Last updated: January 2026

Privacy Policy

Your privacy matters to us. This policy explains how Zebt collects, uses, and protects your personal data in accordance with the UK Data Protection Act 2018 and UK GDPR.

1Who We Are

Zebt is operated by Nexabyte Ltd, a company registered in England and Wales.

Company Number
15817114
ICO Registration
ZB911761
Contact
info@nexabyte.co.uk

We are the data controller for the personal data we collect through Zebt. This means we decide how your personal data is processed and for what purposes.

2Definitions

Personal Data
Information that identifies you as an individual, such as your email address.
Financial Data
Information about your debts, bills, income, and other financial details you enter into Zebt.
Service
The Zebt website and application.

3Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Your email address
  • If you sign in with Google: your name and profile picture
  • Authentication tokens to keep you signed in

3.2 Financial Data You Provide

You choose what financial information to enter. This may include:

  • Household members (names, display colours)
  • Credit cards (names, balances, APRs, credit limits, payment amounts)
  • Loans (names, balances, APRs, original amounts, payment schedules)
  • Other finance items (insurance, phone contracts, etc.)
  • Monthly bills (names, amounts, payment methods, due dates)
  • Income sources (names, amounts, payment frequencies)
  • Your preferences and settings

3.3 Technical Data

We automatically collect limited technical data:

  • Session cookies — Essential for keeping you signed in
  • Hashed IP addresses — For rate limiting, securely hashed so they cannot be traced back to you
  • Anonymous error data — Browser type and error messages only

3.4 Waitlist Data

If you joined our waitlist before launch, we collected your email address to notify you when Zebt became available.

5How We Use Your Information

We use your information to:

  • Provide and operate the Zebt service
  • Calculate debt payoff forecasts based on data you enter
  • Send you account-related emails (password resets, important updates)
  • Monitor and fix errors (using anonymous data only)
  • Prevent abuse through rate limiting
  • Improve the service over time

We never sell your data. We do not share your financial information with third parties for marketing.

6Data Retention

Data TypeRetention Period
Account and financial dataWhile your account is active
Deleted accountsImmediately deleted
Error logs90 days
Rate limit data24 hours

7Data Security

We take security seriously and protect your data with:

  • Database-level access controls — Your data is isolated and only accessible to you
  • Encryption in transit — All data is encrypted when sent between your device and our servers
  • Encryption at rest — Your data is encrypted when stored
  • IP address protection — We never store your actual IP address

8Third-Party Services

We use the following third-party services to operate Zebt:

ServicePurposeLocation
SupabaseDatabase & authEU
SentryError tracking (anonymous)US
ResendEmailIreland
UpstashRate limitingEU

Where data is transferred outside the UK, we ensure adequate safeguards are in place as required by UK GDPR.

9Your Rights

Under UK GDPR, you have the right to:

Access
Request a copy of your personal data
Rectification
Correct inaccurate data
Erasure
Delete your data ("right to be forgotten")
Portability
Receive data in a machine-readable format
Object
Object to processing based on legitimate interest
Withdraw consent
Where processing is based on consent

To exercise any of these rights, email us at info@nexabyte.co.uk. We will respond within 30 days.

10Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

The debt payoff forecasts we calculate are informational only and based entirely on data you provide. They do not constitute financial advice or automated decisions about you.

11Cookies

Zebt uses only strictly necessary cookies for authentication. These are essential to keep you signed in and do not require consent under UK PECR regulations.

CookiePurposeDuration
Authentication cookieKeeps you signed inUp to 30 days

We do not use:

  • Analytics cookies
  • Advertising or marketing cookies
  • Third-party tracking cookies
  • Behavioural tracking

12Children

Zebt is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a child, please contact us immediately.

13Changes to This Policy

We may update this policy from time to time. For material changes, we will notify you by email and/or a prominent notice in the app before the changes take effect.

14Complaints

If you're not satisfied with how we handle your data, please contact us first at info@nexabyte.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk

15Contact Us

For any questions about this privacy policy or your personal data:

Email
info@nexabyte.co.uk
Company
Nexabyte Ltd, No. 15817114
ICO Registration
ZB911761

Please also review our Terms of Service, which govern your use of Zebt.