← Back to Home
Last Updated: January 9, 2026
Effective Date: January 9, 2026
Version: 2.0
1. Introduction
At Zonely, we value your privacy and are committed to protecting your personal data. This Privacy Policy outlines how we collect, use, store, and share your information through our web platform, macOS application, and related services.
This policy applies to all users of Zonely's deal room platform, including real estate professionals, M&A advisors, legal practitioners, venture capitalists, and other business users.
2. Information We Collect
2.1 Personal Information
When you sign up, use features, or contact us, we may collect:
- Name, email address, and phone number
- Professional information (company, role, industry)
- Deal room data (documents, names, descriptions, collaboration details)
- Home search criteria, location preferences (for real estate users)
- Profile information and user preferences
- Payment and billing information (processed securely through third-party payment processors)
2.2 Device and Usage Data
We automatically collect:
- Device type, operating system, and browser version
- IP address and approximate geographic location
- App usage analytics and feature interactions
- Log data (access times, pages viewed, errors encountered)
- macOS app telemetry (crash reports, performance metrics)
2.3 Third-Party Data
We may receive information from:
- Firebase Authentication (authentication tokens, login timestamps)
- OpenAI services (for AI-powered features and recommendations)
- Redfin API (property data, market information)
- Analytics partners (Google Analytics, usage patterns)
- Payment processors (transaction confirmations, subscription status)
2.4 Cookies and Tracking Technologies
We use cookies, web beacons, and similar technologies to:
- Essential Cookies: Required for authentication, security, and basic functionality
- Analytics Cookies: Help us understand how users interact with our platform
- Preference Cookies: Remember your settings and preferences
- Third-Party Cookies: From partners like Google Analytics for traffic analysis
You can control cookies through your browser settings. Note that disabling certain cookies may limit platform functionality.
3. How We Use Your Information
We use your data for the following purposes:
- Service Delivery: Create and manage deal rooms, sync data across devices, enable collaboration features
- Personalization: Tailor recommendations, customize user experience based on preferences
- Communication: Send transactional emails, deal updates, support responses, and (with consent) marketing communications
- Platform Improvement: Analyze usage patterns, fix bugs, develop new features
- Security: Detect fraud, prevent abuse, ensure platform integrity
- Legal Compliance: Meet regulatory requirements, respond to legal requests
- AI-Powered Features: Provide intelligent recommendations, document analysis, and automated insights using OpenAI technology
3.1 Automated Decision-Making
We use AI and automated systems to:
- Generate deal room recommendations and insights
- Analyze documents and suggest relevant information
- Match users with relevant realtors or service providers
You have the right to opt out of automated decision-making or request human review of any automated decisions that significantly affect you.
4. Data Storage, Security, and Retention
4.1 Data Storage
Your data is securely stored using:
- Google Firebase Firestore: Primary database for user profiles, deal rooms, and documents
- Firebase Cloud Storage: Secure file storage for uploaded documents
- Data Centers: US-based servers with redundancy and backup systems
4.2 Security Measures
We implement industry-standard security practices:
- Encryption: TLS 1.3 for data in transit, AES-256 encryption for data at rest
- Authentication: Multi-factor authentication (MFA) support, secure OAuth 2.0 login
- Access Controls: Role-based permissions, principle of least privilege
- Monitoring: 24/7 security monitoring, intrusion detection systems
- Regular Audits: Periodic security assessments and penetration testing
4.3 Data Retention
We retain your data according to the following schedule:
| Data Type |
Retention Period |
| Active account data |
Duration of account + 30 days after deletion request |
| Deal room documents |
Duration of deal room + 90 days after deletion (or as specified by user) |
| Transaction records |
7 years (for legal and tax compliance) |
| Analytics data |
Aggregated data retained indefinitely; individual data 24 months |
| Support communications |
3 years after last interaction |
| Marketing consent records |
Duration of consent + 3 years |
You can request earlier deletion of your data by contacting us at privacy@zonely.com. Some data may be retained longer if required by law.
5. Data Sharing and Disclosure
We do not sell your personal data. We may share your data with:
5.1 Service Providers
- Google Firebase (hosting, storage, authentication)
- OpenAI (AI-powered features, content processing)
- Payment processors (Stripe, PayPal - for subscription billing)
- Email delivery services (transactional and marketing emails)
- Analytics providers (Google Analytics, usage tracking)
All service providers are bound by data processing agreements and required to protect your information.
5.2 Business Partners
- Realtors and Professionals: Only when you explicitly request connection or share a deal room
- Deal Room Collaborators: Users you invite to collaborate on specific deal rooms
5.3 Legal Requirements
We may disclose your data when required by law, including:
- Response to subpoenas, court orders, or legal processes
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activities
- Compliance with regulatory investigations
5.4 Business Transfers
If Zonely is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email and/or prominent notice on our platform before any transfer.
6. International Data Transfers
Zonely operates primarily in the United States. If you access our platform from outside the US, your data will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Your explicit consent for data transfers
We take appropriate safeguards to ensure your data receives an adequate level of protection wherever it is processed.
7. Your Privacy Rights
7.1 General Rights (All Users)
You have the right to:
- Access: Request a copy of all personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your account and associated data
- Data Portability: Receive your data in a structured, machine-readable format
- Opt-Out: Withdraw consent for marketing communications or data processing
- Object: Object to processing based on legitimate interests
7.2 GDPR Rights (European Economic Area, UK, Switzerland Users)
If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
- Right to Restriction: Limit how we use your data while verifying its accuracy or our legitimate interest
- Right to Object: Object to processing for direct marketing (we will stop immediately)
- Right to Not Be Subject to Automated Decision-Making: Request human review of automated decisions
- Right to Lodge a Complaint: File a complaint with your local data protection authority
- Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
Legal Basis for Processing (GDPR):
- Contract Performance: Processing necessary to provide our services
- Legitimate Interests: Improving our platform, preventing fraud, analytics
- Consent: Marketing communications, optional features
- Legal Obligation: Compliance with laws and regulations
To exercise your GDPR rights, contact us at privacy@zonely.com or our EU representative (if applicable).
7.3 CCPA Rights (California Residents)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request disclosure of personal information collected, sources, purposes, and third parties with whom it's shared
- Right to Delete: Request deletion of your personal information (subject to legal exceptions)
- Right to Opt-Out of Sale: We do not sell personal information, but you can opt out if practices change
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Right to Correct: Request correction of inaccurate personal information
CCPA Categories of Data Collected:
- Identifiers (name, email, IP address)
- Commercial information (subscription history, deal room usage)
- Internet activity (usage analytics, log data)
- Geolocation data (approximate location from IP)
- Professional information (company, role, industry)
To exercise your CCPA rights, contact us at privacy@zonely.com or call our toll-free number (if applicable). You may designate an authorized agent to make requests on your behalf.
7.4 How to Exercise Your Rights
To submit a data request:
- Email privacy@zonely.com with your request
- Specify which right you wish to exercise
- Provide verification information (we may request additional details to confirm your identity)
- We will respond within 30 days (GDPR) or 45 days (CCPA)
You can also manage many privacy settings directly in your account settings.
8. Children's Privacy
Zonely is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use our platform or provide any personal information.
If we become aware that we have collected data from a child under 16 without parental consent, we will delete it promptly. Parents or guardians who believe we may have collected information from their child should contact us immediately at privacy@zonely.com.
9. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users via email within 72 hours of discovering the breach (as required by GDPR)
- Provide details about the breach, data affected, and steps we're taking
- Offer guidance on protective measures you can take
- Notify relevant data protection authorities as required by law
- Post a notice on our platform if the breach affects a large number of users
We maintain an incident response plan and regularly test our breach notification procedures.
10. Third-Party Links and Services
Our platform may contain links to third-party websites, services, or integrations (e.g., Redfin, payment processors). We are not responsible for the privacy practices of these third parties.
We encourage you to review the privacy policies of any third-party services you access through our platform. This Privacy Policy applies only to information collected by Zonely.
11. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Last Updated" date at the top of this policy
- We will notify you via email (for significant changes)
- We will post a prominent notice on our platform
- We may require you to accept the updated policy to continue using our services
We recommend reviewing this policy regularly. Your continued use of Zonely after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: privacy@zonely.com
General Contact: darius@stockhousefilms.org
Mailing Address: [Your Business Address - Add if required]
Data Protection Officer (if applicable): [Contact details if required by GDPR]
For GDPR-related inquiries, our EU representative can be reached at [EU contact if applicable].
We aim to respond to all privacy inquiries within 5 business days.