← back

Privacy & your data

Last updated 2026-05-31

Your data is yours. We don't sell it, we don't share it with advertisers, and we don't use it for ad tracking. We store only what's needed to run your account and your guest lists, and to keep the service secure.

Who is responsible for your data

The data controller for zimnur is [LEGAL ENTITY NAME], [STREET ADDRESS], [CITY, POSTAL CODE], Ireland. For any privacy question or to exercise your rights, contact privacy@zimnur.com.

What we collect

  • Account details — your email, username, and (optionally) a display name. Passwords are stored only as a one-way hash; we never keep your plain-text password.
  • If you sign in with Google— we receive your email address and a Google account identifier, purely to recognise you on return visits. We don't read your contacts, calendar, or anything else from your Google account.
  • What you create in zimnur — the events you make, the invitations you send, and who passed an invitation to whom (the invitation lineage). This is the core of the product.
  • People you invite— if you invite someone who isn't a zimnur user yet, we store the email address or label you enter for them so the invitation and its lineage make sense. You confirm you have a legitimate reason to share that with us (see our Terms). If you're one of those people and want your details removed, email us.
  • Technical & security data — to keep accounts safe and run the service, we record your IP address, browser/app user-agent, and basic device details (platform, device name, app version) when you sign in, and we keep a security log of events like logins, password resets, and lockouts.

Why we’re allowed to use it (legal bases)

Under the GDPR we rely on: performance of a contract (running your account and delivering invitations), our legitimate interests (keeping the service secure, preventing abuse), and your consentwhere it applies (which you can withdraw). We ask you to confirm you're at least 16 when you sign up.

Cookies and what we store on your device

zimnur does notuse advertising or analytics trackers — no ad pixels, no cross-site tracking. We use your browser's local storage for two strictly-necessary things: keeping you signed in (your session) and remembering which in-app notices you've dismissed. Under EU rules (ePrivacy/GDPR) strictly-necessary storage doesn't require a consent banner.

Two features load resources from third parties, which means those providers necessarily receive your IP address: Sign in with Googleloads Google's sign-in script only on the login screen, and the event location map loads map tiles and address look-ups from OpenStreetMap when you pick a venue. Both are described below.

Who processes it for us

We don't sell, rent, or hand your data to advertisers or data brokers. We use a small set of service providers (sub-processors) strictly to run zimnur, each under a data-processing agreement:

  • Resend — delivers our account emails (verification, password reset, and account notifications).
  • Google— only if you choose “Continue with Google,” and only to verify your sign-in. Governed by Google's own privacy policy.
  • OpenStreetMap Foundation — provides the map tiles and address look-up (Nominatim) used by the optional location picker.
  • Our hosting provider — runs the servers and database that store your data.

We may also disclose information if the law strictly requires it (for example, a valid legal order). Where data is processed outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses.

How long we keep it

We keep your account and its content for as long as your account is active. Security and login logs are kept for a limited period (about a year) and then deleted; stale, unclaimed invitations have their contact details scrubbed over time. When you delete your account we remove your personal data — and where data must be kept for referential integrity, we irreversibly anonymize it so it's no longer about you.

Your rights and controls

You can download a copy of your data and delete your account yourself at any time from Privacy & datain your account menu. If you're in the EU/EEA or the UK you also have the right to access, correct, export, restrict, or object to how we use your data, and to complain to your local data-protection authority. To exercise any of these, email privacy@zimnur.com.

Contact

[LEGAL ENTITY NAME]
[STREET ADDRESS], [CITY, POSTAL CODE], Ireland
privacy@zimnur.com