Privacy Policy

The data controller is the publisher of the Pyzo website, whose contact details are set out in the legal notice.

For any question regarding your personal data, you can contact us at: hello@pyzo.fr.

Pyzo only collects the data that is strictly necessary for the operation of the service.

When signing up for the waitlist:

• First name
• Email address
• Partner’s first name (optional)
• Sign-up date and source (page of origin)

When using the service (once the beta opens):

• Account and profile data: email, first name, gender (optional), date of birth (optional), income (used only for proportional splitting, if you choose that mode), payment handles you provide (PayPal.me, Revolut, Lydia) and profile photo (optional)
• Couple data: couple name, relationship type and anniversary date (optional). Data entered within a couple is shared between its two members and synchronized in real time across their two devices
• Financial data you enter: shared expenses (amount, date, category, description), splitting between members of the couple, settlements and balances
• Technical data: session identifiers, activity logs, essential cookies
• No banking data: Pyzo does not connect to your bank accounts and does not store any bank details, IBAN or card numbers

Passwordless authentication:

Pyzo does not create or store any password. Sign-in is done via a one-time code sent by email, or through Google and Apple. When you return to the app, you can enable biometric unlock (Face ID / Touch ID): this verification is handled locally by your device — Pyzo never accesses your biometric data and keeps none of it.

Access to the camera and photos:

Pyzo may access your camera and your gallery only when you choose to set a profile photo. The selected image is sent to our secure servers (Supabase) to be shown to your partner. Pyzo never accesses your camera or your photos without an explicit action on your part, and collects no other image.

All your data is hosted in the European Union, primarily in France.

• Database and authentication: Supabase, Paris region (eu-west-3, France)
• Application hosting: Vercel, with execution preferentially on European regions
• Transactional emails: Resend (EU servers)
• Audience measurement (Vercel Analytics): anonymized traffic statistics (page views, traffic sources, device type), without cookies or individual profiling. Hosted in the European Union.
• Product measurement (PostHog Cloud EU): coming after the beta opens — servers in Germany.
• Error monitoring (Sentry): coming after the beta opens — European region.
• Subscription management (RevenueCat): coming with the Pyzo Premium plan — manages subscription status and has access to no payment data, which is handled exclusively by Apple and Google. Governed by standard contractual clauses (see  §10).

This website is purely informational: no payment is processed here and no banking data is collected.

In accordance with article 28 of the GDPR, Pyzo enters into data processing agreements with each of the providers listed above. None of your data is sold, rented or shared with third parties for commercial purposes.

• Waitlist data: until you unsubscribe, or for 24 months after the beta launch if you do not create an account
• Active account data: for as long as your account is active, plus a legal archiving period
• After account deletion: data is deleted within 30 days, except where legal retention obligations apply (billing, accounting: 10 years maximum)
• Technical logs: 12 months maximum

In accordance with the GDPR, you have the following rights:

• Right of access: obtain a copy of your data
• Right to rectification: correct inaccurate data
• Right to erasure: request the deletion of your data (the “right to be forgotten”)
• Right to restriction: restrict processing in certain cases
• Right to portability: retrieve your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interest
• Right to withdraw your consent at any time, without affecting the lawfulness of prior processing
• Right to set post-mortem directives regarding your data

To exercise these rights, write to us at hello@pyzo.fr. We will respond within one month at the latest.

If you believe that your rights are not being respected, you may lodge a complaint with the CNIL (the French data protection authority).

Pyzo implements appropriate technical and organizational measures to protect your data against loss, unauthorized access, disclosure or destruction:

• TLS encryption for all network exchanges;
• encryption of data at rest on the databases hosted by Supabase;
• secure hashing of passwords (never stored in plain text);
• strict access control on the server side;
• logging of sensitive access.

The pyzo.fr marketing site sets no cookies. Our traffic statistics are collected via Vercel Analytics, which works without cookies (a method based on ephemeral IP hashes, never stored). No consent banner is therefore necessary.

When the Pyzo app opens (June 2026), the only cookies used will be:

• Essential cookies: necessary for operation (authentication session, preferences). No consent required (article 82 of the French Data Protection Act).

No advertising or third-party profiling cookie is or ever will be set.

Pyzo’s main processors are based in or operate from the European Union. When a transfer outside the EU is unavoidable (for example, certain Vercel operations), it is governed by the standard contractual clauses adopted by the European Commission, ensuring an equivalent level of protection.

This policy may be updated to reflect legal or technical developments. Any substantial change will be notified to you by email or in the app. The date of the last update is shown at the top of this page.