Zortia

Legal

Privacy Policy

Last updated: 2026. Baseline policy, reviewed by counsel before launch.

What we collect

Your email and account details; read-only business metrics from Stripe (MRR, churn, ARPU, charges, refunds, never card numbers); and personal financial figures you enter manually (assets, debts, burn). We never ask for or store bank-account credentials.

How it's stored

Encrypted in transit (TLS) and at rest. Stripe tokens are encrypted and scoped read-only. Per-user isolation is enforced with database row-level security. We store no raw card data, Stripe handles PCI scope.

We never sell your data

No ads, no data brokerage, no selling or sharing your financial data with third parties for marketing. Our revenue is subscriptions.

Subprocessors

We use Stripe (metrics), Supabase (database/auth), Vercel (hosting), Anthropic (AI narration over your numbers), Resend (email), and Dodo Payments (billing). Each handles a defined function; a DPA is available on request.

Retention, export & deletion

We keep the minimum data necessary. You can export all your data and permanently delete your account at any time, deletion is honored promptly.

Your rights (GDPR & India DPDP)

Access, correction, export, and deletion. To exercise any right, email privacy@zortia.com.