LEGAL

Privacy Policy

Last updated: March 2026 · hello@zippypro.xyz

Zippy is a local-first desktop application. Your files are never sent to Zippy's servers — all compression, conversion, and cloud uploads happen entirely on your own machine using your own credentials. This policy explains the limited data we do collect and why.

1. Data We Collect

When you make a purchase:

Your email address — used to deliver your license key and for account recovery
Payment metadata (order ID, payment ID, plan type, amount) — stored for license recovery and support. Card details are handled entirely by Razorpay and never reach our servers.

When you activate a license:

A hardware fingerprint — a one-way SHA-256 hash derived from your CPU ID, disk serial, OS name, and hostname. This is sent to Keygen.sh to bind the license to your machine. The hash cannot be reversed to identify you personally.
Your license key — stored locally in your OS keychain and validated against Keygen.sh servers.

Anonymous usage analytics:

Feature usage counts (e.g. "compression started", "conversion completed") sent via Google Analytics 4 Measurement Protocol. No file names, file contents, or personally identifiable information are included.
Analytics can be disabled: Zippy respects your OS "Limit Ad Tracking" / "Allow Apps to Request to Track" setting.

2. Data We Do NOT Collect

The contents of any file you compress, convert, or upload
File names or paths
Cloud storage credentials (S3 keys, GCS service accounts, Azure connection strings, SFTP passwords) — these are stored exclusively in your OS keychain and never leave your machine
IP addresses beyond what third-party processors receive as part of normal HTTPS traffic

3. How We Use Your Data

Email: To deliver your license key, send recovery emails when you request them, and communicate important product updates (no marketing without explicit consent)
Hardware fingerprint: To enforce the per-machine license seat limit (up to 2 machines) and allow you to transfer your license
Payment metadata: For support, refund processing, and fraud prevention
Analytics: To understand which features are used and improve the product

4. Third-Party Data Processors

We share data with the following processors only to the extent necessary to provide the service:

Razorpay — payment processing. Subject to Razorpay's Privacy Policy.
Keygen.sh — software license management (machine fingerprint + license key). Subject to Keygen's Privacy Policy.
Resend — transactional email delivery (license key emails). Subject to Resend's Privacy Policy.
Google Analytics 4 (Firebase) — anonymous usage analytics. Subject to Google's Privacy Policy.
Google Cloud (Firestore) — purchase records stored for license recovery. Subject to Google Cloud's Privacy Policy.

We do not sell, rent, or share your personal data with any other parties.

5. Data Retention

Purchase records: Retained as long as your license is active, and for up to 3 years after expiry for tax and support purposes.
License data: Managed by Keygen.sh. Deleted on request.
Analytics: Retained by Google Analytics per their standard 14-month data retention window.

6. Your Rights

Depending on your location, you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Delete your data ("right to be forgotten") — email us and we will erase your purchase record and request deletion from Keygen.sh
Object to analytics collection — disable in your OS privacy settings
Data portability — we will provide your data in a machine-readable format on request

To exercise any of these rights, email hello@zippypro.xyz. We respond within 30 days.

7. Security

Our backend runs on Google Cloud Run with encrypted storage. All API endpoints use HTTPS. Cloud credentials never leave your device. License keys are validated using offline Ed25519 signature verification — the app does not need a live internet connection for day-to-day use (only for activation and the 7-day heartbeat check).

8. Children's Privacy

Zippy is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be noted in the app's changelog and on this page with an updated "Last updated" date. Continued use of the software after changes take effect constitutes acceptance of the revised policy.

Questions about your privacy? Email us at hello@zippypro.xyz