Privacy Policy

Last Updated: May 18, 2026

We at Zensus Inc. (together with our affiliates, "Zensus," "we," "our," or "us") respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Data that we collect from or about you when you use our website at https://zensus.app and related services (collectively, "Services").

Zensus is a B2B SaaS platform that helps businesses manage their cash flow and runway through financial forecasting and scenario analysis tools. We are committed to transparency about how we collect, use, and protect your information.

Contact Information:
Zensus Inc.
Email: hello@zensus.app
Website: https://zensus.app

1. Personal Data We Collect

We collect Personal Data about you when you use our Services. "Personal Data" means information that identifies, relates to, describes, or is reasonably capable of being associated with you. The categories of Personal Data we collect depend on how you interact with our Services.

1.1 Account Information

When you create an account, we collect:

Via Email Sign-In (Magic Link):

Email address

Via Google OAuth or Sign in with Apple:

Email address (or Apple-relay address for Sign in with Apple)
Full name (if provided by the identity provider)
Profile picture URL (if provided by the identity provider)
Provider subject identifier

Account Data Stored:

User ID (unique identifier)
Email address
Full name (optional)
Avatar URL (optional)

1.2 Financial Data You Provide

When you use our runway calculator or forecast features, we process:

Runway Calculator Inputs:

Current cash balance
Monthly revenue
Expense categories (payroll, rent, software, marketing, etc.)

Forecast File Uploads:

Excel/CSV files containing financial data
Extracted data: cash balances, revenue streams, expenses, period data

QuickBooks Integration (Optional):

Financial data synced from your QuickBooks account (only with your explicit authorization)
You can disconnect QuickBooks at any time

Bank Account Integration via Plaid (Optional):

If you connect your bank account, we use Plaid Technologies, Inc. to link your financial institution
Data synced includes: account names, account types, last 4 digits of account number, and transaction history (dates, amounts, merchant names, and categories)
Bank account credentials are never stored by Zensus; they are handled directly and securely by Plaid
Plaid's privacy policy applies to data collected during bank linking: https://plaid.com/legal/#consumers
You can disconnect your bank account at any time from your account settings

HubSpot CRM Integration (Optional):

If you connect HubSpot, we sync contacts, companies, line items, invoices, and subscriptions from your CRM
Used to project recurring billing into your runway forecast
You can disconnect HubSpot at any time from your account settings

Slack Workspace Integration (Optional):

If you connect Slack, we store OAuth tokens (encrypted at rest), the channel IDs you select for alert delivery, and the contents of alert messages we send to your workspace
Alert message contents are aggregated cash-flow signals; we do not send transaction-level data to Slack

Data Processing Note:

Financial data you upload is processed to generate forecasts and runway calculations. We do not share your raw financial data with third parties except as described in Section 3 (Service Providers). Your uploaded files are processed and the extracted data is used only to provide the Services you request. Your data is never used to train an AI model.

1.3 Information Collected Automatically

When you use our Services, we automatically collect:

Server-side Operational Telemetry:

Request logs (path, status code, timing) retained for operational and security purposes
Application logs containing user IDs and request paths (via AWS CloudWatch)
Marketing-site request and performance metrics via Vercel hosting

Technical Information:

Browser type and version
IP address (used for general geographic location and abuse prevention; on integration connect we run a server-side IP geolocation / VPN-proxy check via ipapi.co)
Time zone
Referral sources

Marketing-site Sales Intelligence:

On the public marketing site at zensus.app, we run Apollo.io's website tracker. Apollo performs reverse-IP lookups against its business database to identify the company an anonymous visitor's IP is associated with; it does not identify the individual visitor
This only runs on the marketing site, not inside the authenticated product app

Support-form Bot Protection:

When you submit the contact form on our support page (zensus.app/support), we use Cloudflare Turnstile to confirm the submission is not automated. Turnstile runs invisibly and may collect your IP address, user-agent, and a verification token to make that determination. It protects the form from spam and abuse and does not track you across sites. See Cloudflare's Turnstile Privacy Addendum.

1.4 Payment Information

When you subscribe to our paid services:

Payment card information is processed by Stripe; full card numbers never reach Zensus
Billing email address
Stripe customer ID and subscription / price IDs
Subscription status (active, paused, canceled)
Transaction history

See Stripe's Privacy Policy for details on how they handle payment data.

1.5 Cookies and Local Storage

We use cookies and browser storage for:

Essential Cookies: Authentication session management (httpOnly, secure)
Local Storage: Runway calculator state (persisted locally for convenience)

We do not currently use third-party analytics cookies on the product app. Product telemetry is server-side via AWS CloudWatch. You can control cookies through your browser settings; disabling essential cookies will prevent you from using authenticated features.

2. How We Use Personal Data

We use the Personal Data we collect for the following purposes:

2.1 To Provide Our Services

Create, maintain, and authenticate your account
Process your financial data to generate runway calculations and forecasts
Enable AI-powered scenario analysis using your financial data
Store and retrieve your runway snapshots
Sync data from QuickBooks, HubSpot, Plaid, or Slack (if you connect them)

2.2 To Improve Our Services

Analyze usage patterns to enhance user experience
Identify and fix bugs and performance issues
Develop new features based on user needs
Generate aggregated, de-identified statistics

Your data is never used to train an AI model. Our AI scenario analysis runs inference on Claude models hosted on AWS Bedrock under our AWS account; in that configuration Anthropic does not access the data we send to Bedrock for inference.

2.3 To Communicate With You

Send service-related notifications and updates
Respond to your questions and support requests
Notify you of changes to our Services, policies, or terms
Send marketing communications (with your consent; you may opt out at any time)

2.4 To Process Payments

Process subscription payments via Stripe
Manage billing and invoicing
Handle subscription changes and refund requests

2.5 For Security and Legal Compliance

Detect and prevent fraud and security incidents
Enforce our Terms of Service
Comply with legal obligations
Protect our rights, property, and safety

2.6 Legal Basis for Processing (for EEA/UK users)

If you are located in the European Economic Area or United Kingdom, we process your Personal Data based on:

Contractual Necessity: To provide the Services you've requested
Legitimate Interests: To improve our Services and ensure security
Consent: For marketing communications
Legal Obligation: To comply with applicable laws

3. Disclosure of Personal Data

We do not sell your Personal Data. We share your data with third parties only as described below:

3.1 Service Providers (Subprocessors)

The principal third-party services we use to operate Zensus are listed below. For the complete and current list, including data shared and country of processing for each, see our public subprocessor page at https://zensus.app/subprocessors.

Amazon Web Services (AWS)

Cloud infrastructure, database hosting (RDS Postgres), transactional email (SES), application logs (CloudWatch), and product app hosting (Amplify/CloudFront).

AWS Bedrock (Claude models)

AI-powered scenario analysis. Your financial context (cash, MRR, expenses, transaction descriptors and amounts) is sent to Claude models running on Bedrock inside our AWS account. In this configuration, Anthropic (the maker of the Claude models) does not access the data we send to Bedrock.

Supabase

User authentication and session management, including magic-link sign-in and administrative impersonation token minting.

Plaid Inc. (Optional)

If you connect your bank account, we use Plaid to link your financial institution and sync transaction data. We do not store your bank login credentials. See Plaid's Privacy Policy.

Intuit QuickBooks (Optional)

If you connect QuickBooks, we sync financial data (purchases, bills, payments, invoices, P&L, Balance Sheet) from your account. You can disconnect at any time.

HubSpot Inc. (Optional)

If you connect HubSpot, we sync contacts, companies, invoices, and subscriptions to project recurring billing into your runway forecast.

Slack Technologies LLC (Optional)

If you connect Slack, we deliver cash-flow alerts to the channels you select. We store an encrypted workspace OAuth token.

Stripe Inc.

Subscription billing, webhooks, and customer portal. Card data stays at Stripe and never reaches Zensus. See Stripe's Privacy Policy.

Vercel Inc.

Hosting for our marketing site at zensus.app.

Apollo.io

Reverse-IP sales intelligence on the marketing site only (not the product app). Apollo identifies the company an anonymous visitor's IP is associated with for outbound sales.

Additional subprocessors used in narrower contexts (federated identity providers, web fonts, voice transcription for the voice agent, IP geolocation, etc.) are enumerated on the subprocessors page. All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your Personal Data may be transferred. We will notify you of any such change.

3.3 Legal Requirements

We may disclose Personal Data if required by law or to:

Comply with legal obligations or court orders
Enforce our Terms of Service
Protect the rights and safety of Zensus and our users
Detect and prevent fraud

3.4 With Your Consent

We may share your Personal Data with third parties when you explicitly consent, such as when you connect QuickBooks, HubSpot, Plaid, or Slack.

3.5 Aggregated Data

We may share aggregated, de-identified data that cannot identify you for research, analytics, or business purposes.

4. Data Retention

We retain your Personal Data for as long as necessary to provide the Services, comply with legal obligations, and enforce our agreements.

Account Data:

Retained while your account is active plus 90 days after closure (unless you request immediate deletion)

Financial Data (Uploads, Calculations, Synced Transactions):

Retained while your account is active. You may request deletion at any time.

Integration Tokens (Plaid, QuickBooks, HubSpot, Slack):

Stored encrypted at rest while the integration is connected. Deleted on disconnect or account closure.

Runway Snapshots:

Retained while your account is active for historical tracking

Payment Records:

Transaction records retained for 7 years for tax and accounting purposes

Administrative-Access Audit Records:

Identifying fields (your email, IP, user agent, and any free-text reason) are automatically redacted 24 months after the access event. The non-identifying audit metadata (admin email, timestamps, session outcome) is retained as a permanent security record. See § 4.2 below.

Server Logs and Telemetry:

Typically retained for 30–90 days for operational and security purposes.

Local Storage (Browser):

Runway calculator state persists locally until you clear browser data or sign out

4.1 Data Deletion

When you request deletion or close your account:

We securely delete or anonymize your data
Service providers are instructed to delete your data
Some data may be retained for legal or regulatory purposes (e.g., payment records for tax)
Backup copies may persist for a limited period

4.2 Administrative Access to Your Account

A small number of authorized Zensus employees can access user accounts to provide support, investigate incidents, or comply with legal process. Every such access is recorded in an append-only audit log capturing the admin's identity, the time of access, the originating IP and user agent, and a stated reason. Administrative access requires a second authentication factor (TOTP) and is rate-limited.

To balance our duty to maintain a durable security record with your right to data minimization, the user-identifying fields on each audit record (your email, the IP it was accessed from, the user agent, and the free-text reason) are automatically redacted by a scheduled job 24 months after the access event. The structural metadata (admin email, timestamps, session outcome) is retained as a permanent security record.

5. Your Rights

Depending on your location, you may have certain rights regarding your Personal Data. We honor these rights regardless of your location.

5.1 Access and Portability

Right to Access: Request a copy of the Personal Data we hold about you
Right to Data Portability: Request your data in a structured, machine-readable format

Authenticated Zensus users can export their personal data in JSON form from the product app at app.zensus.app. We may also fulfill access and portability requests by email (see § 5.5).

5.2 Correction and Deletion

Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your Personal Data

5.3 Restriction and Objection

Right to Restrict Processing: Limit how we use your data
Right to Object: Object to processing for marketing purposes

5.4 Marketing Opt-Out

You can unsubscribe from marketing emails using the link in the email. We will still send essential service-related communications.

5.5 How to Exercise Your Rights

To exercise any of these rights:

Email us at hello@zensus.app
Specify which right(s) you wish to exercise
We will verify your identity and respond within 30 days

5.6 Complaints

If you believe we have not complied with privacy laws, you may lodge a complaint with:

Us directly at hello@zensus.app
Your local data protection authority (for EEA/UK residents)
The Federal Trade Commission (for U.S. residents)

6. Children

Age Requirement

Our Services are designed for businesses and are not intended for individuals under 18. We do not knowingly collect Personal Data from anyone under 18. If you believe a child has provided data to us, contact us at hello@zensus.app and we will delete it promptly.

7. Security

We implement appropriate technical and organizational measures to protect your Personal Data.

Technical Safeguards:

Encryption: TLS 1.3 in transit; AES-256-GCM at rest for OAuth tokens and TOTP secrets
Authentication: JWT tokens in httpOnly cookies, PKCE for OAuth
Infrastructure: AWS with enterprise-grade security
Access Controls: Role-based access; administrative access protected by TOTP and recorded in an append-only audit log

Payment Security:

Payment processing through PCI DSS compliant Stripe
We do not store full payment card numbers

7.1 Your Responsibilities

Keep your email account secure (used for magic link authentication)
Log out from shared devices
Report suspicious activity to us

7.2 Breach Notification

In the event of a data breach affecting your Personal Data, we will notify affected users without undue delay, consistent with our obligations under applicable law. Notice will include the nature of the breach, the categories of data affected, the steps we are taking to address it, and the steps you can take to protect yourself.

8. U.S. State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other states with privacy laws, you have additional rights.

8.1 California Residents (CCPA/CPRA)

Categories of Personal Information Collected:

Identifiers (email, name, federated identity provider subject)
Financial information (data you upload or sync for runway/forecast)
Internet activity (limited server-side telemetry; marketing-site reverse-IP intelligence via Apollo)
Geolocation (general location from IP address)

Your Rights:

Right to Know what data we collect and share
Right to Delete your Personal Information
Right to Correct inaccurate information
Right to Opt-Out of sale (Note: We do not sell your data)
Right to Non-Discrimination for exercising your rights

We do not sell or share Personal Information for cross-context behavioral advertising.

8.2 Other State Residents

If you are a resident of Virginia, Colorado, Connecticut, Utah, or Nevada, you have similar rights to access, correct, delete, and port your data. Contact us at hello@zensus.app to exercise these rights.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

We will update the "Last Updated" date at the top
For material changes, we will notify you via email or prominent notice in the Services
Your continued use after changes constitutes acceptance

If you do not agree to changes, you must stop using the Services and may delete your account.

10. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Zensus Inc.

Email: hello@zensus.app
Website: https://zensus.app

For Privacy Requests: Use subject line "Privacy Request" or "Data Rights Request"

Response Times

General questions: 5 business days
Data access/deletion requests: 30 days
Security concerns: 24-48 hours

Thank you for trusting Zensus with your data.

We are committed to protecting your privacy and being transparent about our data practices.