Privacy Policy

a) Account Information

When you create an account, we collect:

• Email address (required for authentication)
• Password (encrypted and stored securely via Supabase authentication)
• Profile information (optional):
• Full name
• Profile picture/avatar
• Country

This information is collected directly from you during account registration and profile setup.

b) Financial Data

Zentia is designed to help you manage your personal finances. We collect the following financial information that you voluntarily provide:

• Transactions: Income and expense entries, including:
• Amount
• Date
• Description
• Category
• Account association
• Currency and exchange rates (for multi-currency accounts)
• Categories: Custom and default income/expense categories with associated icons and colors
• Accounts: Financial accounts you create, including:
• Account name
• Description
• Currency
• Initial balances and balance adjustments
• Budgets: Budget plans you create, including:
• Budget amount
• Period (daily, weekly, monthly, yearly)
• Associated categories and accounts
• Start and end dates
• Planned Expenses: Future expenses you plan, including:
• Amount
• Due date
• Category
• Recurrence settings
• Transaction Tags: Custom tags you assign to transactions

All financial data is provided directly by you and stored securely in our database. Financial data is processed as part of contract performance and under enhanced security measures.

c) Usage and Preference Data

We collect information about how you use Zentia and your preferences:

• User Settings:
• Preferred currency
• Theme preference (light, dark, or system)
• Language preference
• Number format preferences (locale, decimal display, date format)
• Onboarding completion status
• Notification Preferences:
• Budget alert settings
• Planned expense reminders
• Daily reminder preferences
• Activity reminder settings
• AI Chat Interactions (currently disabled):
• If AI features are enabled in the future, this would include conversations and messages with our AI assistant
• Token usage data (for service optimization)
• Conversation metadata

d) Technical Information

We automatically collect certain technical information:

• Device Information: Device type, operating system, app version
• IP Address: Collected for security and authentication purposes
• Authentication Data: Session tokens and authentication state (managed by Supabase)
• Error Logs: Technical error information for debugging and service improvement

Service Provision

Core Functionality: To provide and maintain the Zentia app, including:

• Transaction tracking and management
• Budget creation and monitoring
• Financial reporting and insights
• Account balance calculations
• Multi-currency support and conversions

Cross-Device Synchronization: To synchronize your financial data across all devices where you access Zentia using the same account

AI Features (currently disabled): If enabled in the future, to power our AI assistant that would help you:

• Answer questions about your finances
• Generate financial insights and reports
• Provide personalized financial advice (informational only)

Notifications: To send you reminders and alerts based on your preferences:

• Budget threshold alerts
• Planned expense reminders
• Daily activity reminders
• Inactivity reminders

Service Improvement

• Performance Optimization: To improve app performance, fix bugs, and enhance user experience
• Feature Development: To understand how features are used and develop new functionality
• Error Resolution: To diagnose and resolve technical issues
• Automatic Categorization: To improve automatic categorization features based on user corrections (corrections are processed as part of requests but are not stored separately for this purpose)

Legal and Security

• Security: To protect your account and prevent unauthorized access
• Legal compliance: To comply with applicable laws and regulations
• Terms enforcement: To enforce our Terms and Conditions

Communication

• Account management communications
• Service updates and policy changes

Storage Location

Your data is stored securely using Supabase, a cloud-based backend-as-a-service platform. Supabase implements security standards aligned with GDPR and holds certifications including SOC 2 Type II. Supabase uses:

• PostgreSQL databases hosted on secure cloud infrastructure
• Row Level Security (RLS) policies to ensure data isolation between users
• Encrypted connections (HTTPS/TLS/SSL) for all data transmission
• Encryption at rest using AES encryption (industry-standard)
• Data centers: Data may be stored in various regions depending on your Supabase project configuration. For users in the European Economic Area (EEA), data is typically stored in European data centers when available

Security Measures

We implement multiple layers of security to protect your personal information:

• Data Encryption:
  • All data transmitted between your device and our servers is encrypted using HTTPS/TLS/SSL
  • Data at rest is encrypted using AES encryption (industry-standard)
• Authentication: Secure authentication handled by Supabase with encrypted password storage
• Access Controls: Database access is restricted through Row Level Security (RLS) policies
• Secure Storage: Financial data is stored in encrypted databases with access limited to authorized personnel and systems
• Security Audits: Supabase implements regular security audits and penetration testing
• Abuse Protection: Protection mechanisms against DoS (Denial of Service) and brute-force attacks
• Key Management: Authentication credentials are securely managed and regularly rotated

Data Retention

• Active Accounts: We retain your data as long as your account is active
• Deleted Accounts: When you delete your account, your account will be deactivated immediately and your personal data will be deleted or anonymized within a maximum period of 30 days, except where we are required to retain it for legal obligations
• Backup Data: Deleted data may persist in backups for up to 90 days before permanent deletion
• Extended Retention: We may retain certain data longer when required by:
• Legal obligations
• Regulatory requirements
• Tax or accounting requirements
• Dispute resolution purposes

Access and Portability

• Right to Access: You can access all your data through the Zentia app
• Right to Data Portability: You can export your financial data (we are working on export features)

Correction and Deletion

• Right to Rectification: You can update your account information and financial data at any time through the app
• Right to Deletion: You can delete your account and all associated data directly through the app (Settings > Account > Delete Account) or by contacting us at support@zentiaapp.com

Withdrawal of Consent

You can withdraw consent for certain data processing activities (e.g., notifications) through app settings. Withdrawing consent may limit your ability to use certain features.

Account Deletion

You can delete your account in two ways:

Note: Some information may be retained for legal or regulatory purposes even after account deletion.

Fresh Start (Data Reset)

If you want to keep your account but delete all your financial data, you can use the "Fresh Start" feature:

1. Open the Zentia app and navigate to Settings
2. Scroll to the "Account" section
3. Tap "Fresh Start"
4. Enter your current password to confirm
5. This will permanently delete all your transactions, accounts, categories, budgets, and planned expenses
6. Your account will remain active, allowing you to start fresh

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Lodge a Complaint

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe we have not addressed your concerns adequately. You can find your local authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Essential Cookies

We use essential cookies that are strictly necessary for the website and application to function properly:

• Authentication Cookies: Managed by Supabase to maintain your login session and ensure secure access to your account. These cookies are essential and cannot be disabled without affecting the service functionality.
• Security Cookies: Used to protect against security threats and ensure the integrity of your session.

Analytics and Performance Cookies

Currently, we do not use analytics cookies or tracking technologies. If we implement analytics in the future, we will:

• Obtain your explicit consent before using any non-essential cookies
• Provide clear information about what data is collected and how it is used
• Allow you to manage your cookie preferences through our settings

Managing Your Cookie Preferences

You can manage cookies through your browser settings:

• Most browsers allow you to refuse or accept cookies
• You can delete cookies that have already been set
• Disabling essential cookies may prevent you from using certain features of Zentia
• For detailed instructions, please see our Cookie & Tracking Policy