Privacy Policy
App: ZumFlo
Publisher: Sub37 Labs
Contact: support [at] zumflo.app
Last updated: March 12, 2026
Your privacy is essential. ZumFlo is built on the principle of Privacy by Design: your financial records belong to you. Sub37 Labs does not collect, sell, share, or view your data. This policy describes exactly what data the App processes, where it is stored, and what control you have.
1. Data We Collect and How It Is Stored
ZumFlo functions primarily as a local application on your iOS device. Sub37 Labs does not operate servers that store your data.
| Category | Examples | Storage |
|---|
| Identity & Contact | Name, email, phone number, profile photo | On device |
| Business Details | Company name, address, KvK number, VAT number, IBAN | On device |
| Financial Records | Daily logs, revenue, expenses, settlements, hours, kilometres | On device |
| Services & Products | Categories, prices, financial rules, cost agreements | On device |
| Authentication Tokens | OAuth access and refresh tokens for SumUp and Moneybird | iOS Keychain |
| App Settings | Preferences, notification settings, lock timeout | On device |
| Biometric Reference | Face ID / Touch ID (used for App Lock) | iOS Secure Enclave |
No external server. Sub37 Labs does not operate a central database. We have no technical means to access, read, or analyse your data.
2. iCloud Sync
If you enable iCloud synchronisation, your data is stored in your personal iCloud account via Apple’s CloudKit framework.
- Data is encrypted by Apple in transit (TLS) and at rest.
- Sub37 Labs has no access to your iCloud container — only your Apple ID can access it.
- You can disable sync at any time in the App’s settings or via iOS Settings → iCloud.
- Apple’s handling is governed by Apple’s Privacy Policy.
3. Third-Party Integrations
ZumFlo offers optional integrations with external services. Data is only shared when you explicitly activate a connection.
3.1 SumUp (Payment Processing)
- Data shared: The App retrieves your transaction history (amounts, timestamps, payment methods) from SumUp’s API.
- Direction: From SumUp to the App. ZumFlo does not transmit financial data to SumUp.
- Tokens: OAuth tokens stored in the iOS Keychain (hardware-encrypted).
- Disconnect: Profile → Integrations → Disconnect. Tokens are immediately deleted.
- Their policy: SumUp Privacy Policy
3.2 Zettle by PayPal (Payment Processing)
- Data shared: The App retrieves your transaction history (amounts, timestamps, payment methods) from Zettle’s API.
- Direction: From Zettle to the App. ZumFlo does not transmit financial data to Zettle.
- Tokens: OAuth tokens stored in the iOS Keychain (hardware-encrypted).
- Disconnect: Profile → Integrations → Disconnect. Tokens are immediately deleted.
- Their policy: Zettle Privacy Policy
3.3 Moneybird (Bookkeeping)
- Data shared: Invoice data, expense records, and financial summaries, at your instruction.
- Direction: Bidirectional — the App reads and writes in your Moneybird account.
- Tokens: OAuth tokens stored in the iOS Keychain.
- Disconnect: Via the App or your Moneybird account settings.
- Their policy: Moneybird Privacy Statement
Sub37 Labs requires that any third party with which the App exchanges data provides protection equal to or greater than this policy.
4. Device Permissions
| Permission | Purpose | Required? |
|---|
| Notifications | Daily reminders to complete your daily log | Optional |
| Camera | Capture a profile photo (stored locally only) | Optional |
| Photo Library | Select a profile photo from your library | Optional |
| Face ID / Touch ID | App Lock via biometric authentication | Optional |
ZumFlo does not access your location, microphone, contacts, calendar, health data, or any sensor not listed above.
5. Subscriptions and Payments
All payments are processed via your Apple ID account through Apple’s in-app purchase system. Sub37 Labs does not collect, store, or have access to your payment details, credit card information, or billing address. Apple’s handling is governed by Apple’s Privacy Policy.
6. Analytics and Telemetry
ZumFlo collects minimal, privacy-first usage analytics to improve the App. These analytics record only that an action occurred (e.g. “a daily log was created”), never the content of that action (no amounts, names, or financial data).
- Analytics events contain no personally identifiable information (PII)
- No financial data (amounts, revenue, costs) is ever included in analytics
- No advertising identifiers (IDFA) or cross-app tracking frameworks are used
- No third-party advertising or advertising SDKs are present
- No device fingerprinting is performed
- No data is shared with data brokers or marketing platforms
Examples of events that may be recorded: app launched, onboarding completed, daily log created, subscription started. Examples of data that is never recorded: revenue amounts, cost details, personal names, location data.
These analytics are processed by TelemetryDeck GmbH (Germany), a privacy-first analytics provider. TelemetryDeck does not receive any personally identifiable information and cannot identify individual users. See TelemetryDeck’s Privacy Policy.
7. Future: Sector Benchmarking (Opt-In)
In a future version, ZumFlo may offer an optional benchmarking feature. If introduced:
- Participation is entirely voluntary and requires explicit consent
- Only aggregated, quantised metrics would be shared — never raw financial data
- Data is anonymised using k-anonymity (minimum group size of 10)
- You can withdraw consent at any time
- This Privacy Policy will be updated before activation
8. Data We Do Not Collect
ZumFlo does not:
- Use advertising identifiers (IDFA) or cross-app tracking
- Contain third-party advertising or advertising SDKs
- Perform device fingerprinting
- Include financial amounts or personal data in analytics
- Share data with data brokers or marketing platforms
9. Data Retention and Deletion
9.1 Retention
Your data remains on your device (and in your iCloud account, if enabled) for as long as you choose to keep it. There is no automatic expiration.
9.2 Deletion
You are in full control. You can delete data at any time:
- Individual records: Delete daily logs, categories, or financial rules from within the App.
- Full reset: Profile → Data & iCloud → erase all data.
- iCloud data: Disable sync and delete the container via iOS Settings → Apple ID → iCloud → Manage Storage.
- Third-party tokens: Disconnect SumUp or Moneybird in the App. Tokens are immediately removed from the iOS Keychain.
- Uninstall: Removing the App deletes all locally stored data.
Because Sub37 Labs does not store data on external servers, deletion is immediate and permanent.
10. Revoking Consent
- Device permissions — iOS Settings → ZumFlo → toggle individual permissions off.
- iCloud sync — App Settings or iOS Settings → iCloud → ZumFlo.
- SumUp / Moneybird — Profile → Integrations → Disconnect, or via the third party’s own account settings.
- Notifications — iOS Settings → Notifications → ZumFlo.
11. Children’s Privacy
ZumFlo is a business administration tool for self-employed professionals and is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has used the App, please contact .
12. Security
- All data is stored in the iOS-encrypted application sandbox.
- OAuth tokens are stored in the iOS Keychain with hardware-backed encryption (Secure Enclave).
- Optional App Lock via Face ID or Touch ID.
- iCloud data is encrypted by Apple in transit and at rest.
- No data is transmitted to Sub37 Labs-operated infrastructure.
13. International Transfers
If you enable iCloud sync, Apple may store data in data centres outside your country of residence, subject to Apple’s data processing agreements. If you connect SumUp or Moneybird, data may be processed in those services’ jurisdictions. Anonymous usage analytics are processed by TelemetryDeck GmbH in Germany. Sub37 Labs itself does not transfer your data internationally.
14. Your Rights Under GDPR
Within the European Economic Area, you have the following rights under the General Data Protection Regulation:
- Access: View all your data directly in the App.
- Rectification: Edit any record in the App.
- Erasure: Delete individual records or all data (see Section 9).
- Data portability: Export your data as PDF reports.
- Restriction & objection: You exercise these rights by managing integrations and permissions directly.
Because all data resides on your device, you exercise these rights directly — no request to Sub37 Labs is necessary. Need help? Email .
15. Governing Law
This Privacy Policy is governed by the laws of the Netherlands. Any disputes shall be submitted to the competent court in the Netherlands.
16. Changes to This Policy
- The “Last updated” date at the top will be revised.
- Material changes will be communicated via a notice in the App.
- Continued use after the update constitutes acceptance.
17. Contact