Short version: Zeno collects only the business and customer data needed to create invoices and process payments. We do not sell your data. We do not use it for advertising. You can delete your account and all associated data at any time by messaging us on WhatsApp or emailing hello@zenohq.in.
1. Who we are
Zeno is a WhatsApp-based invoicing and payments service for Indian small businesses. The service is operated by Aditya Sharma, an individual proprietor based in India ("Zeno", "we", "us", "our").
This Privacy Policy applies to all data collected when you use the Zeno WhatsApp chatbot, our website at zenohq.in, and any related services (collectively, the "Service").
This policy is compliant with India's Digital Personal Data Protection Act, 2023 (DPDP Act).
2. What data we collect
Data you provide directly
- Business details: Your business name, GSTIN, address, and WhatsApp phone number — provided when you register with Zeno.
- Invoice data: Item names, quantities, prices, customer names, customer phone numbers, and customer GSTIN (if applicable) — provided when you create invoices through the chatbot.
- Payment data: Payment amounts, payment status, and udhaar (credit) balances — recorded when invoices are created and payments received.
- Messages: The content of WhatsApp messages you send to the Zeno chatbot, used to understand your commands and generate responses.
Data collected automatically
- WhatsApp phone number: Provided automatically by Meta when you message Zeno.
- Message metadata: Timestamps and delivery status of messages, as provided by the WhatsApp Business API.
- Payment events: Webhook notifications from Razorpay when a payment is initiated, completed, or failed — including Razorpay payment IDs and fee amounts.
- Server logs: IP addresses and request metadata for security and abuse prevention. Logs are retained for 30 days.
Data we do NOT collect
- Passwords (we use WhatsApp for authentication — no password needed)
- Bank account numbers or UPI IDs (handled entirely by Razorpay)
- Device identifiers, cookies, or browser fingerprints on zenohq.in
- Location data beyond the state you provide for GST (place of supply)
3. How we use your data
We use your data only for the following purposes:
- Providing the Service: Creating GST invoices, generating PDF documents, sending invoices to your customers via WhatsApp, creating UPI payment links, recording payments, and tracking udhaar balances.
- Payment processing: Passing invoice amounts to Razorpay to generate payment links; receiving webhook notifications of payment events.
- Automated reminders: Sending payment reminder messages to your customers on your behalf for overdue invoices (maximum 4 reminders per invoice, spaced at least 7 days apart).
- Reports: Generating daily, monthly, and outstanding payment reports when you request them.
- Security & fraud prevention: Verifying webhook signatures, detecting abuse, and maintaining service integrity.
- Service communications: Sending you important notices about the Service, including billing, downtime, and policy changes.
We do not use your data for advertising, profiling, or sale to third parties. We do not use your invoice or customer data to train AI models beyond the scope of processing your individual requests in real time.
AI processing: Message content is sent to Anthropic's Claude API to understand your intent and extract invoice details. This processing happens per-request — your messages are not stored by Anthropic for model training under their current API terms. See Anthropic's privacy policy for details.
4. Third-party services
Zeno relies on the following third-party services. Each processes data according to its own privacy policy:
| Service | Purpose | Data shared |
|---|---|---|
| Meta (WhatsApp Business API) | Sending and receiving WhatsApp messages | Phone numbers, message content, invoice PDFs sent to customers |
| Anthropic (Claude API) | Natural language understanding for intent detection and invoice parsing | Message content (no names or phone numbers unless included in your message) |
| Razorpay | UPI payment link generation and payment processing | Invoice amount, customer name, customer phone number (for payment link) |
| Neon (PostgreSQL) | Database storage, servers in AWS ap-southeast-1 (Singapore) | All structured data described in Section 2 |
| Railway | Cloud hosting and infrastructure for the Zeno application | All data processed by the application; Railway does not access application data |
| Redis (Upstash) | Task queue for automated payment reminders | Invoice IDs and phone numbers for scheduled reminder tasks |
We select third-party providers who maintain appropriate data security standards. Razorpay is licensed by the Reserve Bank of India as a Payment Aggregator.
5. Data retention
- Business and invoice data: Retained for the duration of your subscription plus 3 years after account closure, to meet GST record-keeping requirements under the CGST Act, 2017 (which mandates 6-year retention — we retain 3 years as a minimum; businesses are advised to maintain their own GST records).
- Customer data: Retained as long as your account is active. Deleted within 30 days of account deletion.
- Invoice PDFs: Stored in our database as long as your account is active.
- WhatsApp message content: Not stored beyond what is needed to process your request. Message content is processed in memory and not written to our database.
- Server logs: 30 days.
- Payment webhook data: Retained as part of invoice records (see above).
6. Your rights
Under the Digital Personal Data Protection Act, 2023, you have the following rights:
Right to access
You can request a summary of all personal data we hold about you and your customers. Message "export my data" to the Zeno chatbot or email hello@zenohq.in.
Right to correction
If any data we hold is inaccurate, you can correct it by updating it through the chatbot (for customer names, business details, etc.) or by contacting us.
Right to erasure
You can request deletion of your account and all associated data. We will complete deletion within 30 days, except for data we are legally required to retain (e.g., GST records). To request deletion, message "delete my account" to the chatbot or email hello@zenohq.in.
Right to withdraw consent
You may withdraw consent to data processing at any time by closing your account. Withdrawal does not affect lawfulness of processing before withdrawal.
Right to grievance redressal
If you believe your rights have been violated, contact us at hello@zenohq.in. We will respond within 15 business days. You may also approach the Data Protection Board of India once it is constituted.
7. Security
We take reasonable technical and organisational measures to protect your data:
- All data in transit is encrypted using TLS 1.2 or higher.
- Database access is restricted to application credentials; no public database access.
- Razorpay webhook signatures are verified using HMAC-SHA256 before processing any payment event.
- API keys and secrets are stored as environment variables — never in source code.
- Payment card data is never handled by Zeno — all payment collection is delegated to Razorpay.
No system is perfectly secure. If you believe your data has been compromised, please contact us immediately at hello@zenohq.in.
8. Children's privacy
Zeno is a business service intended for adults operating businesses. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that a minor has provided personal data, we will delete it promptly.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by sending a WhatsApp message to your registered number at least 7 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
The current version of this policy is always available at zenohq.in/privacy.html.
10. Contact us
For any privacy-related questions, requests, or complaints:
- Email: hello@zenohq.in
- WhatsApp: Message us on WhatsApp
We aim to respond to all privacy requests within 15 business days.