Privacy Policy

Account Information

• Phone number (primary identifier, required)
• Display name (required)
• Profile photo (optional)
• Age and gender (optional, collected during onboarding)

Plan & Response Data

• Plan titles, descriptions, dates, times, and locations
• Your responses to plans: In, Out, or Depends
• Dependency structures — the conditions you attach to a “Depends” response (e.g., person conditions, time conditions, and AND/OR logic between them)
• Location data from Google Places API when you search for venues

Device & Usage Data

• Device type, operating system, and app version
• Push notification tokens
• Usage patterns (plans created, response times, completion rates)

• Your contact book is never uploaded. When you invite friends, contact matching happens locally on your device. We only receive the phone numbers you explicitly select for a plan invitation.
• Device GPS location is not tracked. We do not monitor or store your real-time geographic location.
• Message content. Zapnin has no chat or messaging feature. We do not collect, read, or store any of your private messages from other apps.

We use the information we collect to:

• Operate and maintain the plan coordination service
• Build and resolve dependency graphs to determine plan outcomes
• Send push notifications and SMS invitations on your behalf
• Detect scheduling conflicts between your overlapping plans
• Improve our resolution algorithm and overall service quality
• Enforce these terms and protect against misuse

Legal Basis for Processing

We process your personal data on the following legal bases: (a) your consent, which you provide when creating an account and using the App; (b) contractual necessity, to provide and operate the plan coordination service you have requested; and (c) legitimate interests, to improve our services, ensure security, and prevent misuse, provided these interests are not overridden by your data protection rights.

When you respond “Depends” to a plan, you may attach conditions such as specific people who must be going, time windows that work for you, or combinations of both. This structured data is processed by our resolution algorithm to automatically determine plan outcomes.

Failed dependencies are private by design. If your dependency condition cannot be met (e.g., you said you’d go if a specific person goes, but they responded “Out”), only you are notified of the specific reason. Other participants simply see your final status — not the details of your conditions.

Similarly, conflict detection details are kept private. If two of your plans overlap, only you are informed — not the other participants in either plan.

When you invite someone who does not have Zapnin installed (a “phantom user”), we send SMS messages on your behalf to deliver the plan invitation. These messages are sent from Zapnin’s SMS service and identify you as the inviter.

SMS types include:

• Initial plan invitation with a link to download Zapnin
• Plan reminders (24 hours and 2 hours before the plan)
• Plan confirmation when the plan goes “On”
• Plan cancellation if the plan is called off

We send a maximum of 5 SMS messages per plan to any single non-app user.

When a phantom user downloads Zapnin and signs up with the same phone number, their account is automatically linked to any existing plan invitations.

Your data is stored on encrypted servers in the SE Asia region, hosted on Railway, with industry-standard protections. All data in transit is secured using TLS (Transport Layer Security), and data at rest is encrypted.

While we implement robust security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

In the event of a data breach that affects your personal information, we will notify affected users and the relevant authorities within 72 hours of becoming aware of the breach, in accordance with the DPDPA and applicable laws.

• Active accounts: Your account data is retained for as long as your account remains active.
• Plan data: Retained for 90 days after a plan is marked as completed, then permanently deleted.
• Account deletion: When you delete your account, a soft delete is performed immediately. After a 30-day grace period (during which you can reactivate), your data is permanently deleted and your contributions to existing plans are anonymized.
• Phantom user records: Data associated with non-app users who never sign up is periodically reviewed and deleted in accordance with our data retention practices.

We use the following third-party services to operate Zapnin:

• Google Places API — For location search and venue data when setting plan locations
• SMS Gateway (Twilio) — For delivering SMS invitations and reminders to non-app users
• Apple Push Notification Service (APNs) — For push notifications on iOS devices
• Firebase Cloud Messaging (FCM) — For push notifications on Android devices
• Clerk — For user authentication, phone number verification, and session management

You have granular control over the notifications you receive:

• Push notifications: Can be toggled on or off in your account settings
• Quiet hours: Notifications are suppressed during quiet hours (default: 10 PM – 8 AM), configurable in settings
• Reminder frequency: Choose how often you receive plan reminders
• Per-plan mute: Mute notifications for specific plans
• Hard limits: We limit the number of notifications you receive daily, and enforce a maximum of 3 nudges per plan per participant

Zapnin is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected such information, we will delete it promptly.

If you are between 13 and 18 years of age, your parent or legal guardian must review and consent to this Privacy Policy on your behalf before you use the App. By using Zapnin, you confirm that such consent has been obtained.

If you believe a child under 13 has provided us with personal information, please contact us at people@pivotandanchor.com so we can take appropriate action.

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete information
• Delete your account and associated data
• Request a copy of your personal data by contacting us
• Opt out of non-essential notifications

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, the following person has been designated as the Grievance Officer for the purpose of addressing any concerns or complaints regarding the processing of your personal data:

• Name: Spruha Chitturu
• Email: people@pivotandanchor.com

Complaints will be acknowledged within 24 hours and resolved within 15 days of receipt.

We may update this Privacy Policy from time to time. When we make changes, we will notify you through the App and update the “Last updated” date at the top of this page. Your continued use of Zapnin after any changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or our data practices, contact us at people@pivotandanchor.com.