Legal
Privacy Policy
Last updated: 18 May 2026
This policy explains what personal data Zentria collects, why we collect it, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR).
1. Who we are
Zentria is a CRM service operated by:
Happy Cloud Studio Sp. z o.o.Ul. Grzybowska 87
00-844 Warszawa, Poland
NIP: 5272786566
Email: zentriacrm@happycloudstudio.com
Happy Cloud Studio Sp. z o.o. is the data controller for personal data we collect about you as a Zentria user (your account, billing, support correspondence, and similar). For personal data that you upload into your workspace (your own customers, contacts, deals, and notes), we act as a data processor on your behalf and you remain the controller. The terms governing that relationship are set out in our Data Processing Agreement.
Privacy contact: Franco Toccu, reachable at zentriacrm@happycloudstudio.com.
2. Scope of this policy
This policy applies to:
- Visitors to zentriacrm.com and its subdomains.
- Users who create a Zentria account at app.zentriacrm.com.
- People who contact us through the website form or by email.
It does not apply to third-party websites you reach through links from Zentria. Those have their own policies.
3. Information we collect
3.1 Account information
When you create an account: your name, email address, hashed password, language preference, and the role you hold in your workspace (Owner or Sales Rep). When an Owner invites a colleague, the same information is collected for that colleague.
3.2 Workspace content
The CRM data you choose to enter: your customers' contact details, deals, notes, tasks, attachments, and any tags or comments you write. We process this on your instructions as part of providing the service. You own it; we do not use it for any other purpose.
3.3 Usage and technical data
Standard server logs collected automatically: IP address, browser type, pages requested, and timestamps. We use this for security, abuse prevention, and to keep the service running. Logs are retained for up to 90 days.
3.4 Communications
If you write to us (support email, contact form, replies to product emails), we keep the message and our reply so we can follow up and improve the service.
3.5 Billing information
Once paid plans launch, billing details (company name, billing address, VAT number, invoice history) will be collected. Card and bank details are handled by our payment processor and never reach our servers.
3.6 Cookies
We use a small number of cookies, all strictly necessary to keep you signed in and to remember your language preference. See our Cookies notice for the full list.
4. Why we use your data, and on what legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide the Zentria service to you and your team | Performance of a contract (Art. 6(1)(b)) |
| Keep the service secure and prevent abuse | Legitimate interest (Art. 6(1)(f)) |
| Send transactional emails (signup confirmation, password reset, invoice, service notices) | Performance of a contract (Art. 6(1)(b)) |
| Issue invoices and keep tax records | Legal obligation (Art. 6(1)(c)), Polish Accounting Act |
| Respond to your support requests | Legitimate interest (Art. 6(1)(f)) |
| Send product news or offers (if and when we add this) | Consent (Art. 6(1)(a)), opt-in only |
We do not sell your data, we do not share it with advertisers, and we do not profile you or run automated decisions that produce legal effects.
5. How long we keep it
- Account data: for as long as your workspace is active. If you delete your workspace, account data is soft-deleted immediately and hard-purged after a 30-day grace period.
- Workspace content (contacts, deals, notes): retained until you delete it from within the app, or until the workspace is purged.
- Server logs: up to 90 days.
- Backups: rotated within 30 days. Deleted data may persist in backups for up to that window.
- Invoices and tax records: 5 years from the end of the year in which the invoice was issued, as required by Polish law.
- Support correspondence: up to 2 years after the last message in a thread.
6. Who we share it with
We use a small number of trusted service providers (sub-processors) to operate Zentria. Each is bound by a written data processing agreement and processes data only on our instructions.
| Provider | Purpose | Location of processing |
|---|---|---|
| Supabase Inc. | Database, authentication, file storage | Frankfurt, Germany (EU) |
| Cloudflare, Inc. | Web hosting, CDN, application edge runtime, DDoS protection | Global edge network, configured for EU data residency where supported |
| Formspree, Inc. | Delivery of messages sent through our website contact form | United States |
Planned additions, which will be reflected here before they go live:
- Brevo (Sendinblue SAS): transactional email delivery (signup confirmation, password reset, invoices, account notices). France, EU.
- Revolut Bank UAB: payment processing for paid subscriptions. Lithuania, EU.
We do not share your personal data with any third party for their own marketing purposes.
7. International data transfers
Your data is primarily processed within the European Economic Area (EEA). Some of our sub-processors are based in the United States (Cloudflare, Formspree, and Supabase as a corporate entity). For any transfer of personal data outside the EEA, we rely on the European Commission's Standard Contractual Clauses and, where appropriate, on adequacy decisions and supplementary technical measures, as required by Chapter V of the GDPR.
8. Your rights
Under the GDPR you have the following rights regarding your personal data:
- Access (Art. 15): obtain a copy of the personal data we hold about you.
- Rectification (Art. 16): correct inaccurate or incomplete data. Most fields can be edited directly inside the app.
- Erasure (Art. 17): ask us to delete your personal data. Account holders can delete their workspace from Settings; for any other erasure request, write to us.
- Restriction (Art. 18): ask us to limit processing of your data in certain circumstances.
- Portability (Art. 20): receive your workspace contents in a machine-readable format. A self-service export is available from Settings.
- Objection (Art. 21): object to processing based on legitimate interest.
- Withdraw consent (Art. 7): where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of past processing.
- Not be subject to automated decision-making (Art. 22): we do not perform any such decision-making.
To exercise any of these rights, email zentriacrm@happycloudstudio.com. We will respond within one month, as required by the GDPR. We may extend this by up to two further months for complex requests, in which case we will tell you within the first month.
9. Security
We take security seriously. Measures we apply include:
- Encryption in transit (HTTPS/TLS) on all connections.
- Encryption at rest for the database and file storage at our infrastructure providers.
- Passwords stored as salted hashes, never in plain text.
- Role-based access control inside the application (Owner, Sales Rep, Superuser).
- Row-level security policies in the database so workspaces cannot read each other's data.
- Regular backups and tested restore procedures.
- Principle of least privilege for staff access to production systems.
No system is perfectly secure. If you believe an account has been compromised, contact us immediately.
10. Children
Zentria is a business tool. It is not intended for children. By creating an account you confirm you are at least 18 years old and acting on behalf of a business.
11. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. For material changes, we will notify you by email or through the app before they take effect.
12. Complaints
We hope you will come to us first so we can put things right. You also have the right to lodge a complaint with the Polish Data Protection Authority:
Urząd Ochrony Danych Osobowych (UODO)ul. Stawki 2
00-193 Warszawa, Poland
Web: uodo.gov.pl
If you reside in another EU country, you may also complain to the supervisory authority of your country of residence.
13. Contact
Questions about this policy or about how we handle your data:
Happy Cloud Studio Sp. z o.o.Ul. Grzybowska 87, 00-844 Warszawa, Poland
Privacy contact: Franco Toccu
Email: zentriacrm@happycloudstudio.com