Privacy Policy

Zenovay Inc. ("Zenovay", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website zenovay.com (the "Site") and use our analytics platform and related services (the "Services").

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

Information We Collect

We collect information about you in various ways when you use our Services. The information we collect falls into the following categories:

Information You Provide Directly

We collect information that you provide directly to us, including:

• Account Information: When you create an account, we collect your name, email address, company name, and password.
• Payment Information: When you subscribe to a paid plan, our payment processor (Stripe) collects your payment card information, billing address, and related payment details. We do not store complete payment card numbers on our servers.
• Profile Information: You may choose to provide additional information such as your job title, phone number, profile picture, and company website.
• Communications: When you contact our support team or communicate with us, we collect the content of your messages, support tickets, and any attachments you send.
• Survey Responses: If you participate in surveys or provide feedback, we collect your responses and any personal information you choose to share.

Information Collected Automatically

When you access or use our Services, we automatically collect certain information, including:

• Usage Data: We collect information about your use of our Services, including the pages you view, features you use, links you click, searches you perform, and the date and time of your visits.
• Device Information: We collect information about the devices you use to access our Services, including device type, operating system, browser type and version, screen resolution, IP address, unique device identifiers, and mobile network information.
• Location Data: We may collect approximate location information based on your IP address to provide region-specific features and comply with local regulations.
• Cookies and Similar Technologies: We use cookies, web beacons, pixel tags, and similar technologies to collect information about your browsing behavior. See our Cookie Policy for more details.

Information From Third Parties

We may receive information about you from third-party sources, including:

• Authentication Services: If you sign up or log in using a third-party service (e.g., Google, GitHub), we receive basic profile information from that service.
• Analytics Providers: We use third-party analytics services to help us understand how users interact with our Services.
• Marketing Partners: We may receive information from our marketing and advertising partners about your interactions with our campaigns.

How We Use Your Information

We use the information we collect for various purposes, including:

• Provide and Maintain Services: To create and manage your account, process transactions, provide customer support, and deliver the features and functionality of our Services.
• Improve and Develop Services: To understand how users interact with our Services, identify trends, diagnose technical issues, and develop new features and improvements.
• Communicate With You: To send you service-related notifications, respond to your inquiries, provide customer support, and send marketing communications (with your consent).
• Personalization: To personalize your experience, provide relevant content and recommendations, and remember your preferences.
• Security and Fraud Prevention: To detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
• Legal Compliance: To comply with legal obligations, respond to legal requests, enforce our terms and policies, and protect our rights and the rights of others.
• Analytics and Research: To conduct research, create statistical and aggregated data, and analyze usage patterns to improve our Services.
• Marketing and Advertising: To send you promotional materials, display targeted advertisements, and measure the effectiveness of our marketing campaigns (with your consent where required).

Legal Basis for Processing (EEA Users)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your information depends on the specific information and the context in which we collect it. We process your information based on:

• Contract Performance: Processing is necessary to perform our contract with you (e.g., providing the Services you subscribed to).
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our Services, ensuring security, and conducting marketing (except where overridden by your data protection interests).
• Consent: You have given us clear consent to process your information for specific purposes (e.g., marketing communications).
• Legal Obligations: Processing is necessary to comply with legal obligations applicable to us.

How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud Hosting: AWS, Vercel, Cloudflare for infrastructure and content delivery
• Payment Processing: Stripe for processing payments and managing subscriptions
• Email Services: Resend for transactional email delivery
• Authentication: Clerk for user authentication and identity management
• Database Services: Supabase for data storage and management

These service providers have access to your information only to perform tasks on our behalf and are obligated to protect your information. For a complete list of our subprocessors, please see our Subprocessors page.

Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

Legal Requirements and Protection

We may disclose your information if required to do so by law or if we believe such action is necessary to:

• Comply with legal obligations, court orders, or governmental requests
• Enforce our Terms of Service or other agreements
• Protect and defend our rights or property
• Prevent fraud or abuse of our Services
• Protect the safety of our users or the public

Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Employee training on data protection and security
• Incident response and breach notification procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on the type of information:

• Account Information: Retained for the duration of your account plus 90 days after account closure
• Analytics Data: Retained for up to 2 years, or as configured by your data retention settings
• Payment Records: Retained for 7 years to comply with tax and accounting requirements
• Communications: Support tickets and communications retained for 3 years
• Logs and Security Data: Retained for 90 days for security and troubleshooting purposes

You can request deletion of your information at any time by contacting us or deleting your account through the Services.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability

You have the right to access your personal information and request a copy in a portable, machine-readable format.

Correction

You have the right to correct inaccurate or incomplete personal information. You can update most information through your account settings.

Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, legitimate business purposes).

Objection and Restriction

You have the right to object to certain processing of your information or request that we restrict processing in certain circumstances.

Withdraw Consent

Where we process your information based on consent, you have the right to withdraw consent at any time.

Opt-Out of Marketing

You can opt out of marketing communications by clicking the "unsubscribe" link in our emails or updating your communication preferences in your account settings.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request information about the personal information we collect, use, and disclose about you.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: You have the right to opt out of the "sale" of your personal information. We do not sell personal information.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

To exercise these rights, please contact us at privacy@zenovay.com.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal information
• Right to rectification of inaccurate information
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

To exercise these rights or if you have questions about our data processing, please contact us at privacy@zenovay.com.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal information from the EEA to other countries, we use appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

Children's Privacy

Our Services are not directed to children under the age of 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@zenovay.com, and we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last update" date at the top of this page
• Notify you via email or through a prominent notice in our Services
• Obtain your consent if required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after changes become effective constitutes your acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: