Privacy Policy

Data we collect

Account data: your name, email address, password (stored only as a salted hash), and the business you create.

Business data you enter: customers, suppliers, invoices, bills, transactions, inventory, employees and the financial records that make up your books.

Usage and technical data: log entries, IP address, device/browser type, and audit records of actions taken in your account.

How we use it

To operate the product — store your books, run reports, send invoices and reminders, and process subscription billing.

To secure your account (authentication, two-factor, fraud and abuse prevention) and to provide support.

We do not sell your data, and we do not use your business records to train third-party AI models.

Tenant isolation & storage

Every customer's data is isolated at the database level using PostgreSQL row-level security, so one business can never read another's records.

Data is hosted on Supabase/PostgreSQL with encryption in transit (TLS) and at rest, with daily encrypted backups.

Sub-processors

We rely on a small set of vendors to run Zenvora: Supabase (database & auth), Vercel (hosting), Resend (transactional email), and our payment processor for subscriptions. Each processes data only to provide their service to us.

Retention

We keep your data for as long as your account is active. Financial records may be retained after closure where tax and accounting law requires it (typically up to the statutory period in your jurisdiction). You can request export or deletion at any time.

Your rights (GDPR & equivalents)

You can access, correct, export or delete your personal data, object to certain processing, and withdraw consent. To exercise any of these, email privacy@zenvora.com and we will respond within 30 days.

If you are in a region covered by the GDPR, our legal bases for processing are contract performance (running the service you signed up for), legitimate interest (securing and improving the product), and legal obligation (tax/accounting retention).