parliament Commissioner for Human Rights (ombudsman.gov.ua).