Privacy policy

This policy explains how ZeniGrowth handles your personal data. It applies to the marketing site at zenigrowth.com and to ZeniGrowth workspaces hosted at <workspace>.zenigrowth.com.

Who we are

ZeniGrowth is operated by [Your company name], registered in [country] (company number [Companies House number]). Registered office: [address]. You can reach us at privacy@zenigrowth.com.

⚠️ Replace the bracketed placeholders above with your real company details before going live.

What we collect

Marketing site visitors

• Standard server logs (IP address, request URL, timestamp, user agent) for 30 days.
• A localStorage flag confirming you've seen our cookie banner. No tracking cookies.
• The contact / signup form fields you submit (name, email, company, workspace name, phone if provided).

Workspace users

• Account profile (name, email, role).
• Session cookie (HttpOnly, scoped to your workspace subdomain).
• Business data you create — leads, accounts, contacts, deals, quotes, contracts, invoices, payments.
• Audit log entries for every create / update / delete you perform.

Why we collect it

• To run the service you signed up for (contract).
• To respond to your enquiries and provide support (legitimate interest).
• To improve the product (legitimate interest, with all analysis on aggregated, anonymised data).
• To comply with UK tax + bookkeeping law (legal obligation).

Where we store it

All data is hosted on servers physically located in the United Kingdom. We don't transfer personal data outside the UK or EEA.

How long we keep it

• Marketing site logs: 30 days, then deleted.
• Trial signups not provisioned: 90 days, then deleted.
• Active workspaces: for as long as your account is active.
• Closed workspaces: 30 days after closure (for recovery), then permanently deleted.
• Audit logs: 6 years (UK tax record-keeping minimum).

Your rights under GDPR

You can ask us to:

• Show you a copy of the data we hold about you (subject access request).
• Correct anything that's wrong.
• Delete your data (right to be forgotten), subject to legal retention obligations.
• Export your data in a portable format (we provide CSV exports of every business object).
• Stop processing your data in specific ways.

Email privacy@zenigrowth.com for any of the above. We respond within 30 days.

Sub-processors

We use the following third-party services to operate ZeniGrowth:

• GoDaddy — hosting infrastructure (UK).
• [Your SMTP provider — SendGrid / Mailgun / etc.] — outbound transactional email.

Cookies

We use the smallest set of cookies that lets the service work:

• Session cookie for sign-in (workspace subdomain only, HttpOnly, SameSite=Lax).
• CSRF protection token (per session).
• Cookie-banner acknowledgement (stored in browser localStorage, not a cookie).

No advertising cookies. No third-party tracking.

Data Processing Agreement (DPA)

If you're a B2B customer who needs a signed DPA, email privacy@zenigrowth.com.

Changes to this policy

We'll post material changes on this page and update the "Last updated" date. For significant changes, registered users will receive an email notification.

Supervisory authority

You have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.