Privacy Policy

Effective Date: March 22, 2026    Last Updated: March 22, 2026

This policy covers both the ZendBack website (zendback.com) and the ZendBack mobile application. ZendBack LLC (“we,” “our,” or “us”) is a Florida limited liability company. The ZendBack platform is owned by Sociale Innovo Labs LLC and licensed exclusively to ZendBack LLC. For all data privacy purposes, ZendBack LLC is the responsible party.

ZendBack collects only the information necessary to provide and improve our services and does not retain personal data beyond the periods described in this policy. ZendBack currently operates in the State of Florida. This policy will be updated as we expand to additional states.

By downloading, accessing, or using the ZendBack application, you agree to the collection and use of information as described in this policy. If you do not agree, do not use the service.

ZendBack is intended for users 18 years of age and older. By creating an account, you confirm that you meet this age requirement.

1. Information We Collect

Information You Provide

• Account Information: Name, email address, phone number, unit number
• Payment Information: Processed securely by Stripe; we do not store full card numbers
• Service Requests: Pickup instructions, package details, scheduling preferences
• Communications: Messages you send to our support team

Automatically Collected

• Device Information: Device type, operating system, app version, Firebase device ID
• Usage Data: Features used, collection history, app interactions
• Location Data: Building and unit location for service delivery only — not continuous background tracking

Information We Do Not Collect

• Biometric Data: ZendBack does not access, collect, or store biometric data. Device-level authentication (Face ID, Touch ID) is handled entirely by your device.
• Precise GPS Location: We do not track your real-time location. We use only the addresses you provide.
• Cross-App Tracking: ZendBack does not track activity across other apps or websites and does not use third-party advertising trackers.

2. How We Use Your Information

• Service Delivery: Scheduling and executing package collections, coordinating with shipping carriers, issuing collection confirmations
• Aggregated Analytics: Aggregate, anonymized building-level data only — total collection volumes, service utilization rates per building per period. No individually identifiable data. Resident identifiers are removed before any internal analytics use.
• Resident Service Communications: Notifications about your collection status and service updates directly related to your ZendBack use
• Satisfaction Surveys: Optional surveys no more than once per quarter

We do not use your information for advertising and do not sell it to third parties.

3. Information Sharing

Service Providers

• Stripe: Payment processing — stripe.com/privacy
• Google LLC (Firebase / Firestore): App infrastructure, owned by Sociale Innovo Labs LLC and licensed to ZendBack LLC. Google processes data under a Data Processing Agreement with ZendBack — policies.google.com/privacy
• Apple: App Store, push notifications — apple.com/privacy
• Shipping Carriers (FedEx, UPS, USPS): Your name and address are transmitted to carriers when we generate and hand off your shipping label. This information is provided by you at scheduling.

Property Operators

Your property management may receive aggregate, anonymized usage data such as total collections per month. Individual resident account details or personal information are not shared with property operators. Enterprise property operators are subject to a separate Data Processing Agreement governing data handling under their service agreement with ZendBack.

Legal Requirements

We may disclose information when required by law, court order, or to protect user safety, prevent fraud, or comply with legal processes.

Business Transfers

If ZendBack is acquired or merges, your information may transfer to the new entity subject to the same privacy protections described in this policy.

4. Payment Processing

• All payment transactions are handled by Stripe, Inc.
• We receive only transaction confirmations and subscription status, not payment details
• We do not store credit card numbers, bank account information, or Apple Pay tokens
• Billing records are retained for 7 years for tax and legal compliance

5. Data Security

• Access Controls: Role-based access; personnel access only what is necessary for their function
• App Security: Firebase App Check enforced on all database reads and writes to prevent unauthorized API access
• Encryption in Transit: TLS 1.2 or higher for all communication
• Encryption at Rest: AES-256 via Google Cloud default encryption
• Data Segregation: Resident data is logically segregated by property
• Analytics Pseudonymization: All internal analytics use anonymized datasets only — no individual resident is identifiable
• Background Screening: FCRA-compliant pre-employment background check required for all collection agents before first shift
• Incident Response Plan: Written procedures reviewed annually
• Annual Security Assessments: Security review conducted no less than annually

In the event of a data breach affecting your personal information, ZendBack will notify affected Florida residents within 30 days of confirming the breach, as required by the Florida Information Protection Act (§ 501.171, Fla. Stat.), and will notify relevant authorities as required.

6. Your Rights and Choices

• Access: View and update your account information in the app, or contact privacy@zendback.com
• Correction: Request corrections to inaccurate data
• Deletion: Request account and data deletion by contacting privacy@zendback.com. We will delete your personal data within 30 days, subject to legal retention requirements.
• Export: Request a copy of your personal data by contacting privacy@zendback.com
• Push Notifications: Control through your device settings at any time
• Marketing Emails: Opt out at any time via unsubscribe link or by contacting us

7. Children’s Privacy

ZendBack is not directed to children under 13 and does not knowingly collect their information. If you are under 13, do not use the ZendBack app or website. If you believe we have collected data from a child under 13, contact privacy@zendback.com immediately and we will promptly delete it.

8. Data Retention

• Active Accounts: Data retained while account is active
• Cancelled Accounts: Personal data deleted within 30 days of cancellation request
• Financial Records: Billing data retained for 7 years for tax and legal compliance
• Push Notification Tokens: Deleted when account is deactivated or upon user request
• Website Contact Form Submissions: Retained for 2 years or until the inquiry is resolved, whichever is later

Data Deletion Upon Property Offboarding

Upon termination of a property service agreement, ZendBack will, within 30 days, delete or anonymize all personal data associated with residents of that building, including names, email addresses, phone numbers, unit numbers, collection history, and package records. Anonymized aggregate data may be retained for operational analytics. Financial records are retained separately per the schedule above.

9. Updates to This Policy

For material changes, we will provide at least 30 days’ advance notice via in-app notification and email. Continued use after the effective date constitutes acceptance. This policy will be updated as ZendBack expands to additional states.

10. Governing Law

This Privacy Policy is governed by the laws of the State of Florida, including the Florida Information Protection Act (§ 501.171, Fla. Stat.).

11. Contact