SmallZero
Login

Privacy Policy

Last updated: January 2026

1. Introduction

SmallZero ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our membership platform.

2. Data We Collect

Account Information

  • Email address (required for account creation)
  • Password (stored as a secure bcrypt hash, never in plain text)

Subscription Data

  • Membership tier (FREE or PRO)
  • Subscription status and renewal dates
  • Stripe customer ID (for payment processing)

Connected Services

  • Discord user ID (if you connect your Discord account)
  • Discord OAuth tokens (encrypted, used for role synchronization)

Usage Data

  • Download history (which files you've downloaded)
  • Bookmarks (stored locally in your browser, not on our servers)

3. Data We Do NOT Collect

  • Payment card numbers or banking details (handled entirely by Stripe)
  • Plain text passwords
  • Tracking cookies or advertising identifiers
  • Location data
  • Device fingerprints

4. How We Use Your Data

  • To provide and maintain your account
  • To process your subscription and manage access to content
  • To sync your Discord roles based on membership tier
  • To send essential account notifications (password resets, subscription changes)
  • To improve our services

5. Third-Party Services

Stripe

We use Stripe to process payments. Your payment information is sent directly to Stripe and never passes through our servers. See Stripe's Privacy Policy.

Discord

If you connect your Discord account, we access your Discord user ID to assign membership roles. See Discord's Privacy Policy.

Supabase

Our database is hosted on Supabase. See Supabase's Privacy Policy.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, we remove your personal data from our systems within 30 days, except where we are required to retain it for legal purposes.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your data

To exercise these rights, contact us at the email below.

8. Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • Bcrypt password hashing
  • Encrypted storage for OAuth tokens
  • Stripe webhook signature verification
  • Secure HTTP headers (X-Content-Type-Options, X-Frame-Options, etc.)

9. International Transfers

Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place when transferring data internationally, in compliance with GDPR and other applicable regulations.

10. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe we have collected such data, please contact us immediately.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this privacy policy or wish to exercise your data rights, please contact us at: privacy@smallzero.com