Privacy Policy

App: ZumFlo
Publisher: Sub37 Labs
Contact: privacy [at] zumflo.app
Last updated: April 1, 2026

Your privacy is essential. ZumFlo is built on the principle of Privacy by Design: your financial records belong to you. Sub37 Labs does not collect, sell, share, or view your data. This policy describes exactly what data the App processes, where it is stored, and what control you have.

1. Data We Collect and How It Is Stored

ZumFlo functions primarily as a local application on your iOS device. Sub37 Labs does not operate servers that store your data.

Category	Examples	Storage
Identity & Contact	Name, email, phone number, profile photo	On device
Business Details	Company name, address, KvK number, VAT number, IBAN	On device
Financial Records	Daily logs, revenue, expenses, settlements, hours, kilometres	On device
Services & Products	Categories, prices, financial rules, cost agreements	On device
Authentication Tokens	OAuth access and refresh tokens for SumUp, PayPal POS and Moneybird	iOS Keychain
PIN Provider Identity	Merchant code and account name from your SumUp or PayPal POS account	On device
Accounting integration	Moneybird administration ID, ledger account mapping and contact links per location	On device
App Settings	Preferences, notification settings, lock timeout	On device
Biometric Reference	Face ID / Touch ID (used for App Lock)	iOS Secure Enclave

No external server. Sub37 Labs does not operate a central database. We have no technical means to access, read, or analyse your data.

2. iCloud Sync

Your data is automatically synchronised via your personal iCloud account using Apple’s CloudKit framework. This is enabled by default and ensures your data is available across all your devices.

• Data is encrypted by Apple in transit (TLS) and at rest.
• Sub37 Labs has no access to your iCloud container — only your Apple ID can access it.
• You can disable iCloud sync for ZumFlo via iOS Settings → Apple ID → iCloud → Apps Using iCloud → ZumFlo.
• Apple’s handling is governed by Apple’s Privacy Policy.

3. Third-Party Integrations

ZumFlo offers optional integrations with external services. Data is only shared when you explicitly activate a connection.

3.1 SumUp (PIN Payments)

• Requested permissions: When connecting, ZumFlo requests two permissions (scopes):
  • transactions.history — access to your transaction history
  • user.profile_readonly — read-only access to your merchant profile
• What ZumFlo reads: Transaction amounts, timestamps, payment methods, transaction fees and tips. Additionally your merchant code and account name to retrieve transaction details and to reference the source of PIN transactions in reports. ZumFlo does not read email addresses, address details or account settings — even though they technically fall within the requested scope.
• Storage: Your merchant code and account name are stored locally on your device and included in generated reports as a source reference.
• Direction: From SumUp to the App. ZumFlo does not transmit financial data to SumUp.
• Tokens: OAuth tokens stored in the iOS Keychain (hardware-encrypted).
• Disconnect: My Business → Settings → Integrations → Disconnect. Tokens are immediately deleted.
• Their policy: SumUp Privacy Policy

3.2 PayPal POS (PIN Payments)

• Requested permissions: When connecting, ZumFlo requests two permissions (scopes):
  • READ:PURCHASE — read-only access to your transaction data
  • READ:FINANCE — read-only access to your financial data (transaction fees, payouts)
• What ZumFlo reads: Transaction amounts, timestamps, payment methods and tips via the Purchase API. Via the Finance API, the actual transaction fees per payment are retrieved. Additionally your account name to reference the source of PIN transactions in reports. ZumFlo does not read product catalogues, inventory data or account settings.
• Storage: Your account name is stored locally on your device and included in generated reports as a source reference.
• Direction: From PayPal POS to the App. ZumFlo does not transmit financial data to PayPal POS.
• Tokens: OAuth tokens stored in the iOS Keychain (hardware-encrypted).
• Disconnect: My Business → Settings → Integrations → Disconnect. Tokens are immediately deleted.
• Their policy: PayPal POS Privacy Policy

3.3 Moneybird (Bookkeeping)

• Requested permissions: When connecting, ZumFlo requests the following permissions:
  • sales_invoices — create and manage sales invoices
  • documents — read documents
  • estimates — read estimates
  • bank — manage financial accounts and journal entries
  • settings — read administration settings (ledger accounts, VAT rates)
• What ZumFlo writes: Sales invoices, payment registrations and journal entries based on your settlements. ZumFlo does not modify existing invoices, contacts or administration settings.
• Direction: Bidirectional — the App reads and writes in your Moneybird account.
• Tokens: OAuth tokens stored in the iOS Keychain.
• Disconnect: Via the App or your Moneybird account settings.
• Their policy: Moneybird Privacy Statement

Sub37 Labs requires that any third party with which the App exchanges data provides protection equal to or greater than this policy.

4. Device Permissions

Permission	Purpose	Required?
Notifications	Daily reminders to complete your daily log	Optional
Camera	Capture a profile photo (stored locally only)	Optional
Photo Library	Select a profile photo from your library	Optional
Face ID / Touch ID	App Lock via biometric authentication	Optional

ZumFlo does not access your location, microphone, contacts, calendar, health data, or any sensor not listed above.

5. Subscriptions and Payments

All payments are processed via your Apple ID account through Apple’s in-app purchase system. Sub37 Labs does not collect, store, or have access to your payment details, credit card information, or billing address. Apple’s handling is governed by Apple’s Privacy Policy.

6. Analytics and Telemetry

ZumFlo collects minimal, privacy-first usage analytics to improve the App. These analytics record only that an action occurred (e.g. “a daily log was created”), never the content of that action (no amounts, names, or financial data).

• Analytics events contain no personally identifiable information (PII)
• No financial data (amounts, revenue, costs) is ever included in analytics
• No advertising identifiers (IDFA) or cross-app tracking frameworks are used
• No third-party advertising or advertising SDKs are present
• No device fingerprinting is performed
• No data is shared with data brokers or marketing platforms
• ZumFlo does not use cookies, neither in the app nor on the website

Examples of events that may be recorded: app launched, onboarding completed, daily log created, subscription started. Examples of data that is never recorded: revenue amounts, cost details, personal names, location data.

These analytics are processed by TelemetryDeck GmbH (Germany), a privacy-first analytics provider. TelemetryDeck does not receive any personally identifiable information and cannot identify individual users. See TelemetryDeck’s Privacy Policy.

For our website (zumflo.app) we use Plausible Analytics, a privacy-friendly analytics service. Plausible does not use cookies, does not collect personal data and does not store IP addresses. Data is hosted in the European Union (Germany). No consent is required as no personal information is processed. More information: plausible.io/data-policy.

7. Future: Sector Benchmarking (Opt-In)

In a future version, ZumFlo may offer an optional benchmarking feature. If introduced:

• Participation is entirely voluntary and requires explicit consent
• Only aggregated, quantised metrics would be shared — never raw financial data
• Data is anonymised using k-anonymity (minimum group size of 10)
• You can withdraw consent at any time
• This Privacy Policy will be updated before activation

8. Data We Do Not Collect

ZumFlo does not:

• Use advertising identifiers (IDFA) or cross-app tracking
• Contain third-party advertising or advertising SDKs
• Perform device fingerprinting
• Include financial amounts or personal data in analytics
• Share data with data brokers or marketing platforms

9. Data Retention and Deletion

9.1 Retention

Your data remains on your device and in your iCloud account for as long as you choose to keep it. There is no automatic expiration.

9.2 Deletion

You are in full control. You can delete data at any time:

• Individual records: Delete daily logs, categories, or financial rules from within the App.
• Full reset: My Business → Settings → Data Management → erase all data.
• iCloud data: Disable sync via iOS Settings → Apple ID → iCloud → Apps Using iCloud → ZumFlo. Delete the container via iOS Settings → Apple ID → iCloud → Manage Storage.
• Third-party tokens: Disconnect SumUp, PayPal POS or Moneybird via My Business → Settings → Integrations. Tokens are immediately removed from the iOS Keychain.
• Uninstall: Removing the App deletes all locally stored data.

Because Sub37 Labs does not store data on external servers, deletion is immediate and permanent.

10. Revoking Consent

• Device permissions — iOS Settings → ZumFlo → toggle individual permissions off.
• iCloud sync — iOS Settings → Apple ID → iCloud → Apps Using iCloud → ZumFlo.
• SumUp / PayPal POS / Moneybird — My Business → Settings → Integrations → Disconnect, or via the third party’s own account settings.
• Notifications — iOS Settings → Notifications → ZumFlo.

11. Children’s Privacy

ZumFlo is a business administration tool for self-employed professionals and is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has used the App, please contact .

12. Security

• All data is stored in the iOS-encrypted application sandbox.
• OAuth tokens are stored in the iOS Keychain with hardware-backed encryption (Secure Enclave).
• Optional App Lock via Face ID or Touch ID.
• iCloud data is encrypted by Apple in transit and at rest.
• No data is transmitted to Sub37 Labs-operated infrastructure.

13. International Transfers

Because iCloud sync is enabled by default, Apple may store data in data centres outside your country of residence, subject to Apple’s data processing agreements. If you connect SumUp, PayPal POS or Moneybird, data may be processed in those services’ jurisdictions. Anonymous usage analytics are processed by TelemetryDeck GmbH in Germany. Sub37 Labs itself does not transfer your data internationally.

14. Your Rights Under GDPR

Within the European Economic Area, you have the following rights under the General Data Protection Regulation:

• Access: View all your data directly in the App.
• Rectification: Edit any record in the App.
• Erasure: Delete individual records or all data (see Section 9).
• Data portability: Export your data as PDF reports.
• Restriction & objection: You exercise these rights by managing integrations and permissions directly.

Because all data resides on your device, you exercise these rights directly — no request to Sub37 Labs is necessary. Need help? Email .

15. Governing Law

This Privacy Policy is governed by the laws of the Netherlands. Any disputes shall be submitted to the competent court in the Netherlands.

16. Changes to This Policy

• The “Last updated” date at the top will be revised.
• Material changes will be communicated via a notice in the App.
• Continued use after the update constitutes acceptance.

17. Contact