Privacy Policy

Last updated: January 2025

Introduction

Zero Crash ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our energy management application and related services.

We understand that health and biometric data is deeply personal. We treat this data with the utmost care and comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union.

Data We Collect

Personal Information

  • Account information (name, email address)
  • Profile preferences and settings
  • Communication preferences

Health and Biometric Data

With your explicit consent, we may collect the following special category data:

  • Sleep quality metrics (duration, sleep stages, sleep score)
  • Heart rate variability (HRV) data
  • Resting heart rate measurements
  • Activity and recovery data from connected wearables
  • Menstrual cycle information (if you choose to track)
  • Self-reported energy levels and mood

Calendar and Task Data

  • Calendar events (with your permission)
  • Task information you create within the app
  • Scheduling preferences

Technical Data

  • Device information and identifiers
  • App usage analytics
  • Error logs and performance data

How We Use Your Data

We use your data exclusively to:

  • Generate personalized energy estimates and insights
  • Provide smart scheduling suggestions
  • Identify potential burnout risk patterns
  • Sync with your calendar and connected devices
  • Improve our algorithms and services
  • Communicate with you about your account and updates
  • Ensure the security and functionality of our services

We do not sell your personal or health data to third parties.

Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your data based on:

  • Consent: For health and biometric data, which constitutes special category data under GDPR. You provide explicit consent when connecting wearables or enabling cycle tracking.
  • Contract: To provide the services you have requested.
  • Legitimate interests: For improving our services, security, and fraud prevention.

Data Sharing

We only share your data with:

  • Wearable device providers: To sync data from devices you have connected (e.g., Apple Health, Garmin, Oura, Whoop)
  • Calendar services: To sync with calendars you have connected (e.g., Google Calendar, Apple Calendar)
  • Service providers: Trusted partners who help us operate our services (cloud hosting, analytics), bound by strict data protection agreements
  • Legal requirements: When required by law or to protect our rights

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS) and at rest (AES-256)
  • Secure cloud infrastructure with access controls
  • Regular security audits and penetration testing
  • Employee access limited on a need-to-know basis
  • Data anonymization for analytics where possible

Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your data at any time. Upon account deletion, we will remove your personal and health data within 30 days, except where we are required by law to retain certain information.

Your Rights

Under GDPR and other applicable laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities
  • Withdraw consent: Withdraw consent for health data processing at any time

To exercise these rights, contact us at privacy@zerocrash.app.

International Data Transfers

Your data may be processed in countries outside your residence. For transfers outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

Children's Privacy

Zero Crash is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Zero Crash
Email: privacy@zerocrash.app

For EU users, you also have the right to lodge a complaint with your local data protection authority.