ZZentraCollect← Back to homepage
Legal

Privacy notice

Last updated: 10 May 2026

Who is the controller?

Zentra Ltd ([company number to insert]) is the data controller for information you provide when using Zentra Collect. Contact: privacy@zentracollect.co.uk.

We are registered with the UK Information Commissioner's Office (ICO registration number to insert).

What data we process

  • Account data — name, business name, email, password (hashed).
  • Invoice data you upload — customer names, contact emails, invoice references, amounts, due dates, notes.
  • Usage data — pages visited, features used, error logs (anonymised).
  • Billing data — handled by Stripe; we store only the minimum necessary identifiers.

Lawful basis

We process account data and invoice data on the basis of contract (to provide the service you signed up for), and usage data on the basis of legitimate interest(improving the service).

Where our customers (you) upload data about your customers, you act as the controller of that data and we act as the processor on your behalf. A data processing agreement (DPA) is available on request.

How long we keep it

We keep your invoice data for as long as your account is active, plus 30 days after closure. After that, it is deleted from our live systems and from backups within a further 60 days.

Who we share it with

  • Hosting / infrastructure providers (Vercel, Supabase) for the operation of the service.
  • AI providers (OpenAI, Google) only when you generate a draft message — see "AI" below.
  • Stripe for billing.
  • Where required by UK law or court order.

We do not sell your data and we do not use it to train third-party AI models.

AI processing

When you generate a draft message, the relevant invoice context is sent to our AI provider (OpenAI or Google). These providers do not retain the data for training. AI is used for drafting messages, classifying replies, and suggesting column mappings on import — never for ranking decisions, which are 100% rule-based.

Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct anything inaccurate.
  • Request deletion (right to be forgotten).
  • Export your data in a machine-readable format.
  • Object to processing or withdraw consent.
  • Complain to the UK Information Commissioner's Office (ico.org.uk).

Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access is restricted to staff who need it. We log access and review it periodically.

Draft notice: This page is a starting template, not legal advice. Have a UK-qualified solicitor review the wording before you accept your first paying customer.