Zipflow

Security & Data Safety

Last updated: May 2026 · ICO Reg: ZC133493

apartment

Built on Google-grade infrastructure

Zipflow runs on Google Firebase — the same platform trusted by thousands of commercial apps worldwide. Your data is stored in Google Firestore, hosted in European Union data centres, keeping it within UK/EU jurisdiction.

Google Firebase

EU data centres

ISO 27001 certified infrastructure

99.999% uptime SLA

lock

Your data belongs to you — and only you

Every job, quote and customer record is locked to your account at the database level — not just the app level. Our Firestore security rules enforce this at every layer.

No other user can ever read, edit or delete your jobs
Your customer names and contact details are never sold or shared with third parties
Deleting your account permanently removes all your data within 30 days
Zipflow runs no ads and never uses your data for advertising

key

Secure sign-in — passwords never stored by us

Authentication is handled entirely by Google Firebase Auth using industry-standard encryption. Your password is never stored, processed or visible to Zipflow.

Passwords encrypted with bcrypt — irreversible hashing
Session tokens expire automatically
Password reset handled by Firebase's secure email flow
Google OAuth sign-in supported — your password never touches our system

shield

Encryption everywhere

In transit: HTTPS/TLS 1.3 on every request — nothing is ever sent in plain text
At rest: AES-256 encryption on all stored data — Google's default for Firestore
API keys: All service keys stored server-side only — never exposed to the browser

HTTPS / TLS 1.3

AES-256 at rest

Server-side API keys only

smart_toy

AI processing — what happens to your voice input

When you describe a job by voice or text, the transcript is sent to Groq's API to generate your quote. Only the job description is sent — no customer names, contact details or pricing history.

Transcripts may be retained for up to 12 months for quality improvement, then permanently deleted
Groq does not use your data to train models without explicit consent
This processing is fully disclosed in our Privacy Policy

link

Customer quote links

Each link uses a unique random token — impossible to guess or brute-force
Only the specific quote details are shared — no other job or account data visible
Links expire automatically after 30 days
Once accepted or declined, the link is locked and cannot be changed

verified

Registered with the ICO

Zipflow is registered with the UK Information Commissioner's Office (ICO) — the legal requirement for any business handling personal data in the UK under UK GDPR.

account_balance

ZC133493

ICO Registration Number · Registered 26 April 2026 · Expires 25 April 2027

Verify this registration at ico.org.uk.

info A straight-talking note

Zipflow is a new product built and maintained by a small, dedicated team. The technology underneath is enterprise-grade — Google Firebase, industry-standard encryption and UK-compliant data handling. But like any new app, it may occasionally have bugs. That's why your feedback during beta is so valuable, and why we're being transparent about everything above.

Questions about your data? Email privacy@zipflow.co.uk