Privacy Policy

1. Data Controller

ZentisLabs Ltd
Email: legal@zentislabs.com

The data controller responsible for processing your personal data on zentislabs.com is ZentisLabs Ltd (“we”, “us”, “our”). This policy explains what data we collect, why we collect it, and how you can exercise your rights.

2. Data We Collect

Account Data

• Email address provided during registration
• Username or display name
• Hashed password (we never store plaintext passwords)

Billing & Payment Data

• Payment method details processed via Stripe (we do not store full card numbers)
• Billing address (if provided)
• Transaction history, invoices, and subscription status

Usage Data

• Bandwidth consumption and API call volumes
• Proxy connection logs (timestamps, target ports — not target URLs)
• Dashboard activity and feature usage patterns

Technical Data

• IP address and approximate geolocation
• Browser type, operating system, device type
• Referral source and pages visited on our site
• Server access logs (retained for 90 days)

Support Data

• Messages, attachments, and metadata from support tickets
• Live-chat transcripts

3. Legal Basis for Processing

We process personal data on the following legal bases under the GDPR:

• Contract performance (Art. 6(1)(b)) — to create your account, deliver proxy/VPS services, and process payments.
• Legitimate interest (Art. 6(1)(f)) — fraud prevention, network security, service improvement, and essential analytics.
• Consent (Art. 6(1)(a)) — marketing emails, non-essential cookies, and optional analytics.
• Legal obligation (Art. 6(1)(c)) — tax records, anti-money-laundering, and lawful data-retention requirements.

4. Cookies & Tracking

Essential Cookies

Required for the website and dashboard to function — session tokens, CSRF protection, load-balancer affinity. These cannot be disabled. Legal basis: legitimate interest.

Functional Cookies

Remember your language, theme, and dashboard preferences. Legal basis: legitimate interest.

Analytics Cookies

With your consent, we use privacy-focused analytics to understand how visitors use our site. No cross-site tracking. You can withdraw consent at any time via the cookie banner or by emailing us. Legal basis: consent.

Marketing Cookies

Only set with explicit consent. Used for conversion tracking on advertising platforms. You can withdraw consent at any time. Legal basis: consent.

5. Payment Processing

Payments are processed by Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA). Stripe acts as an independent data controller for payment data and is certified under the EU–US Data Privacy Framework. We never receive or store complete credit/debit card numbers. For details, see Stripe's Privacy Policy.

6. Data Sharing & Third Parties

We do not sell your personal data. We share data only with:

• Stripe — payment processing
• Infrastructure providers — server hosting and CDN (data processed under strict DPAs)
• Support tools — helpdesk platform for ticket management
• Law enforcement — only when legally compelled by valid court order or subpoena

All sub-processors are bound by data processing agreements that meet GDPR requirements.

7. International Transfers

Some of our infrastructure and sub-processors are located outside the European Economic Area. Where personal data is transferred to a third country, we ensure appropriate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms.

8. Data Retention

• Account data — retained while your account is active; permanently deleted 30 days after account deletion.
• Server logs — retained for 90 days, then automatically purged.
• Invoices & billing — retained for 6–10 years as required by tax and commercial law.
• Support tickets — retained for 2 years after resolution, then anonymised or deleted.
• Marketing consent records — retained for as long as the consent is valid, plus 1 year.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights:

• Access (Art. 15) — request a copy of all personal data we hold about you.
• Rectification (Art. 16) — correct inaccurate or incomplete data.
• Erasure (Art. 17) — request deletion (“right to be forgotten”).
• Restriction (Art. 18) — limit processing in certain circumstances.
• Data portability (Art. 20) — receive your data in a structured, machine-readable format.
• Object (Art. 21) — object to processing based on legitimate interests or direct marketing.
• Withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting prior processing.

To exercise any right, email legal@zentislabs.com. We respond within 30 days.

10. Data Security

We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, regular security audits, and automated intrusion detection.

11. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

12. Complaints

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with a supervisory authority. For residents of the UK, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk. EU residents may contact their local data protection authority.

13. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a prominent notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.