Your privacy matters to us. Learn how STALLZERO collects, uses, and protects your information.
Last Updated: January 30, 2026
Introduction
STALLZERO ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services (collectively, the "Service").
By using STALLZERO, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access or use the Service.
Information We Collect
Personal Information
When you register for an account, we collect:
Email address
Name (optional)
Profile picture (optional)
Timezone and language preferences
Data You Provide
To provide our productivity and life management services, we store:
Tasks, goals, and habits you create
Calendar events and schedules
Mood tracking entries
Journal entries and notes
Meal plans and preferences
Outfit selections and wardrobe items
Financial tracking data (if you use accounting features)
Property management data (for vacation rental hosts)
Third-Party Integrations
When you connect third-party services, we may access:
Google Account: Email address, profile information, Gmail messages (read/send), and Google Calendar events (read/write)
Booking Platforms: Reservation data from Airbnb, Booking.com, VRBO (with your credentials)
Automate tasks you configure (email management, calendar sync, etc.)
Google API Services User Data Policy
STALLZERO's use and transfer of information received from Google APIs adheres to theGoogle API Services User Data Policy, including the Limited Use requirements.
Scope of Access
When you connect your Google account, we request access to:
Gmail (read, compose, send): To display emails, draft responses, and send emails on your behalf through our Email Management feature
Google Calendar (read, write): To sync your calendar events, create new events, and provide scheduling automation
Profile information: To display your name and email in the app
Limited Use Disclosure
We only use Google user data for the purposes described in this policy. We do not:
Transfer data to third parties except as necessary to provide the Service
Use data for advertising purposes
Sell or share your Google data with data brokers
Use data to train AI models without explicit consent
Data Storage & Security
We implement appropriate security measures to protect your data:
All data is encrypted in transit using TLS/SSL
Sensitive data is encrypted at rest
OAuth tokens are stored securely and encrypted
Platform credentials (Airbnb, Booking.com) are encrypted with AES-256
Regular security audits and updates
Access controls and authentication requirements
Your data is stored on secure servers provided by Supabase and Vercel, with data centers located in the United States and European Union.
Two-Factor Authentication (2FA/MFA)
We offer and in some cases require Two-Factor Authentication (2FA), also known as Multi-Factor Authentication (MFA), to provide additional security for your account.
What Data We Collect for 2FA
TOTP secret keys (encrypted) for generating verification codes
Factor enrollment status and timestamps
Authentication assurance levels for your sessions
We do NOT store the 6-digit codes you enter—these are verified in real-time
Financial Data Protection
For users accessing our Accounting and financial features:
2FA is mandatory to access financial features to comply with banking security standards
We require re-verification ("step-up authentication") when accessing the Accounting module, even if you have already verified 2FA at login
This additional security layer protects bank connections, transaction data, and financial records
Our banking integration partners (such as Plaid) require this level of security for financial data access
Your 2FA Data Rights
You can enable or disable 2FA at any time through Settings → Security
Disabling 2FA will remove your TOTP factors from our system
If you lose access to your authenticator, backup codes allow account recovery
You can request a complete export of your 2FA enrollment data
Data Retention
We retain your personal information for as long as your account is active or as needed to provide you services. You can request deletion of your account and associated data at any time. Upon account deletion:
Personal data is deleted within 30 days
OAuth tokens and third-party connections are immediately revoked
Anonymized analytics data may be retained
Financial transaction data may be retained for 7 years per legal requirements
For detailed information about our data retention periods, deletion processes, and your rights, please review our comprehensive Data Retention Policy.
Your Rights
Depending on your location, you may have the following rights:
Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Deletion: Request deletion of your personal data
Portability: Export your data in a machine-readable format
Objection: Object to certain processing of your data
Revoke Consent: Withdraw consent for third-party integrations at any time
We are committed to transparent data practices. When you sign up for STALLZERO, we ask for your explicit consent before collecting, processing, or storing your personal data.
Types of Consent We Collect
During registration and throughout your use of our Service, we request consent for:
Terms & Privacy Policy: Agreement to our Terms of Service and this Privacy Policy (required)
Data Collection & Processing: Consent to collect, process, and store your personal data as described in this policy (required)
Marketing Communications: Opt-in consent to receive product updates, tips, and promotional emails (optional)
Third-Party Data Sharing: Consent to share data with trusted service providers for delivering our services (recommended for full functionality)
Cookie Usage: Consent for essential and analytics cookies (managed via cookie preferences)
How We Obtain Consent
At Registration: Clear checkboxes with explanatory text for each type of consent
Before Sensitive Actions: Additional confirmation for financial data access or third-party integrations
Cookie Banner: Clear options to accept or customize cookie preferences on your first visit
Consent Records
We maintain records of your consent including:
Date and time consent was given
Version of the privacy policy you agreed to
Specific consents granted or withheld
Any subsequent changes to your consent preferences
Managing Your Consent
You have full control over your consent preferences:
Settings → Privacy & Consent: Update marketing and third-party data sharing preferences at any time
Download Your Data: Export all your personal data in JSON format
Request Deletion: Submit a request to permanently delete your account and all associated data
Cookie Preferences: Manage cookie settings via the cookie consent banner
Note: Withdrawing consent for required data processing (Terms & Privacy, Data Collection) will result in account termination, as we cannot provide our services without processing your data. Optional consents (marketing, third-party sharing) can be withdrawn at any time without affecting your access to the Service.
Third-Party Services
We use the following third-party services:
Supabase: Database and authentication
Vercel: Hosting and deployment
Anthropic (Claude): AI-powered features and recommendations
STALLZERO is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.
Contact Us
If you have any questions about this Privacy Policy, please contact us: