Back
WeZioo • Privacy Policy

Privacy Policy

Last updated: October 5, 2025

This policy explains what data we collect, why, how we use it and the rights you have, in accordance with GDPR and app store requirements.

1. Who is responsible?

The data controller is:

NexOps Consulting (SARLU)

SIRET: 992 603 217 00017

Registered address: Pegomas, France

Email: contact@wezioo.com

2. Policy scope

This policy applies to the WeZioo mobile application, our associated websites (e.g. wezioo.com) and related services (support, notifications, subscriptions). It describes how we collect, use, store and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and French Data Protection Law.

3. Data we collect

  • Identity & account: name, email address, authentication credentials (via Apple, Google or email/password), profile photo (if provided).
  • App data: expenses, transfers, categories, recurring transactions, currency, preferences, relationships/sharing (e.g. couples), attachments you add.
  • Subscriptions & payments: technical information related to in-app purchases (product identifiers, receipts/validation tokens, subscription status) — the transaction is processed by the App Store or Google Play, not by WeZioo.
  • Devices & diagnostics: device model, OS, advertising/notification identifiers (e.g. push notification tokens), technical logs, performance, crash reports.
  • Support: content of your requests, attachments, metadata.
  • Location: only if you authorize it and if a feature requires it (e.g. currency-related suggestions), otherwise not collected.

4. Financial Data - Enhanced Protection

Sensitive data requiring enhanced protection

In accordance with GDPR, your financial data benefits from specific protection measures.

4.1 Types of financial data

WeZioo processes the following categories of financial data:

  • Income: income amounts you enter (salaries, additional income, etc.);
  • Expenses: amounts, categories, descriptions and dates of your expenses;
  • Transfers: money movements between you and your partner;
  • Budgets: budget goals and limits you set;
  • Statistics: calculations and aggregations based on your data.

4.2 What we do NOT collect

  • Bank account details: we never have access to your card numbers, IBAN, or bank credentials.
  • Payment information: your payment methods are managed exclusively by Apple/Google.
  • Direct bank connection: WeZioo does not connect directly to your bank accounts.

4.3 Specific protection measures

  • • Hosting on secure infrastructure (Google Cloud / Firebase);
  • • Encryption of data at rest and in transit;
  • • Restricted and logged access to databases;
  • • Logical separation of data between users.

5. Where does the data come from?

  • Directly from you: when creating an account, using the app and your interactions with support.
  • Platforms: Apple App Store / Google Play for in-app purchase validation and subscription status.
  • Subcontractors: authentication, notification, database and analytics services (see section 7).

6. Purposes & legal bases

Legal bases (GDPR art. 6)

Contract, Legitimate interest, Consent, Legal obligation.

  • Provide the service (contract): create/maintain your account, synchronize your data, ensure functionalities (expenses, transfers, recurring transactions, multi-currency, etc.).
  • Subscriptions (contract/legal obligation): enable purchase, validate eligibility, manage status and billing via Apple/Google.
  • Security & integrity (legitimate interest/obligation): prevention of abuse/fraud, incident diagnosis, logging.
  • Notifications (legitimate interest/consent depending on platform): reminders, alerts, service messages. You can manage your preferences in the OS.
  • Product improvement & stats (legitimate interest/consent): anonymized/aggregated measurements. When required, we ask for your consent.
  • Legal compliance (obligation): responses to authorities when required by law.

7. Sharing & processors

We share your data only with the following categories of recipients:

  • Technical providers (hosting, database, authentication, analytics, crash) — Google Firebase (Auth, Firestore, Storage, Cloud Functions), Google Crashlytics/Analytics.
  • Subscription managementApple App Store, Google Play (purchases) and RevenueCat (subscription mediation/validation).
  • Push notificationsExpo/FCM/APNs.
  • Support — ticketing/messaging tools if used.
  • Voluntary sharing: with your loved ones/partners if you invite them to WeZioo (relationships/shared spaces).
  • Authorities: if required by law.

Our service providers act on WeZioo's instructions, under GDPR-compliant data processing agreements (article 28).

8. Commitment to Never Sell Your Data

We NEVER sell your data

This commitment is fundamental and irrevocable.

WeZioo formally commits to:

  • Never sell your personal data to third parties, under any circumstances;
  • Never rent or license access to your data for commercial purposes;
  • Never share your financial data (income, expenses) with advertisers, data brokers or marketing companies;
  • Never use your data to build advertising profiles or commercial targeting;
  • Never monetize your personal information in any way.

Our business model is based exclusively on paid subscriptions, not on monetizing your data.

9. Transfers outside EU/EEA

Some data may be processed outside the EU/EEA (e.g. United States for Google/Firebase services). When this is the case, we implement appropriate safeguards:

  • Standard Contractual Clauses (SCC) from the European Commission;
  • Supplementary measures: encryption, pseudonymization where applicable;
  • Assessment of legislation in the destination country.

10. Retention periods

In accordance with the storage limitation principle (GDPR art. 5), we retain your data according to the following periods:

Data typeRetention period
User account (first name, age, preferences)Immediate deletion upon account closure
Relationship data (expenses, income, transfers)Deleted when all members have left the relationship
Technical logs & security3 to 12 months maximum
Subscription records5 years (accounting/tax obligations)
Support emails2 years after resolution
Backups30 days rolling

11. Security & encryption

We implement robust technical and organizational measures to protect your data:

11.1 Encryption

  • In transit: all communications are encrypted via TLS 1.2 minimum;
  • At rest: your data is encrypted by our infrastructure (Google Cloud / Firebase) using AES-256 encryption.

11.2 Access controls

  • • Principle of least privilege for data access;
  • • Logging of access to sensitive data.

11.3 Infrastructure

  • • Hosting on secure infrastructure (Google Cloud Platform);
  • • Regular encrypted backups.

Recommendation: also protect your device and credentials. Use a strong password and enable biometric authentication if available.

12. Your rights (GDPR)

In accordance with GDPR and Data Protection Law, you have the following rights:

Right of access (art. 15)

Obtain confirmation that your data is being processed and receive a copy.

Right to rectification (art. 16)

Have inaccurate data corrected or incomplete data completed.

Right to erasure (art. 17)

Request deletion of your data under the conditions provided by GDPR.

Right to restriction (art. 18)

Request restriction of processing in certain circumstances.

Right to portability (art. 20)

Receive your data in a structured, commonly used format (JSON, CSV).

Right to object (art. 21)

Object to processing for reasons relating to your particular situation.

12.1 How to exercise your rights

  • By email: contact@wezioo.com specifying your request and the email address linked to the account.
  • Account deletion: directly in the application via your profile settings.

12.2 Response times

We commit to responding to your requests within 30 days of receipt. This period may be extended by two additional months if the complexity or number of requests justifies it (you will be informed).

12.3 Post-mortem directives

In accordance with French law, you can set directives relating to the retention, deletion and communication of your data after your death.

13. Data Breach Notification

In accordance with GDPR article 33, in the event of a personal data breach likely to result in a risk to your rights and freedoms, we commit to:

  • Notification to supervisory authority: within 72 hours after becoming aware, unless the breach is unlikely to result in a risk to your rights and freedoms.
  • User notification: if the breach is likely to result in a high risk to your rights and freedoms (e.g. financial data leak), we will inform you as soon as possible by email or in-app notification.
  • Notification content: nature of the breach, categories of data affected, likely consequences, measures taken to remedy it and recommendations to protect yourself.

14. Cookies & trackers

Mobile application: no cookies in the browser sense, but technical identifiers may be used for:

  • • Connection and authentication;
  • • Security and fraud prevention;
  • • Push notifications;
  • • Anonymized usage measurement (if consent given).

You can manage certain consents in the app or in your device settings (notifications, advertising identifier, cross-app tracking).

15. Children

WeZioo is not intended for children under 16 years of age (or the age required by local law). We do not knowingly collect data from minors without appropriate parental consent. If you are a parent or guardian and believe a child has provided us with data without your consent, contact us immediately at contact@wezioo.com for deletion.

16. Modifications

We may update this policy for legal, technical or operational reasons. In case of substantial modifications affecting your rights, we will inform you by:

  • • In-app notification;
  • • Email to the address associated with your account;
  • • Display of a banner on the website.

The "last updated" date below reflects the current version. We encourage you to regularly review this page.

17. Contact & complaints

17.1 Contact us

For any questions about this policy or exercising your rights:

Email: contact@wezioo.com

Data Controller: NexOps Consulting (SARLU)

Address: Pegomas, France

17.2 Complaint to supervisory authority

If you believe that the processing of your data does not comply with regulations, you can lodge a complaint with the competent supervisory authority:

Commission Nationale de l'Informatique et des Libertés (CNIL)

3 Place de Fontenoy - TSA 80715

75334 PARIS CEDEX 07, France

Website: www.cnil.fr

You can also contact the data protection authority in your country of residence if you reside in another EU member state.

Last updated: January 14, 2026

This privacy policy complies with Regulation (EU) 2016/679 (GDPR), French Law No. 78-17 of January 6, 1978 (Data Protection Act), and CNIL recommendations.