ZELICRA

Effective Date: March 26, 2026 · Last Updated: March 26, 2026

1. Information We Collect

We collect the following types of information when you use the Zelicra platform:

• Account Information: Full name, email address, company name, company name (Arabic), phone number (optional), and password (stored as a bcrypt hash — we never store plaintext passwords)
• Business Data: Product listings, orders, returns, complaints, influencer records, influencer campaigns, contracts, invoices, and compliance checklist status that you enter into the platform
• Usage Data: Login timestamps, IP addresses, and basic session data for security and audit purposes

2. Why We Collect Your Data

We collect and process your data solely to:

• Provide and operate the Zelicra compliance management service
• Send essential service communications (account verification, security alerts, password resets)
• Generate compliance reports, analytics, and invoices for your account
• Improve the platform and develop new features
• Detect and prevent fraud or abuse

We do NOT sell, rent, or share your personal data or business data with third parties for marketing or advertising purposes. We do NOT use your data for advertising of any kind.

3. Data Storage Location

All data is stored on a dedicated server located in Helsinki, Finland (European Union), provided by Hetzner Online GmbH. Finland is a member of the European Union and subject to the General Data Protection Regulation (GDPR), providing strong data protection standards.

By registering for and using Zelicra, you consent to the storage and processing of your data in the EU.

4. GDPR Compliance & Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access: Request a copy of all personal data we hold about you
• Right to Rectification: Update or correct inaccurate data through your account settings or by contacting us
• Right to Erasure: Request permanent deletion of your account and all associated data
• Right to Data Portability: Download your data in a machine-readable format (JSON) via the Data & Export settings page
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Object: Object to processing of your data for specific purposes

To exercise any of these rights, contact us at salvuspaul.dev@gmail.com. We will respond within 30 days.

5. Data Retention

Your data is retained based on your subscription tier:

• Free: 1 year from last activity
• Starter: 2 years
• Professional: 3 years
• Enterprise: 5 years

Upon account deletion or termination, your data will be retained for 30 days to allow for recovery, after which it is permanently and irreversibly deleted from our servers and backups.

6. Cookies

Zelicra uses only essential session cookies required for authentication and security (CSRF protection). We do not use:

• Tracking cookies
• Analytics cookies
• Third-party advertising cookies
• Social media tracking pixels

Since we only use strictly necessary cookies, no cookie consent banner is required.

7. Third-Party Data Processors

We use the following third-party services that may process limited data on our behalf:

• Resend.com: Transactional email delivery (EU region) — processes email addresses for delivery of verification emails, password resets, and notifications
• Hetzner Online GmbH: Server hosting (Helsinki, Finland, EU) — provides the physical infrastructure where all data is stored

Both processors operate within the European Union and are subject to GDPR requirements.

8. Security Measures

We implement the following technical and organizational measures to protect your data:

• Encryption in Transit: 256-bit SSL/TLS encryption on all connections
• Password Security: bcrypt hashing with appropriate cost factor
• CSRF Protection: Token-based protection on all forms
• Backups: Nightly automated backups with 14-day retention
• Access Control: Role-based access control with tenant isolation
• Audit Logging: All sensitive actions are logged with timestamps and IP addresses

9. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users within 72 hours of discovering the breach, as required by GDPR Article 33. The notification will include the nature of the breach, the data affected, and the measures taken to address it.

10. Children's Privacy

The Zelicra platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

11. Data Export

You may request a full export of all your data at any time through the Data & Export page in your account settings. Exports are provided in JSON format and include all business data, team members, and account information associated with your tenant.

12. Account Deletion

You may request account deletion by contacting us at salvuspaul.dev@gmail.com. Account deletion requests are processed within 30 days. All associated data, including business records, team members, and uploaded files, will be permanently deleted.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days in advance via email. The “Last Updated” date at the top of this page reflects the most recent revision.

14. Data Protection Officer

For privacy-related questions, concerns, or data requests, contact our Data Protection Officer:

• Email: salvuspaul.dev@gmail.com
• WhatsApp: +91 799 424 8385