Privacy Policy
Last updated: [DATE PLACEHOLDER]
1. Who We Are
This privacy policy is issued by Zeno Venture Private Limited, a company registered in India.
Registered Office: A-103, iThum, Sector 62, Noida, Uttar Pradesh 201309, India.
Email: [email protected]
We operate the marketing website zenolegacy.com and the application platform my.zenolegacy.com.
2. What This Policy Covers
This policy explains what personal data we collect, why we collect it, how it is stored and protected, and your rights under the Digital Personal Data Protection (DPDP) Act, 2023.
3. Data We Collect
3.1 Identity & Contact Data
Full name, email address, phone number, and date of birth.
3.2 Sensitive Personal Data
Religion (collected solely for determining the applicable succession law framework), PAN (last 4 digits only). We do not collect or store full Aadhaar numbers.
3.3 Family & Estate Data
Family structure and relationships, special needs status of beneficiaries, executor details, and witness details.
3.4 Asset Data
Asset class and type, institution name, approximate values, last 4 digits of account or folio numbers only, and nominee information.
3.5 Payment Data
Payment processing is handled by our third-party payment provider (Razorpay). We do not store credit card numbers, debit card numbers, or full bank account details on our servers.
3.6 Usage Data
Pages visited, features used, and device information. We use Cloudflare Web Analytics, which is privacy-focused and does not use cookies or collect personal identifiers.
3.7 Communications Data
Support emails, feedback submissions, and any correspondence you send to us.
4. Why We Collect Your Data
| Data | Purpose | Legal Basis |
|---|---|---|
| Identity & contact | Account creation and authentication | Performance of contract |
| Religion | Determine applicable succession law for Will template | Explicit consent |
| Government IDs (last 4 digits) | Identity verification | Legitimate interest + consent |
| Family data | Will generation and estate planning | Performance of contract |
| Asset data | Asset Vault storage and Nomination Audit | Performance of contract |
| Payment data | Process subscription payments | Performance of contract |
| Usage data | Product improvement and analytics | Legitimate interest |
5. How We Use Your Data
We use your personal data to:
- Create and manage your ZenoLegacy account
- Generate your Will based on applicable Indian succession laws
- Store and organise your assets in the Asset Vault
- Run Nomination Audits to identify mismatches
- Process subscription payments
- Send transactional emails (account verification, password resets, Will updates)
- Provide customer support
- Improve our product and fix issues
We do not:
- Sell your personal data to any third party
- Use your data for advertising profiling
- Share your estate data with anyone without your explicit instruction
- Use your religion data for any purpose other than determining the applicable succession law framework
6. Who We Share Your Data With
We share data only with the following categories of recipients:
- Service providers: Cloudflare (hosting and analytics), Resend/Mailchannels (transactional email), Razorpay (payment processing), and legal review partners (under NDA for Will verification).
- Law enforcement: Only in response to a valid court order or legal process as required under Indian law.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. You will be notified of any such change.
- Partners: For referral attribution purposes only, we share your name and signup status with referring partners. No estate, asset, or sensitive data is shared.
We do not share your data with any other third parties.
7. Storage & Security
- All infrastructure is hosted on Cloudflare (Workers, D1, R2).
- Data at rest is encrypted with AES-256.
- Data in transit is protected with TLS 1.3.
- Documents stored in R2 are accessible only via signed URLs with a 1-hour expiry.
- OTPs are hashed before storage and are never stored in plain text.
- We conduct quarterly security reviews of our infrastructure and access controls.
- In the event of a data breach, we will notify affected users within 72 hours as required under the DPDP Act, 2023.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | 3 years after account deletion |
| Will & estate documents | 7 years |
| Asset Vault data | 3 years after account deletion |
| Payment records | 7 years |
| Usage data | 90 days |
| OTP codes | 24 hours |
| Support correspondence | 3 years |
9. Your Rights Under the DPDP Act, 2023
As a data principal under the Digital Personal Data Protection Act, 2023, you have the right to:
- Access: Request a summary of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data, subject to legal retention requirements.
- Grievance redressal: Lodge a complaint about how your data is being processed.
- Nominate: Nominate another individual to exercise your rights on your behalf in the event of your death or incapacity.
To exercise any of these rights, email us at [email protected] with the subject line "Privacy Request — [Your Name]".
We will respond within 30 days of receiving your request.
10. Sensitive Data — Special Notice
We collect religion data solely for the purpose of determining which succession law framework (Hindu Succession Act, Indian Succession Act, Muslim Personal Law, etc.) applies to your Will. This data is not used for any other purpose and is not shared with any third party.
11. Children
ZenoLegacy is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will delete it promptly.
12. Cookies
Marketing site (zenolegacy.com): We do not use cookies. Our analytics provider (Cloudflare Web Analytics) is cookie-free and does not track individual users.
Application (my.zenolegacy.com): We use a single httpOnly, SameSite=Strict session cookie for authentication. This cookie is essential for the application to function and cannot be opted out of.
13. Changes to This Policy
When we update this policy, we will revise the "Last updated" date at the top of this page. For material changes, we will notify you by email and display a notice banner on the platform for 30 days.
14. Contact & Grievance Officer
Zeno Venture Private Limited
A-103, iThum, Sector 62, Noida, Uttar Pradesh 201309, India
Data Protection Officer: [NAME PLACEHOLDER]
Email: [email protected]
We will respond to all privacy-related queries and complaints within 30 days.
If you are unsatisfied with our response, you may escalate your complaint to the Data Protection Board of India as established under the DPDP Act, 2023.