Privacy Policy

Who we are

Level Zen App ("LvZen") is provided by Braw Technologies Ltd, a private limited company incorporated in the United Kingdom. For privacy inquiries, contact enquiry@braw.tech.

Scope

This policy explains how we collect, use, share, and protect personal data when you use Level Zen App across web and mobile. It also outlines your rights under the UK GDPR and, where applicable, the EU GDPR.

Minimum age

You must be at least 16 years old to use Level Zen. We do not knowingly collect personal data from children under 16.

Data we collect

• Account & identity: email address, display name, and identifiers from Azure Entra External ID (e.g., subject ID, tenant, issuer). We may store a cryptographic hash of your email for invitations and linking, encrypted at rest.
• Location (freeform): country/region text you provide to help determine applicable compliance obligations.
• Product content: notes, projects, tasks, and other free‑form content you enter. You may choose to include personal or sensitive data in content; we do not require it.
• Sharing & invitations: email addresses of collaborators you enter to share calendars/projects or to send invitations.
• Telemetry & diagnostics: OpenTelemetry events, performance metrics, and crash/error logs. These are associated with an internal user ID we assign (pseudonymous) and may include device/browser data and IP addresses captured by infrastructure.
• Billing (future): if/when billing is enabled, payments are processed by Stripe and/or platform app stores (Apple, Google, Microsoft). We do not store raw card numbers.

Sources of data

We collect data directly from you and through your use of the service. If you choose to connect external services (e.g., account sign‑in via Azure Entra, or calendar providers), we process the data those providers share with us under your authorization and according to their terms.

How we use data

• Provide, operate, and secure Level Zen (account creation, authentication, syncing, sharing, notifications).
• Improve performance, reliability, and user experience (diagnostics, troubleshooting, analytics).
• Send essential service messages such as invitations, security, and transactional notices.
• Process payments and manage subscriptions (when enabled).
• Comply with legal obligations and enforce terms.

Legal bases (UK/EU)

• Contract: to deliver core features you request.
• Legitimate interests: to maintain security, prevent fraud/abuse, and improve the service.
• Consent: where required (e.g., certain cookies or optional integrations). You can withdraw consent at any time.
• Legal obligation: where we must process data to comply with law.

Cookies and local storage

We use necessary cookies and/or local storage for sign‑in, security, and preferences. We do not use third‑party advertising cookies.

Sharing and processors

We do not sell or share personal data for advertising. We use trusted processors to run Level Zen, including:

• Microsoft Azure (UK South) for hosting, databases, and security services.
• Azure Entra External ID for authentication.
• Azure Application Insights for telemetry and diagnostics.
• Stripe (future) and/or platform app stores (Apple App Store, Google Play, Microsoft Store) for payments.
• Email delivery for invitations/notifications.

These providers process data on our behalf under data protection agreements and appropriate safeguards.

Data location and transfers

Primary hosting is in Azure UK South. If data is transferred outside the UK/EU (e.g., by a sub‑processor or when you collaborate internationally), we rely on safeguards such as the UK International Data Transfer Addendum and/or EU Standard Contractual Clauses, as applicable.

Retention

• Account and content: deleted immediately when you delete your account or the content.
• Backups: retained for up to 90 days (Azure managed backup defaults) after which they are purged.
• Telemetry/logs: retained for up to 90 days (e.g., Application Insights defaults).
• We may retain minimal records as required by law or to resolve disputes.

Security

We use industry‑standard measures including encryption in transit and at rest, hashed identifiers for certain lookups (e.g., email hash), strict access controls, and least‑privilege principles. No method of transmission or storage is 100% secure, but we strive to protect your data.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your data, and to object to certain processing. To exercise these rights, contact enquiry@braw.tech. You can also lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO).

Children

Level Zen is not intended for children under 16. If you believe a child provided us data, please contact us so we can take appropriate action.

Changes to this policy

We may update this policy from time to time. We will update the “Last updated” date above and, if changes are material, we will provide additional notice.

Contact

Braw Technologies Ltd
Email: enquiry@braw.tech