Privacy Policy

Effective Date: May 13, 2026    Last Updated: May 13, 2026

This policy covers both the ZendBack website (zendback.com) and the ZendBack™ mobile application. ZendBack LLC (“we,” “our,” or “us”) is a Florida limited liability company. The ZendBack platform is owned by Sociale Innovo Labs LLC and licensed exclusively to ZendBack LLC. For all data privacy purposes, ZendBack LLC is the responsible party.

ZendBack collects only the information necessary to provide and improve our services and does not retain personal data beyond the periods described in this policy. ZendBack currently operates in the State of Florida. This policy will be updated as we expand to additional states.

By downloading, accessing, or using the ZendBack application, you agree to the collection and use of information as described in this policy. If you do not agree, do not use the service.

ZendBack is intended for users 18 years of age and older. By creating an account, you confirm that you meet this age requirement.

1. Information We Collect

Information You Provide

• Account Information: Name, email address, phone number, unit number
• Payment Information: Processed securely by Stripe; we do not store full card numbers
• Service Requests: Pickup instructions, package details, scheduling preferences
• Communications: Messages you send to our support team

Automatically Collected

• Device Information: Device type, operating system, app version, Firebase device ID
• Usage Data: Features used, collection history, app interactions
• Location Data: Building and unit location for service delivery only, not continuous background tracking

Information We Do Not Collect

• Biometric Data: ZendBack does not access, collect, or store biometric data. Device-level authentication (Face ID, Touch ID) is handled entirely by your device.
• Precise GPS Location: We do not track your real-time location. We use only the addresses you provide.
• Cross-App Tracking: ZendBack does not track activity across other apps or websites and does not use third-party advertising trackers.

2. How We Use Your Information

• Service Delivery: Scheduling and executing package collections, coordinating with shipping carriers, issuing collection confirmations
• Aggregated Analytics: Aggregate, anonymized building-level data only. Total collection volumes, service utilization rates per building per period. No individually identifiable data. Resident identifiers are removed before any internal analytics use.
• Resident Service Communications: Notifications about your collection status and service updates directly related to your ZendBack use
• Satisfaction Surveys: Optional surveys no more than once per quarter

We do not use your information for advertising and do not sell it to third parties.

3. Information Sharing

Service Providers

• Stripe: Payment processing, stripe.com/privacy
• Google LLC (Firebase / Firestore): App infrastructure, owned by Sociale Innovo Labs LLC and licensed to ZendBack LLC. Google processes data under a Data Processing Agreement with ZendBack, policies.google.com/privacy
• SendGrid (Twilio): Transactional email delivery, twilio.com/legal/privacy
• Apple: App Store, push notifications, apple.com/privacy
• Shipping Carriers (FedEx, UPS, USPS): Your name and address are transmitted to carriers when we generate and hand off your shipping label. This information is provided by you at scheduling.

Property Operators

Your property management may receive aggregate, anonymized usage data such as total collections per month. Individual resident account details or personal information are not shared with property operators. Enterprise property operators are subject to a separate Data Processing Agreement governing data handling under their service agreement with ZendBack.

Legal Requirements

We may disclose information when required by law, court order, or to protect user safety, prevent fraud, or comply with legal processes.

Business Transfers

If ZendBack is acquired or merges, your information may transfer to the new entity subject to the same privacy protections described in this policy.

4. Payment Processing

• All payment transactions are handled by Stripe, Inc.
• We receive only transaction confirmations and subscription status, not payment details
• We do not store credit card numbers, bank account information, or Apple Pay tokens
• Billing records are retained for 7 years for tax and legal compliance (see Section 9)

5. Data Security

• Access Controls: Role-based access; personnel access only what is necessary for their function
• App Security: Firebase App Check enforced on all database reads and writes to prevent unauthorized API access
• Encryption in Transit: TLS 1.2 or higher for all communication
• Encryption at Rest: AES-256 via Google Cloud default encryption
• Data Segregation: Resident data is logically segregated by property
• Analytics Pseudonymization: All internal analytics use anonymized datasets only, no individual resident is identifiable
• Background Screening: FCRA-compliant pre-employment background check required for all collection agents before first shift
• Incident Response Plan: Written procedures reviewed annually
• Annual Security Assessments: Security review conducted no less than annually

In the event of a data breach affecting your personal information, ZendBack will notify affected Florida residents within 30 days of confirming the breach, as required by the Florida Information Protection Act (§ 501.171, Fla. Stat.), and will notify relevant authorities as required.

6. Your Rights and Choices

• Access: View and update your account information in the app, or contact privacy@zendback.com
• Correction: Request corrections to inaccurate data
• Deletion: You may delete your account and personal data at any time. See Section 7 for full details and available methods.
• Export: Request a copy of your personal data by contacting privacy@zendback.com
• Push Notifications: Control through your device settings at any time
• Marketing Emails: Opt out at any time via unsubscribe link or by contacting us

7. Account Deletion

You may request permanent deletion of your ZendBack account and personal data at any time through any of the following methods:

In the App

Open the ZendBack app and go to Settings, then Security, then Delete Account. The app will walk you through a disclosure of what will happen, ask you to re-enter your password, and submit the request.

On the Web

Visit zendback.com/delete-account. Enter your email address. You will receive a confirmation email with a single-use link. Click the link to confirm your deletion request. The confirmation link expires after 60 minutes.

By Email

Send a request from the email address associated with your account to support@zendback.com. Our team will process the request using the same deletion workflow.

What Happens When You Request Deletion

When you request deletion, the following happens immediately:

• Your account is disabled and you can no longer sign in
• All active sessions are revoked
• Any active pickup requests are cancelled
• Any active Stripe subscriptions are cancelled
• You receive a confirmation email with the scheduled permanent deletion date

Your account enters a 30-day grace period before permanent deletion. During this period, your data remains in our system but is not accessible.

Restoring Your Account

During the 30-day grace period, you may restore your account by emailing support@zendback.com from the email address on the account. Your account will be re-enabled and you will need to sign in again. Pickup requests and subscriptions cancelled during the deletion process are not automatically restored.

If you attempt to register a new account using the same email address while a deletion is pending, you will be directed to contact support to restore your existing account instead.

What Is Permanently Deleted

After the 30-day grace period, the following is permanently deleted and cannot be recovered:

• Your account credentials
• Your personal profile (name, email, phone number, address, unit and floor number)
• Your community and building association
• Your Stripe customer record, including saved payment methods
• All in-app notification history and notification preferences
• Your user record and all associated data

You will receive a final confirmation email when permanent deletion is complete.

What Is Retained After Deletion

Certain records are retained in anonymized form after your account is permanently deleted:

• Pickup request operational records are anonymized by removing your name, email, phone number, unit number, floor number, and address. The remaining operational data (collection date, status history, carrier handoff timestamps, package condition photos) is retained so ZendBack can produce a defensible audit trail in the event of a carrier dispute involving a package handled before deletion. Your identity is replaced with an anonymous placeholder and cannot be linked back to you.
• Payment records are anonymized in the same manner and retained for 7 years to satisfy federal tax recordkeeping requirements under IRC § 6001 and Florida Department of Revenue retention guidelines.
• An account deletion audit log records that a deletion occurred, when it occurred, and through which channel (in-app, web, or email). This log contains no personal information and is retained as a compliance record.

8. Children’s Privacy

ZendBack is not directed to children under 13 and does not knowingly collect their information. If you are under 13, do not use the ZendBack app or website. If you believe we have collected data from a child under 13, contact privacy@zendback.com immediately and we will promptly delete it.

9. Data Retention

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Upon account deletion, your account enters a 30-day grace period. After the grace period, personal data is permanently deleted and operational records are anonymized as described in Section 7.
• Financial Records: Anonymized billing and payment data retained for 7 years for tax and legal compliance under IRC § 6001 and Florida Department of Revenue retention guidelines
• Push Notification Tokens: Deleted when your account is deactivated or upon request
• Website Contact Form Submissions: Retained for 2 years or until the inquiry is resolved, whichever is later
• Account Deletion Audit Logs: Retained indefinitely as a compliance record. These logs contain no personal information.

Data Deletion Upon Property Offboarding

Upon termination of a property service agreement, ZendBack will, within 30 days, delete or anonymize all personal data associated with residents of that building, including names, email addresses, phone numbers, unit numbers, collection history, and package records. Anonymized aggregate data may be retained for operational analytics. Financial records are retained separately per the schedule above.

10. Updates to This Policy

For material changes, we will provide at least 30 days’ advance notice via in-app notification and email. Continued use after the effective date constitutes acceptance. This policy will be updated as ZendBack expands to additional states.

11. Governing Law

This Privacy Policy is governed by the laws of the State of Florida, including the Florida Information Protection Act (§ 501.171, Fla. Stat.).

12. Contact