This privacy policy describes how the Zing app ("app", "we", "us") collects, uses, and protects your personal data. By using the app, you agree to this policy.
1. Data We Collect
1.1 Data You Provide
- Username – Name you choose for display in the app
- Avatar – Profile color and image (optional)
- Shopping lists – Content of your lists, including items, quantities and categories
- Purchase history – Locally stored data about past purchases (stored only on your device)
1.2 Data We Collect Automatically
- Firebase Authentication ID – Anonymous or Apple ID identifier for authentication
- Device information – Device model (e.g. "iPhone 14 Pro") for presence tracking
- Firebase Cloud Messaging Token – For sending push notifications
- Timestamp – When you joined a shared list
1.3 Device Permissions
The app may request access to:
- Contacts – To invite friends to shared lists (read-only access)
- Camera – For scanning QR codes and photographing recipes/lists
- Photos – To add recipe images from your photo library
2. How We Use Your Data
🔄 Sync and Sharing
Your shopping lists sync via Firebase Realtime Database to enable sharing with other users. When you join a shared list, your name and avatar are visible to other list members.
🤖 AI Features
After you give explicit permission in the app, Zing may send a selected photo, a voice recording, extracted shopping-list text, or shopping-item names to the OpenAI API through Google Firebase Cloud Functions. OpenAI is used only to recognize shopping-list items, transcribe voice input, categorize items, and moderate submitted text. Zing does not use this content for advertising or user profiling.
2.1 Photos and Face Data
- Zing does not collect biometric identifiers, face geometry, face templates, or other face-recognition data.
- A user-selected photo may incidentally contain a person or face. The complete selected image is processed only to extract shopping-list text or items.
- Zing does not detect, identify, authenticate, profile, infer emotions from, or otherwise analyze faces.
- The image is not written to Zing's database or Firebase Storage. It exists transiently during the Cloud Function request and is then discarded.
🔔 Push Notifications
Firebase Cloud Messaging for sending notifications when a list is ready or when someone invites you to share.
💾 Local Storage
Purchase history and usage statistics are stored locally on your device using SwiftData. This data is not synced and remains only on your device.
3. Sharing Data with Third Parties
3.1 Google Firebase
- Firebase Authentication – For user authentication
- Firebase Realtime Database – For storing and syncing lists
- Firebase Storage – For storing images (avatars, item images)
- Firebase Cloud Messaging – For push notifications
Firebase uses standard security practices. More info: Firebase Privacy Policy
3.2 OpenAI
- Data sent – Only content the user submits to an AI feature: selected photos, short voice recordings, extracted shopping-list text, and shopping-item names.
- Purpose – Shopping-list recognition, voice transcription, item categorization, and content moderation.
- Transfer – Content is sent to OpenAI via Google Firebase Cloud Functions only after explicit in-app permission.
- OpenAI API key is stored securely on Firebase server, not on your device
- Retention – Zing does not permanently store AI request photos or audio. OpenAI may retain API inputs and outputs for up to 30 days for abuse monitoring unless a shorter legally required or configured period applies.
- Training – OpenAI does not use API content to train its models by default.
- Our service providers are required to protect this data to the same or an equivalent standard as described in this policy.
More information: OpenAI Privacy Policy and OpenAI API Data Controls.
3.3 Apple
- Apple Sign In – If you choose to sign in with Apple ID, Apple provides your identity
- Apple does not share your data with us except the identifier you choose
More info: Apple Privacy Policy
3.4 StoreKit and Family Sharing
- We use Apple StoreKit for in-app purchases
- Apple handles all transactions – we do not see your payment information
- Family Sharing – Subscription supports Apple Family Sharing (up to 5 family members)
4. Data Security
- All data in Firebase is protected with authentication and security rules
- Communication with Firebase and OpenAI uses encrypted HTTPS connections
- Local data on your device is protected by iOS security mechanisms
- We do not store sensitive financial data or credit card information
5. Your Rights
5.1 Access and Deletion
- You can delete your shopping lists from the app at any time
- You can permanently delete your Firebase account and associated data in the app under Settings > Account > Delete Account
- Locally stored data (purchase history) can be deleted directly from the app
5.2 Permissions
- You can disable access to contacts, camera or photos in iOS settings at any time
- Disabling these permissions may limit app functionality
- You can withdraw permission for future AI data sharing at any time under Settings > Privacy > Allow AI Data Sharing. When disabled, Zing will not send new photos, voice recordings, or shopping-item text to OpenAI.
5.3 Sign Out
- If you sign out of a shared list, your data is removed from that list
- Deleting your account removes your profile and memberships from all shared lists; list ownership is transferred when other members remain
6. Children's Data
The app is not intended for children under 13. We do not knowingly collect children's data. If we find that we have collected a child's data, we will delete it.
7. International Data Transfer
- Firebase servers may be located outside the European Union
- OpenAI servers are located in the USA
- Before any AI content is transferred, the app identifies OpenAI as the recipient, explains the data and purpose, and asks for explicit permission.
8. Policy Changes
We may update this policy from time to time. We will notify you of significant changes via the app or email.