← Back

Privacy Policy

Last updated: 29 April 2026

Beta-period notice: Zennic is in active development. This policy describes how we handle data today; we'll re-issue and notify users materially before any change.

1. Who we are

Zennic ("we", "us") provides a project-management tool for kitchen designers, contractors and their clients at zennic.dev. We are the data controller for personal data processed through the service. For any questions about this policy, email hello@zennic.dev.

2. What information we collect

We collect only the information needed to operate the service:

  • Account information — email address, name, role (designer / contractor / manager / client), and a hashed password. Provided by you or by the team member who invited you.
  • Project data — project titles, addresses, costs, deposit status, milestone schedules, photos, documents and team messages. Created and uploaded by you and your collaborators on the platform.
  • Usage data — anonymised activity logs (which actions were taken on a project), error reports (technical metadata about JavaScript errors, no message content), and standard server logs (IP address, user-agent, timestamp).

We do not collect special-category data (race, health, biometrics etc.). We do not run advertising trackers. We do not sell data.

3. How we use your information

  • To provide the service: showing you your projects, sending invite emails, generating signed download URLs for files.
  • To secure the service: detecting abuse, enforcing rate limits, investigating bugs.
  • To communicate operationally: invitations, password resets, notifications about your projects.
  • To improve the service: aggregated, non-personal usage analysis.

4. Legal basis for processing (UK / EU GDPR)

  • Contract — most processing is necessary to provide you the service you've signed up for.
  • Legitimate interest — securing the service, preventing abuse, technical error logging.
  • Consent — for any communication outside what's needed to operate your account (we don't currently send any).

5. Who we share information with

We use the following sub-processors. Each has its own privacy policy and processes data on our behalf under data-processing agreements:

  • Supabase — database, authentication and file storage. Data hosted in the UK / EU region.
  • Cloudflare — application hosting and content delivery. Edge servers worldwide; primary processing in the UK / EU.
  • Sentry — error and performance tracking. Hosted in the EU (Frankfurt).
  • Resend — outbound email delivery (invitations, password resets).

We don't share personal data with anyone else except where required by law (e.g. court order, lawful police request).

6. International data transfers

Personal data is stored primarily in the UK and EU. Some sub-processors (Cloudflare, Sentry) may route through other jurisdictions for technical operation; transfers happen under appropriate safeguards (Standard Contractual Clauses, UK International Data Transfer Addendum, or adequacy decisions).

7. How long we keep your information

  • Account and project data: retained while your account is active.
  • If you delete your account: project data is deleted within 30 days, except where we're legally required to retain it (e.g. for tax or fraud-prevention).
  • Server logs and error reports: 30 days.
  • Backups: up to 7 days for daily snapshots.

8. Your rights

Under UK and EU GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion ("right to erasure")
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent (where processing relies on consent)

To exercise any of these, email hello@zennic.dev. We'll respond within one month.

If you're unhappy with our response, you can complain to the UK Information Commissioner's Office at ico.org.uk or your local EU data protection authority.

9. Cookies

We use only strictly-necessary cookies — those required to keep you signed in (Supabase auth tokens) and to remember the staff "view-as" preview state. We do not use analytics, advertising or tracking cookies, so no cookie banner is required under PECR / ePrivacy.

10. Security

Data is encrypted in transit (TLS) and at rest. Access is restricted by row-level security policies on a per-user basis. Passwords are hashed with bcrypt by our authentication provider. File uploads are served via short-lived signed URLs.

11. Changes to this policy

We'll update this page when we change how we handle data. For material changes (new sub-processors, new categories of data) we'll email all active users at least 14 days before the change takes effect.

12. Contact

Questions, requests, or complaints: hello@zennic.dev.