Privacy Policy
1. The short version
Z2H is a hosted SaaS. The retail product is a browser-based AI FX Desk that publishes analyst briefs, setup cards, and risk notes for USDJPY. Z2H does not custody user funds and does not connect to broker accounts in the retail alpha. The cloud account at zero2h.com stores what is needed to operate your account, deliver service, and (when paid plans open) handle billing.
2. What we collect, when, and why
| Data | When | Purpose | Retention |
|---|---|---|---|
| Email, optional name | Signup | Identify your account | Until you delete the account + 30 days backup |
| Billing details (Stripe) | If you subscribe to a paid plan after alpha | Charge subscription | Stripe retains; we keep last-4 + invoice ID |
| IP address, user agent | Web session | Security · rate limit | 30 days rolling |
| Application / feedback | Alpha application or in-app feedback | Evaluate alpha applications, improve product | Until you delete the account |
| Broker account data | Never in retail alpha | n/a | n/a — Z2H does not connect to broker accounts in retail alpha |
3. Who we share data with
- Stripe — payment processing only.
- Postmark — transactional email (signup OTP, receipts).
- Hetzner — cloud host for the billing/license server (Frankfurt DC).
- Government / law enforcement — only with valid legal process; we publish a transparency report annually.
We do not sell or rent your data. We do not use your information for advertising. We do not run analytics SDKs on logged-in pages.
4. Your rights
You can:
- Access — download everything we hold on you (email request).
- Correct — edit profile fields directly on your account page.
- Delete — full account deletion within 30 days; backups purge after 30 more.
- Object / restrict — ask us to stop processing for marketing or telemetry; you keep service access.
- Portability — export in machine-readable JSON.
5. Cookies and trackers
We use one cookie: a session cookie to keep you signed in (z2h_session, HTTP-only, secure, SameSite=Strict, scoped to .zero2h.com). We do not use third-party tracking. We do not use Google Analytics.
6. Security
Encryption in transit (TLS). Strong-password sign-in with email verification; optional MFA via TOTP. Z2H has no breach to disclose. If a breach occurs, affected users will be notified within 72 hours of confirming the incident.
7. International transfers
Our infrastructure is in Frankfurt, Germany (Hetzner). For users in EEA: data stays in EEA. For users elsewhere: standard contractual clauses apply.
8. Changes
We’ll email you at least 30 days before any material change. The Effective date at top is the source of truth.
Contact / questions
[email protected] — for any privacy question, data access request, or complaint. Founder reads every email.