Privacy policy
Last updated: May 7, 2026
Overview
Zadd is a personal finance app for residents of the United Arab Emirates. This policy explains what information we collect, why we collect it, where it's stored, and your rights over it.
What we collect
- Account info — your name, email address, and encrypted password (or your Apple Sign In identity token).
- KYC info — date of birth, Emirates ID, phone number, and nationality. Required by UAE Open Finance regulations before linking a bank.
- Bank data — when you link a bank, we receive account details, balances, and transaction history through Lean Tech (a CBUAE-licensed Open Finance provider).
- App data — budgets, categories, manual accounts and transactions, investment holdings, and customisations (account names, colours) that you create inside the app.
Where it's stored
Your data is stored in Supabase (a managed Postgres database hosted in a region selected for compliance). Every table enforces row-level security so only your own signed-in session can read or modify rows tagged with your user ID.
Bank data flows from Lean Tech to our backend via webhooks and is written to the same Supabase database under the same RLS rules.
Who we share with
- Lean Tech — to authenticate your bank link and fetch account/transaction data on your behalf. Their privacy policy is at leantech.me/privacy.
- Supabase — our backend infrastructure provider. Their privacy policy is at supabase.com/privacy.
- Apple — when you sign in with Apple, the standard Apple Sign In flow applies.
We don't sell or rent your data to third parties for advertising.
Your rights
- Access and export — your data is visible inside the app at all times. We can provide a structured export on request.
- Delete your account — Profile → Delete account in the app permanently removes your account and all associated data (cascading across every table).
- Unlink a bank — disconnect any linked bank from the app at any time. This stops new transaction syncs.
Security
Connections to our backend use TLS 1.2+. Passwords are stored as salted hashes by Supabase Auth — we never see them in plaintext. Authentication tokens are stored in iOS Keychain on-device.
Contact
Questions about this policy? Email privacy@zadd-ae.com.
This policy may change as Zadd evolves. We'll update the "Last updated" date above and, for material changes, notify you in the app.