← Back to ZipSignal

Privacy Policy

Last updated: March 17, 2026

ZipSignal ("we," "us," or "our") operates the ZipSignal platform (the "Service"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Service.

1. Information We Collect

Account Information

  • Email address
  • Password (stored hashed; we never see your plain-text password)
  • Business name and industry
  • Phone number (if provided for SMS alerts)
  • Zip codes you select for lead monitoring

Usage Data

  • Pages visited, features used, and interactions within the dashboard
  • Alert preferences and notification settings
  • Lead status actions (saved, dismissed, read)

Payment Information

Payment details are processed directly by Stripe. We do not store credit card numbers on our servers. We receive only a confirmation of your subscription status.

2. How We Use Your Information

  • Lead matching: Your industry and zip code selections determine which public-record leads are routed to your dashboard.
  • AI-powered insights: Lead data is processed through AI to generate relevance analysis and suggested actions tailored to your industry (see Section 3 below).
  • Notifications: Your email and/or phone number are used to send lead alerts, daily digests, and account-related messages.
  • Billing: To manage your subscription and process payments through Stripe.
  • Service improvement: Aggregated, anonymized usage data helps us improve features and performance.

3. AI Processing Disclosure

Important: How AI Is Used in ZipSignal

ZipSignal uses Google's Gemini AI to analyze lead data and generate personalized insights for your business. When a lead is matched to your account, the following information may be sent to Google's Gemini API for processing:

  • Property addresses from public records
  • Public record details (sale prices, permit types, filing dates)
  • Your industry category (to tailor the analysis)

Google does not use Gemini API inputs or outputs to train its models when accessed via the paid API. Data sent via the API is processed to generate a response and is subject to Google's Cloud data processing terms and retention policies.

For more details, see Google's Privacy Policy and the Gemini API Terms of Service.

4. Third-Party Services

We share data with the following third-party providers as necessary to operate the Service:

ProviderPurposeData Shared
SupabaseDatabase & authenticationAccount data, leads, alerts
Google (Gemini AI)Lead analysis & insightsPublic record data, industry type
StripePayment processingEmail, subscription plan
TwilioSMS notificationsPhone number, message content
BrevoEmail notificationsEmail address, message content
MapboxMap displayLead coordinates (client-side only)
ATTOMProperty data enrichmentProperty addresses
UnsplashProperty imageryImage requests (no personal data)
Templated.ioPostcard generationLead details for postcard content

5. Data Retention

  • Account data is retained for the duration of your active account.
  • Lead and alert data is retained for up to 12 months, after which it is automatically archived or deleted.
  • Payment records are retained as required by applicable tax and financial regulations.
  • When you delete your account, your personal data is permanently removed within 30 days, except where retention is required by law.

6. Your Rights

All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update inaccurate or incomplete data via your Settings page or by contacting us.
  • Deletion: Request permanent deletion of your account and associated data.
  • Data portability: Export your lead data via the CSV export feature in your dashboard.

CCPA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information is collected and how it is used.
  • Request deletion of your personal information.
  • Opt out of the "sale" of personal information. We do not sell your personal information.
  • Non-discrimination for exercising your privacy rights.

GDPR Rights (EU/EEA Residents)

If you are located in the EU/EEA, you additionally have the right to:

  • Restrict or object to data processing.
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with your local data protection authority.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), secure authentication, and access controls. However, no method of transmission over the internet is 100% secure.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

privacy@zipsignal.app