Privacy Policy

Welcome to Zinancial. This Privacy Policy describes how Zinancial collects, uses, discloses, stores, and safeguards personal information when you access or use our website, software platform, APIs, and related services.

The Services provide AI-powered financial tools, accounting automation, data analytics, and related functionalities designed for businesses and individuals.

Zinancial is committed to protecting your privacy and handling your personal information with transparency and in compliance with applicable data protection laws, including:

• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
• Australia: Privacy Act 1988 and Australian Privacy Principles (APPs)
• United States: California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and other applicable state privacy laws
• United Kingdom: UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018
• European Union: General Data Protection Regulation (GDPR)
• India: Digital Personal Data Protection Act, 2023 (DPDPA) and Information Technology Act, 2000

Personal Data or Personal Information means any information that identifies, relates to, describes, or could reasonably be linked with an identified or identifiable individual.

Zinancial has designated a Privacy Officer responsible for overseeing compliance with this Privacy Policy and applicable data protection laws. For privacy-related inquiries, requests, or concerns, you may contact our Privacy Officer at:

• Email: privacy@zinancial.com
• Address: [Complete Business Address - To Be Updated]

For UK GDPR matters, our UK representative can be contacted at: [UK Representative Contact Details - To Be Updated].

For EU GDPR matters, our EU representative can be contacted at: [EU Representative Contact Details - To Be Updated].

We collect various categories of personal information depending on how you interact with our Services:

Information You Provide Directly

• Account Information: Name, email address, phone number, postal address, company name, business details, job title, billing information
• Payment Information: Credit or debit card details, billing address, payment history (processed securely through third-party payment processors)
• Financial Data: Invoices, transactions, ledgers, tax records, bank account information, financial statements, and other business records you upload or input
• Communications: Content of messages, emails, or other communications you send to us or through the Services
• Profile Information: Preferences, settings, and customizations you configure within your account

Information Collected Automatically

• Usage Data: Pages viewed, features accessed, time spent on pages, click patterns, navigation paths, referring or exit pages
• Device Information: IP address, browser type and version, operating system, device type, unique device identifiers, mobile network information
• Log Data: Access times, error logs, system activity, security events
• Location Data: General geographic location derived from IP address

Information from Cookies and Tracking Technologies

We use cookies, web beacons, pixels, local storage, and similar technologies. Please see Section 12 and our separate Cookie Policy for detailed information.

Information from Third-Party Sources

• Business Information: Publicly available business data, credit information, verification data from third-party services
• Integrated Services: Data from third-party applications you connect to our Services such as accounting software, payment platforms, and banking APIs

Inferred Information

Analytics and Insights: Business patterns, financial trends, risk assessments, and other insights derived from your use of the Services.

Under UK GDPR and EU GDPR, we process personal data based on the following lawful bases:

• Contractual Necessity: Processing necessary to perform our contract with you (providing the Services, account management, customer support)
• Legal Obligation: Processing required to comply with legal obligations (tax reporting, regulatory compliance, law enforcement requests)
• Legitimate Interests: Processing necessary for our legitimate business interests, including fraud prevention, security, analytics, service improvement, and direct marketing (where not overridden by your rights)
• Consent: Processing based on your explicit consent (e.g., marketing communications, optional features, non-essential cookies)
• Vital Interests: Processing necessary to protect vital interests in emergency situations

We use collected information for the following purposes:

Service Delivery and Performance

• Provide, operate, maintain, and improve the Services
• Process financial data and generate analytics, reports, and insights
• Enable AI-powered features including automated categorization, forecasting, and recommendations
• Process transactions and manage subscriptions
• Provide customer support and respond to inquiries

Communication

• Send service-related notifications, updates, and security alerts
• Provide product updates, feature announcements, and educational content
• Respond to your requests, questions, and feedback
• Send marketing communications (with opt-out option)

Security and Fraud Prevention

• Detect, prevent, and investigate fraud, security breaches, and prohibited activities
• Verify identity and authenticate users
• Monitor and enforce our Terms of Service

Analytics and Improvement

• Analyze usage patterns and trends (typically in aggregated, anonymized form)
• Conduct research and development to improve Services
• Test new features and optimize user experience

Legal Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from government authorities
• Enforce our agreements and protect our legal rights

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers and Processors

We engage trusted third-party service providers who process data on our behalf under written contracts containing appropriate security, confidentiality, and data protection obligations:

• Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud, Microsoft Azure)
• Payment processors (e.g., Stripe, PayPal)
• Email and communication platforms
• Analytics and monitoring services
• Customer support and CRM platforms
• Security and fraud prevention services

Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor entity. We will notify you of any such change and provide choices regarding your information.

Legal Requirements and Protection

We may disclose information when required by law or when we believe disclosure is necessary to:

• Comply with legal obligations, court orders, or lawful government requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of Zinancial, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues

With Your Consent

We may share information for other purposes with your explicit consent or at your direction.

Your information may be transferred to and processed in countries other than your country of residence, including the United States and other jurisdictions where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers from the UK and EEA, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission and UK Information Commissioner's Office
• Adequacy decisions recognizing equivalent data protection standards
• Binding Corporate Rules where applicable
• Your explicit consent for specific transfers

For transfers from Canada, we comply with PIPEDA requirements and obtain consent where required.

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Data

Active account data is retained for the duration of your account relationship plus any applicable statutory retention periods.

Financial Records

Financial data may be retained for extended periods to comply with tax, accounting, and regulatory requirements (typically 7 years or as required by jurisdiction).

Post-Termination

Following account termination, we will delete or anonymize your data within 60 days, except where retention is required for:

• Legal compliance and regulatory obligations
• Dispute resolution and enforcement of agreements
• Fraud prevention and security purposes
• Backup systems (deleted within 90 days)

Depending on your jurisdiction, you may have various rights regarding your personal information:

Access and Portability

• Right to Access: Request confirmation of whether we process your data and obtain a copy
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format (UK GDPR, EU GDPR, CCPA/CPRA)

Correction and Deletion

• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your personal data, subject to legal exceptions

Processing Restrictions

• Right to Restriction: Request limitation of processing in certain circumstances (UK GDPR, EU GDPR)
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes

Consent Withdrawal

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Exercising Your Rights

To exercise any of these rights, please contact us at privacy@zinancial.com or through your account settings. We will respond within the timeframes required by applicable law:

• UK GDPR / EU GDPR: 1 month (extendable to 3 months for complex requests)
• CCPA / CPRA: 45 days (extendable to 90 days)
• PIPEDA: 30 days (extendable to 90 days)
• Australian Privacy Act: 30 days

We may require verification of your identity before processing requests. You also have the right to lodge a complaint with your local data protection authority.

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction:

Technical Measures

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Multi-factor authentication options
• Regular security assessments and penetration testing
• Intrusion detection and prevention systems
• Automated security monitoring and alerting

Organizational Measures

• Access controls and principle of least privilege
• Employee confidentiality obligations
• Regular security training and awareness programs
• Incident response procedures
• Vendor security assessments

Certifications and Standards

We maintain or are working towards industry-standard certifications including SOC 2 Type II and ISO 27001 to demonstrate our commitment to information security.

In the event of a security incident resulting in unauthorized access to, or disclosure of, personal information that poses a risk of harm, we will:

• Investigate and assess the breach promptly
• Notify affected individuals without undue delay as required by applicable law
• Notify relevant supervisory authorities where required (e.g., within 72 hours under UK GDPR / EU GDPR)
• Provide information about the nature of the breach, likely consequences, and measures taken or proposed
• Comply with jurisdiction-specific notification requirements (e.g., Australia's Notifiable Data Breaches scheme, CCPA breach notification)

Notifications will be sent via email or other appropriate means to the contact information associated with your account.

We use cookies, web beacons, pixels, and similar technologies to operate the Services, remember preferences, gather analytics, and provide personalized experiences.

Types of Cookies Used

• Strictly Necessary Cookies: Essential for core functionality including authentication, security, and session management
• Performance Cookies: Collect analytics about how visitors use the Services to improve functionality
• Functional Cookies: Remember preferences and settings to enhance your experience
• Marketing Cookies: Deliver relevant promotional content (where permitted and with consent where required)

Cookie Consent and Management

In jurisdictions requiring cookie consent (UK, EU, and certain other regions), we provide a cookie consent management tool upon your first visit. You can manage cookie preferences through:

• Our cookie preference center
• Browser settings (instructions available at aboutcookies.org)
• Mobile device settings for in-app tracking

Please note that disabling essential cookies may affect platform functionality and security. For detailed information, please see our separate Cookie Policy.

Our Services are not directed to children under the age of 16 (or under 13 in the United States under COPPA, or other applicable age thresholds in different jurisdictions). We do not knowingly collect personal information from children.

If we learn that we have collected personal information from a child in violation of this Policy, we will promptly take steps to delete the information and, where required by law, notify the parent or guardian. If you believe we have collected information from a child, please contact us immediately at privacy@zinancial.com.

The Services may integrate with or link to third-party applications, websites, or services (such as payment processors, accounting software, banking APIs, or social media platforms). These third parties have their own privacy policies and terms of service.

We are not responsible for the privacy or security practices of third parties. We recommend you review their policies before connecting or sharing data through integrations. When you authorize third-party integrations, you consent to data sharing as described in the integration authorization flow.

Consent and Opt-Out

We may send you marketing communications about our Services, new features, promotions, and related content. You can opt out at any time by:

• Clicking the unsubscribe link in emails
• Adjusting preferences in your account settings
• Contacting privacy@zinancial.com

Transactional Communications

You cannot opt out of service-related, transactional, or security communications (e.g., account notifications, payment confirmations, security alerts) as these are necessary for the Services.

Compliance with Marketing Laws

Our marketing practices comply with applicable laws including CAN-SPAM (US), CASL (Canada), PECR (UK), and ePrivacy Directive (EU).

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs. Material changes will be communicated through prominent notices on our website or within the Services.

Your continued use of the Services following changes constitutes acceptance of the updated Policy. The Effective Date at the top of this Policy indicates when it was last revised.

We encourage you to review this Privacy Policy periodically. For material changes affecting previously collected data, we will seek your consent where required by law.

General Privacy Inquiries

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact our Privacy Officer:

• Email: privacy@zinancial.com
• Address: [Complete Business Address - To Be Updated]
• Phone: [Contact Number - To Be Updated]

Supervisory Authority Complaints

You have the right to lodge a complaint with the relevant data protection supervisory authority:

• UK: Information Commissioner's Office (ICO) - www.ico.org.uk
• EU: Your national data protection authority - see https://edpb.europa.eu/
• Canada: Office of the Privacy Commissioner of Canada - www.priv.gc.ca
• Australia: Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au
• United States (California): California Attorney General - oag.ca.gov

We encourage you to contact us first so we can address your concerns directly.

Subject to the arbitration provisions below, you agree to the exclusive jurisdiction of the courts located in [Jurisdiction - To Be Updated] for resolving disputes.