Privacy Policy for ZentraSnap
Introduction
ZentraSnap (“we”, “us”, “our”) operates the ZentraSnap application, a specialized data-extraction tool designed for accountants and bookkeepers.
Because ZentraSnap provides a business-to-business (B2B) service dealing with sensitive financial documents, privacy is our top priority. We have engineered our application to perform data extraction using strict, privacy-first pipelines designed to prioritise data security, ensure GDPR compliance, and minimise data exposure.
1. Who we are
ZentraSnap is operated by Cristin Griu, trading as ZentraSnap, operating in Celbridge, Co. Kildare, Ireland.
If you have any questions about this Privacy Policy or our security practices, you can contact us directly at: cristingriu25@gmail.com
2. Your Data Responsibilities
Because ZentraSnap provides a tool that performs document extraction, your responsibilities are split into two categories:
We act as the Data Controller for your account and billing information.
You are responsible for ensuring you have the legal right and client consent to process any financial data you load into the application. All financial documents (Bank Statements, Invoices, and Receipts) are securely transmitted to our enterprise AI processor for extraction. We act strictly as a Data Processor for this information.
You are responsible for ensuring your own device, browser, and working environment are secure when using ZentraSnap.
3. Our Data Processing Architecture (Client Data)
To provide our core extraction service, you load documents containing third-party financial data into our app. We route this data through a highly secure, enterprise-grade AI pipeline:
Cloud AI Processing & Security Logging
- When you extract data from any document (Bank Statements, Invoices, or Receipts), it is securely transmitted via API to Google for text extraction.
- We utilize the paid tier of Google Generative AI. Google acts strictly as a sub-processor and does not use your data to train their AI models.
- Security Logging via Google AI Studio: To protect our systems against abuse, fraud, and malicious activity, logs of the AI inputs are saved directly by our provider within Google AI Studio. These logs are strictly access-controlled, used exclusively for security auditing, and are not stored on ZentraSnap's proprietary databases.
4. What information we collect
We collect necessary information to operate your ZentraSnap account, manage your subscription, and secure our platform:
- First and last name
- Email address
- User ID
- Billing and subscription status
- Authentication-related data
- App preferences and settings
- Support data (if you contact us)
- AI Input Logs (stored securely via Google AI Studio)
Third-Party Authentication (Google OAuth):If you choose to register or log in using a third-party identity provider such as Google, we will receive basic account information from that provider (such as your name, email address, and profile picture) strictly for the purpose of creating, authenticating, and managing your ZentraSnap account.
5. How we use your Data
We use your data strictly to:
- ●Allow you to create an account, log in, and manage your subscription.
- ●Provide the core AI extraction functionality of the app.
- ●Monitor system security, prevent abuse, and maintain the integrity of our AI pipelines via Google AI Studio security logs.
- ●Respond to customer support requests.
We respect your privacy. We do not use Google Analytics, tracking pixels, or intrusive marketing cookies to track your behavior across our website. We only use "strictly necessary" cookies required for the application to function securely (such as those used by Clerk for authentication and Stripe for payment security). Because these are essential to provide the service, they do not require user consent under ePrivacy rules.
We use Vercel Analytics to monitor and improve the performance of our website. Vercel Analytics collects anonymized usage data, such as page views, referring websites, and browser types. This service is designed to be privacy-first and GDPR-compliant; it does not use tracking cookies to follow you across the internet, and your IP address is anonymized before any data is stored.
6. Legal basis for processing
Under the GDPR, we process your data under the following lawful bases:
Processing is necessary to provide the ZentraSnap service to you under our Terms of Service (e.g., maintaining your account login and processing documents).
For maintaining the security and stability of our application, including the retention of AI input logs by Google AI Studio to detect, prevent, and investigate fraud or system abuse.
7. Third-party services
To run our application, we rely on a minimal number of trusted third-party services. These providers only process data as necessary to provide their services:
Provides our user authentication, account management, and secure payment processing.
Hosts our secure application infrastructure and ensures the website is served over an encrypted connection (HTTPS/SSL).
Used for AI data extraction from all financial documents. Google AI Studio also securely retains input logs for abuse monitoring. Google acts strictly as a Data Processor.
Used for API rate-limiting to prevent system abuse. Processes basic identifiers (like anonymized User IDs).
These providers may process data on infrastructure located in different countries, including the United States, outside the European Economic Area (EEA). Where this occurs, we ensure appropriate legal safeguards are in place to protect your data, such as ensuring our providers use Standard Contractual Clauses (SCCs) or are certified under the EU-U.S. Data Privacy Framework.
8. Data retention
Retained for as long as your account is active. If you delete your ZentraSnap account, your account data will be removed from our active systems.
To comply with data minimization principles, logs of documents sent to the AI are retained by Google AI Studio strictly for security and abuse monitoring purposes. These logs are automatically deleted in accordance with Google's standard data retention policies for API abuse monitoring.
9. Security
All data transmitted between your browser and our application (including API requests and AI logs) is encrypted in transit and at rest using industry-standard TLS/SSL. We rely on Clerk to safely secure your login credentials and billing information; ZentraSnap does not store passwords or credit card numbers on our own systems. Access to Google AI Studio security logs is strictly restricted to authorized personnel only.
10. Your Rights
Under the General Data Protection Regulation (GDPR), you have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Restrict processing of your data
- Object to certain processing
- Request a copy of your data (Data Portability)
To exercise these rights regarding your Account Data, please contact us at cristingriu25@gmail.com.
You also have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland if you believe we have handled your data incorrectly.
Our standard Data Processing Agreement, which governs the processing of your clients' financial data, is incorporated into our Terms of Service and can be viewed at /DPA.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If significant changes are made, we will update the effective date above.
12. Contact
If you have any questions or concerns about this Privacy Policy, please contact: