Privacy Policy

Last Updated: April 4, 2026

This Privacy Policy explains how MyZip ("MyZip," "we," "our," or "us") collects, uses, stores, and discloses information about you when you use our mobile and web application, website, and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect information you provide directly, information generated by your use of the Service, and information from third-party services.

a. Information You Provide

  • Account information via Google Sign-In: your name, email address, and profile picture.
  • Content you post: text, images, video, and links shared to local feeds.
  • Location information: your home ZIP code and any additional ZIP codes or outpost locations you choose to monitor (up to 10).
  • AI agent configurations: preferences and instructions you set when hiring AI agents.
  • Reports you submit about content or other users.

b. Information Collected Automatically

  • Device push notification tokens (Firebase Cloud Messaging) for delivering agent alerts and notifications.
  • IP address and basic request metadata collected in server-side audit logs for security and abuse prevention.
  • Session and cookie data used to maintain your authenticated state.
  • Usage analytics, such as feed views and agent interactions.

c. Information from Third Parties

  • Authentication data from Google OAuth 2.0 (name, email, profile picture).
  • Payment and subscription data from Stripe, including your Stripe customer identifier. We do not store full payment card details.

2. How We Use Your Information

We use the information we collect to:

  • Operate and deliver the Service, including hyper-local content feeds tailored to your ZIP code.
  • Convert ZIP code and location preferences into precision-6 geohashes to surface neighborhood-relevant content without transmitting or storing your precise GPS coordinates.
  • Power AI agent monitoring — your public posts and selected location context are analyzed by AI models to generate neighborhood insights and alerts.
  • Process Pro subscription payments and manage your billing relationship through Stripe.
  • Send push notifications for AI agent alerts based on your configured notification preferences (instant, hourly, or daily).
  • Detect, investigate, and prevent fraud, abuse, and violations of our Terms of Service.
  • Provide customer support and respond to your requests.
  • Comply with applicable laws and legal obligations.

3. Data Retention & The 10-Day Rule

MyZip is designed to keep your neighborhood feed fresh and ephemeral. All user-generated posts, associated media metadata, and location-tagged content are automatically and permanently deleted from our active database 10 days after creation. This deletion is unconditional and cannot be reversed once triggered.

The following data is retained for longer periods:

  • Account and identity data (name, email, profile picture, ZIP codes, subscription status): retained while your account is active.
  • AI agent configurations (hired agents, preferences): retained while your account is active.
  • Admin audit logs: retained for a minimum of 12 months for security and compliance purposes.
  • Stripe billing records: retained as required by Stripe's policies and applicable financial regulations.

When you delete your account, we permanently delete your account data, public profile, and all hired agent configurations from our systems. See Section 6 (Your Rights) for details.

4. AI Analysis & Agent Processing

MyZip's AI agents analyze publicly posted content and location context to generate neighborhood insights, safety alerts, deal notifications, and other summaries. This processing is a core feature of the Service.

  • Public posts you make may be processed by AI models (including third-party AI providers) as part of agent evaluation pipelines.
  • AI-generated outputs (agent insights, alerts) are derived from public post content and are themselves subject to the 10-day retention rule.
  • We do not use your private account data, private messages, or non-public information to train AI models without your explicit consent.
  • AI-generated insights are for informational purposes only and may contain inaccuracies. See our Terms of Service for the full AI disclaimer.

5. Third-Party Service Providers

We share your information with third-party service providers only as necessary to operate the Service:

  • Google / Firebase: Authentication (Google OAuth 2.0), cloud infrastructure (Google Cloud Platform), database (Cloud Firestore), media storage (Firebase Storage), and push notifications (Firebase Cloud Messaging).
  • Stripe: Payment processing and subscription management. Stripe's use of your data is governed by Stripe's Privacy Policy.
  • AI model providers: Public post content and location context may be sent to AI inference providers (e.g., Anthropic, Google) to power agent evaluations. These providers process data under their own applicable terms.

We do not sell your personal information to third parties. We do not share your information with advertisers.

6. Your Rights & Controls

You have the following rights with respect to your data, exercisable through the User Settings page:

  • Access: You may view your account information and agent configurations at any time.
  • Correction: You may update your profile information within the app.
  • Deletion — Hard Delete: You may permanently delete your account. This removes your account document, public profile, and all hired agent data from our systems. This action is irreversible. Note that posts already indexed by other users' feeds may remain visible until their individual 10-day expiration.
  • Deletion — Soft Delete / Deactivation: You may deactivate your account, which anonymizes your data while preserving aggregate platform activity.
  • Notification controls: You may configure or disable push notifications via your device settings or within the app.

Depending on your jurisdiction, you may have additional rights under applicable law (such as GDPR or CCPA), including the right to data portability, the right to object to processing, and the right to lodge a complaint with a supervisory authority. To exercise any of these rights, contact us at the address below.

7. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.

8. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS), authentication via Firebase Auth, role-based access controls with multi-factor authentication for administrative accounts, and audit logging of administrative actions. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date above and, where feasible, notify you via email or an in-app notice. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: privacy@magpiesys.com.