Privacy Policy

Last updated: January 1, 2024

Zentia ("we", "our", "us") operates the Zentia mobile and web application ("the App" or "the Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our personal finance management application.

By using Zentia, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

a) Account Information

When you create an account, we collect:

  • Email address (required for authentication)
  • Password (encrypted and stored securely via Supabase authentication)
  • Profile information (optional):
    • Full name
    • Profile picture/avatar
    • Country

This information is collected directly from you during account registration and profile setup.

b) Financial Data

Zentia is designed to help you manage your personal finances. We collect the following financial information that you voluntarily provide:

  • Transactions: Income and expense entries, including amount, date, description, category, account association, and currency
  • Categories: Custom and default income/expense categories with associated icons and colors
  • Accounts: Financial accounts you create, including account name, description, currency, and balances
  • Budgets: Budget plans you create, including budget amount, period, associated categories, and dates
  • Planned Expenses: Future expenses you plan, including amount, due date, category, and recurrence settings
  • Transaction Tags: Custom tags you assign to transactions

All financial data is provided directly by you and stored securely in our database.

c) Usage and Preference Data

We collect information about how you use Zentia and your preferences:

  • User Settings: Preferred currency, theme preference, language preference, number format preferences, onboarding completion status
  • Notification Preferences: Budget alert settings, planned expense reminders, daily reminder preferences, activity reminder settings
  • AI Chat Interactions (currently disabled): If AI features are enabled in the future, this would include conversations and messages with our AI assistant

d) Technical Information

We automatically collect certain technical information:

  • Device Information: Device type, operating system, app version
  • Authentication Data: Session tokens and authentication state (managed by Supabase)
  • Error Logs: Technical error information for debugging and service improvement

Note: We do not use third-party analytics services, tracking pixels, or advertising networks. We do not track your behavior across other websites or apps.

2. How We Use Your Information

We use the collected information for the following purposes:

Service Provision

  • Core functionality: Transaction tracking, budget creation, financial reporting, account balance calculations, multi-currency support
  • Cross-device synchronization
  • AI features (currently disabled): If enabled, to power our AI assistant
  • Notifications: Budget alerts, planned expense reminders, daily activity reminders

Service Improvement

  • Performance optimization and bug fixes
  • Feature development based on usage patterns
  • Error resolution and technical issue diagnosis

Legal and Security

  • Security: To protect your account and prevent unauthorized access
  • Legal compliance: To comply with applicable laws and regulations
  • Terms enforcement: To enforce our Terms and Conditions

Communication

  • Account management communications
  • Service updates and policy changes

We do NOT sell, rent, or trade your personal or financial data to third parties for marketing or advertising purposes.

3. Data Storage and Security

Storage Location

Your data is stored securely using Supabase, a cloud-based backend-as-a-service platform. Supabase uses:

  • PostgreSQL databases hosted on secure cloud infrastructure
  • Row Level Security (RLS) policies to ensure data isolation between users
  • Encrypted connections (HTTPS/TLS) for all data transmission
  • Encryption at rest using industry-standard practices

Security Measures

We implement reasonable technical and organizational measures to protect your data:

  • Secure authentication handled by Supabase with encrypted password storage
  • Data encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
  • Access controls: Database access is restricted through Row Level Security policies
  • Secure storage: Financial data is stored in encrypted databases with access limited to authorized personnel and systems

Data Retention

  • Active Accounts: We retain your data as long as your account is active
  • Deleted Accounts: When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes
  • Backup Data: Deleted data may persist in backups for up to 90 days before permanent deletion

Important: While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

4. Data Sharing and Third-Party Services

We use the following third-party services to operate Zentia:

a) Supabase (Backend Services)

  • Purpose: Authentication, database hosting, and data storage
  • Data Shared: All account and financial data necessary for app functionality
  • Privacy Policy: https://supabase.com/privacy

b) OpenAI (AI Features - Currently Disabled)

Note: AI-powered features are currently disabled in Zentia.

c) Stripe (Payment Processing)

  • Purpose: Processing subscription payments for Zentia Plus
  • Data Shared: Email address, payment information (handled securely by Stripe), subscription status
  • Privacy Policy: https://stripe.com/privacy
  • Note: Payment card details are never stored on our servers

d) Exchange Rate API (Currency Conversion)

5. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

Access and Portability

  • Right to Access: You can access all your data through the Zentia app
  • Right to Data Portability: You can export your financial data (we are working on export features)

Correction and Deletion

  • Right to Rectification: You can update your account information and financial data at any time through the app
  • Right to Deletion: You can request deletion of your account and all associated data by contacting us

Withdrawal of Consent

You can withdraw consent for certain data processing activities (e.g., notifications) through app settings. Withdrawing consent may limit your ability to use certain features.

Account Deletion

To delete your account:

  1. Contact us with the subject "Account Deletion Request"
  2. Include your account email address
  3. We will verify your identity and process the deletion within 30 days
  4. You will receive confirmation once your data has been deleted

Note: Some information may be retained for legal or regulatory purposes even after account deletion.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

Specifically:

  • Supabase infrastructure may be located in various regions
  • OpenAI processes data in the United States
  • Stripe processes data in the United States and other jurisdictions

By using Zentia, you consent to the transfer of your information to these countries. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

7. Children's Privacy

Zentia is not intended for individuals under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

8. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw previously given consent

To exercise these rights, contact us. We will respond within one month.

Legal Basis for Processing: We process your data based on contractual necessity, legitimate interests, and consent for optional features.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about what personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

  • We will update the "Last updated" date at the top of this policy
  • For material changes, we will notify you through in-app notifications, email to your registered address, and prominent notice on our website

Your continued use of Zentia after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you may delete your account and stop using the Service.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@zentia.app

We will respond to your inquiry within 30 days.

This Privacy Policy is effective as of January 1, 2024 and applies to all users of Zentia.