Privacy Policy

1. Introduction

Welcome to Zentic! The protection of your personal data is very important to us. This privacy policy informs you about how we collect, process and protect your personal data.

We are committed to the General Data Protection Regulation (GDPR) and other applicable data protection laws and treat your data with the utmost care.

Data Controller

Software Entwickler Nico Meyer (Einzelunternehmen)

Email: privacy@zentic.app

2. Definitions

Personal Data

Any information relating to an identified or identifiable natural person.

Processing

Any operation performed on personal data, whether or not by automated means.

Controller

The natural or legal person who alone or jointly determines the purposes and means of processing.

Processor

A natural or legal person who processes personal data on behalf of the controller.

Consent

Any freely given, specific, informed and unambiguous indication of the data subject's wishes.

Data Subject

An identified or identifiable natural person to whom the personal data relates.

Recipient

A natural or legal person to whom personal data are disclosed.

Third Country

A country outside the European Union or the European Economic Area.

3. Legal Basis for Processing

Consent (Art. 6(1)(a) GDPR)

You have consented to the processing.

Art. 6(1)(a) GDPR

Contract Performance (Art. 6(1)(b) GDPR)

Processing is necessary for the performance of a contract.

Art. 6(1)(b) GDPR

Legal Obligation (Art. 6(1)(c) GDPR)

Processing is necessary for compliance with a legal obligation.

Art. 6(1)(c) GDPR

Vital Interests (Art. 6(1)(d) GDPR)

Processing is necessary to protect vital interests.

Art. 6(1)(d) GDPR

Public Task (Art. 6(1)(e) GDPR)

Processing is necessary for the performance of a task in the public interest.

Art. 6(1)(e) GDPR

Legitimate Interests (Art. 6(1)(f) GDPR)

Processing is necessary for legitimate interests.

Art. 6(1)(f) GDPR

4. Data Processing

Account Data

Data Type	Purpose	Legal Basis	Retention Period
Email Address	Account management, authentication, communication	Contract Performance (Art. 6(1)(b) GDPR)	Until account deletion
Name	Personalization, communication	Contract Performance (Art. 6(1)(b) GDPR)	Until account deletion
Password Hash	Authentication and security	Contract Performance (Art. 6(1)(b) GDPR)	Until account deletion
Profile Information	Service personalization	Contract Performance (Art. 6(1)(b) GDPR)	Until account deletion

LinkedIn Integration

Data Type	Purpose	Legal Basis	Retention Period
LinkedIn Profile Data	Content creation and publishing	Consent (Art. 6(1)(a) GDPR)	Until consent withdrawal
LinkedIn Posts	Content management and analysis	Consent (Art. 6(1)(a) GDPR)	Until consent withdrawal
LinkedIn Connections	Network analysis and targeting	Consent (Art. 6(1)(a) GDPR)	Until consent withdrawal
OAuth Tokens	API access to LinkedIn	Consent (Art. 6(1)(a) GDPR)	Until consent withdrawal

Content Data

Data Type	Purpose	Legal Basis	Retention Period
Created Posts	Content management and publishing	Contract Performance (Art. 6(1)(b) GDPR)	Until user deletion
Drafts	Content management	Contract Performance (Art. 6(1)(b) GDPR)	Until user deletion
Uploaded Media	Content creation	Contract Performance (Art. 6(1)(b) GDPR)	Until user deletion
Content Analytics	Performance analysis and optimization	Legitimate Interests (Art. 6(1)(f) GDPR)	2 years

Payment Data

Data Type	Purpose	Legal Basis	Retention Period
Billing Address	Subscription management and invoicing	Contract Performance (Art. 6(1)(b) GDPR)	10 years (tax retention requirement)
Transaction Data	Payment processing and accounting	Contract Performance (Art. 6(1)(b) GDPR)	10 years (tax retention requirement)
Subscription Status	Service provision	Contract Performance (Art. 6(1)(b) GDPR)	Until subscription cancellation

Technical Data

Data Type	Purpose	Legal Basis	Retention Period
IP Address	Security, fraud prevention, geolocation	Legitimate Interests (Art. 6(1)(f) GDPR)	7 days
Device Information	Application optimization	Legitimate Interests (Art. 6(1)(f) GDPR)	1 year
Browser Information	Compatibility and security	Legitimate Interests (Art. 6(1)(f) GDPR)	1 year
Server Logs	Error diagnosis and security	Legitimate Interests (Art. 6(1)(f) GDPR)	30 days

Usage Data

Data Type	Purpose	Legal Basis	Retention Period
Usage Activities	Service improvement and personalization	Legitimate Interests (Art. 6(1)(f) GDPR)	2 years
User Preferences	Service personalization	Contract Performance (Art. 6(1)(b) GDPR)	Until account deletion
Performance Metrics	Service optimization	Legitimate Interests (Art. 6(1)(f) GDPR)	1 year

5. Third Parties and Data Transfers

Supabase

Database hosting, authentication and backend services

Company:Supabase Inc.

Location:USA

Safeguards:Standard Contractual Clauses, SOC 2 Type II

Social media integration and content publishing

Company:LinkedIn Corporation

Location:USA

Safeguards:Privacy Shield successor, Standard Contractual Clauses

Stripe

Payment processing and subscription management

Company:Stripe Inc.

Location:USA

Safeguards:PCI DSS Level 1, Standard Contractual Clauses

Sentry

Error monitoring and performance monitoring

Company:Functional Software Inc.

Location:USA

Safeguards:Standard Contractual Clauses, ISO 27001

OpenAI

AI-powered content generation

Company:OpenAI Inc.

Location:USA

Safeguards:Data Processing Agreement, Privacy Certifications

Redis

Caching and session management

Company:Redis Ltd.

Location:USA

Safeguards:Standard Contractual Clauses, SOC 2 Type II

Vercel

Hosting and deployment of the web application

Company:Vercel Inc.

Location:USA

Safeguards:Standard Contractual Clauses, ISO 27001

6. Cookies and Tracking Technologies

We use cookies and similar technologies to ensure the functionality of our website and improve your user experience.

Essential Cookies

These cookies are essential for the website to function and cannot be disabled.

Cookie Name	Purpose	Duration
session	Session management and authentication	Session
csrf	Cross-Site Request Forgery protection	Session
auth	Authentication status	7 days
i18n_redirected	Language preference storage	1 year

Functional Cookies

These cookies enable enhanced functionality and personalization.

Cookie Name	Purpose	Duration
preferences	Storage of user settings	1 year
language	Language selection	1 year
theme	Design preference	1 year

Analytics Cookies

These cookies help us understand and improve the use of our website.

Cookie Name	Purpose	Duration
_ga	privacy.cookies.types.analytics.cookies._ga.purpose	privacy.cookies.types.analytics.cookies._ga.duration
_gid	privacy.cookies.types.analytics.cookies._gid.purpose	privacy.cookies.types.analytics.cookies._gid.duration
_gat	privacy.cookies.types.analytics.cookies._gat.purpose	privacy.cookies.types.analytics.cookies._gat.duration
sentry	Error monitoring and performance tracking	1 year

Marketing Cookies

These cookies are used for marketing and advertising purposes.

Cookie Name	Purpose	Duration
linkedin_oauth	LinkedIn integration and remarketing	90 days
conversion	Conversion tracking	30 days

Cookie Management

You can manage your cookie settings through your browser:

Chrome: Settings > Advanced > Privacy and security > Cookies

Firefox: Settings > Privacy & Security > Cookies and Site Data

Safari: Settings > Privacy > Cookies and Website Data

Edge: Settings > Cookies and site permissions

7. Your Rights

As a data subject, you have various rights regarding your personal data:

Right of Access (Art. 15 GDPR)

You have the right to obtain information about your personal data.

Right to Rectification (Art. 16 GDPR)

You have the right to request correction of inaccurate personal data.

Right to Erasure (Art. 17 GDPR)

You have the right to request deletion of your personal data.

Right to Restriction (Art. 18 GDPR)

You have the right to request restriction of processing.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured format.

Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your data.

Right to Withdraw Consent

You have the right to withdraw given consent at any time.

Right to Complain (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority.

Exercising Your Rights

To exercise your rights, please contact us using the contact details provided below.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss or misuse.

Encryption

All data is encrypted both in transit and at rest.

Access Control

Strict access controls and authentication procedures protect against unauthorized access.

Monitoring

Continuous monitoring and logging of all system access.

Data Breaches

In the event of a data breach, we will notify you and the relevant authorities in accordance with legal requirements.

9. International Data Transfers

Some of our service providers are located outside the EU/EEA. We ensure appropriate safeguards are in place.

Safeguards

European Commission adequacy decisions
Standard Contractual Clauses (SCCs)
Certifications under recognized standards
Approved codes of conduct

10. Minors

Our service is not directed at persons under 16 years of age. We do not knowingly collect personal data from minors.

If you believe we have inadvertently collected data from a minor, please contact us immediately.

11. Changes to this Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements.

We will notify you of material changes by email or through our website.

12. Contact

Data Controller

Software Developer Nico Meyer (Sole Proprietorship)

Schloßstr. 15, 99991 Unstrut-Hainich, Germany

Email: privacy@zentic.app

Supervisory Authority

Federal Commissioner for Data Protection and Freedom of Information

Graurheindorfer Str. 153, 53117 Bonn

Website: www.bfdi.bund.de