ZennvoiZennvoi
Back to home

Privacy Policy

Last updated: April 2026

1. Introduction

Zennvoi ("we", "us", "our") operates the website zennvoi.com and the Zennvoi invoicing platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service. By using Zennvoi, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following types of information:

  • Account information: Name, email address, password, business name, phone number, and address when you create an account.
  • Billing information: Payment details are processed securely by Stripe. We do not store your credit card numbers.
  • Invoice data: Information you enter into invoices and quotes, including client names, email addresses, company details, line items, and amounts.
  • Usage data: How you interact with our platform, including pages visited and features used.
  • Onboarding data: Industry, team size, invoicing frequency, and feedback you provide during account setup.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing your account information, invoice data, and payment details is necessary to provide the Zennvoi service you have contracted for.
  • Legitimate interest (Art. 6(1)(f)): We process usage data to improve our platform, prevent fraud, and maintain security. Our legitimate interest does not override your fundamental rights.
  • Legal obligation (Art. 6(1)(c)): We may process and retain certain data to comply with tax, accounting, and financial regulations.
  • Consent (Art. 6(1)(a)): Where applicable, such as marketing communications, we process data based on your explicit consent, which you may withdraw at any time.

4. How We Use Your Information

  • To provide and maintain our invoicing service
  • To process payments and subscriptions through Stripe
  • To send invoice emails and payment reminders on your behalf
  • To send you service-related communications
  • To improve our platform based on usage patterns and feedback
  • To prevent fraud and ensure security

5. Data Sharing

We share your information only with the following service providers, each acting as a data processor on our behalf:

  • Stripe: For payment processing and Stripe Connect payouts.
  • Resend: For sending invoice emails and reminders on your behalf.
  • Supabase: For secure data storage and authentication.
  • Vercel: For application hosting, edge delivery, and serverless function execution.
  • Cloudflare: For DNS, DDoS protection, and content delivery.

We do not sell, rent, or trade your personal information to third parties. We do not share your data for cross-context behavioral advertising.

6. Data Security

We implement industry-standard security measures including encrypted connections (HTTPS), row-level security on all database tables, secure authentication, rate-limited API endpoints, and CSRF protection. Your payment information is handled entirely by Stripe and never touches our servers.

7. Data Retention

We retain your data for as long as your account is active. You can export all your data or delete your account at any time from the Settings page. When you delete your account, all associated data (documents, clients, settings, profile) is permanently removed within 30 days.

However, we may retain certain information as required by law (e.g., financial transaction records for tax and accounting purposes) for up to 7 years. Anonymized and aggregated data that can no longer identify you may be retained indefinitely for analytical purposes. Database backups containing your data are purged on a rolling 90-day cycle.

8. International Data Transfers

Your data may be transferred to and processed in the United States, where our service providers (Stripe, Resend, Supabase, Vercel, Cloudflare) operate. When we transfer data outside the European Economic Area, we rely on appropriate safeguards including the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs) as adopted by the European Commission. You may request a copy of the relevant safeguards by contacting us at privacy@zennvoi.com.

9. Your Rights

Depending on your location, you have the right to:

  • Access your personal data (via the Settings and Export features)
  • Correct inaccurate data (via the Settings page)
  • Delete your account and all associated data (right to erasure / right to be forgotten) — we will comply unless retention is required by law for financial record-keeping
  • Export your data in a portable format (JSON)
  • Request restriction of processing of your personal data in certain circumstances
  • Object to processing of your personal data where we rely on legitimate interest as the legal basis
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with a supervisory data protection authority if you believe your rights have been violated

To exercise any of these rights, contact us at privacy@zennvoi.com. We will respond within 30 days.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights:

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
  • Right to Opt-Out: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at privacy@zennvoi.com. We will verify your identity before processing your request and respond within 45 days.

Categories of personal information collected: Identifiers (name, email), commercial information (invoices, transactions), internet activity (usage data), professional information (business name, industry, address).

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users via email without undue delay and within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authority where required by law. The notification will include the nature of the breach, likely consequences, measures taken, and the contact point for further information.

12. Cookies

We use strictly necessary cookies for authentication and session management. These include:

  • sb-access-token / sb-refresh-token: Supabase authentication session cookies. Duration: until session expiry or logout.
  • Stripe cookies: Set by Stripe on payment pages for fraud prevention. Duration: session-based.

We do not use tracking cookies, analytics cookies, or third-party advertising cookies. Because we only use strictly necessary cookies, we do not require cookie consent under the ePrivacy Directive. This cookie policy will be updated if our cookie usage changes.

13. Children's Privacy

Zennvoi is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 16 (or under 13 under COPPA). If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at support@zennvoi.com.

14. Third-Party Links

Our Service may contain links to third-party websites or services (such as Stripe payment pages). We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through the Service at least 30 days before the changes take effect. The updated policy will be posted on this page with a new effective date.

16. Contact

For general questions about this Privacy Policy, contact us at support@zennvoi.com.

For data protection inquiries specifically, contact us at privacy@zennvoi.com.

If you are located in the European Economic Area, you also have the right to contact your local data protection authority.