Zadd

Privacy policy

Last updated: May 7, 2026

Overview

Zadd is a personal finance app for residents of the United Arab Emirates. This policy explains what information we collect, why we collect it, where it's stored, and your rights over it.

What we collect

  • Account info — your name, email address, and encrypted password (or your Apple Sign In identity token).
  • KYC info — date of birth, Emirates ID, phone number, and nationality. Required by UAE Open Finance regulations before linking a bank.
  • Bank data — when you link a bank, we receive account details, balances, and transaction history through a CBUAE-licensed Open Finance provider.
  • App data — budgets, categories, manual accounts and transactions, investment holdings, and customisations (account names, colours) that you create inside the app.

Where it's stored

Your data is stored in Supabase (a managed Postgres database hosted in a region selected for compliance). Every table enforces row-level security so only your own signed-in session can read or modify rows tagged with your user ID.

Bank data flows from our Open Finance provider to our backend via webhooks and is written to the same Supabase database under the same RLS rules.

Who we share with

  • Our Open Finance provider — a CBUAE-licensed provider that authenticates your bank link and fetches account and transaction data on your behalf.
  • Supabase — our backend infrastructure provider. Their privacy policy is at supabase.com/privacy.
  • Apple — when you sign in with Apple, the standard Apple Sign In flow applies.

We don't sell or rent your data to third parties for advertising.

Your rights

  • Access and export — your data is visible inside the app at all times. We can provide a structured export on request.
  • Delete your account — Profile → Delete account in the app permanently removes your account and all associated data (cascading across every table).
  • Unlink a bank — disconnect any linked bank from the app at any time. This stops new transaction syncs.

Security

Connections to our backend use TLS 1.2+. Passwords are stored as salted hashes by Supabase Auth — we never see them in plaintext. Authentication tokens are stored in iOS Keychain on-device.

Contact

Questions about this policy? Email privacy@zadd-ae.com.

This policy may change as Zadd evolves. We'll update the "Last updated" date above and, for material changes, notify you in the app.