ZenCena respects your privacy. This policy explains what data we collect, how we use it, and what control you have over it.
The application is local-first. By default, everything you record (accounts, transactions, categories, goals, budgets, reminders, preferences) is stored exclusively on your device.
If you enable Cloud Sync (optional Premium feature), a copy of that same data is also stored on Supabase servers so you can access it from multiple devices (see section 11). Sync is fully optional and you can turn it off any time from Profile → Sync.
To keep the app stable and understand which features are used, we integrate two services:
app_opened, screen_viewed, transaction_added, account_added, paywall_viewed, etc.), generic type (e.g. "income" or "expense"), aggregated counts, random anonymous identifier generated on your device.We never send: amounts, balances, credit limits, debts, account names, institutions, card digits, descriptions, notes, titles of transactions/goals/budgets/reminders, your name, email, biometric data, internal UUIDs of your records.
Subscriptions and payments are processed exclusively through:
RevenueCat receives: anonymous device identifier, platform (iOS/Android), country, product identifier purchased, subscription status, receipt signed by Apple/Google. ZenCena does not receive or store your payment information (card, account, etc.) — that information remains under Apple's and Google's control.
When you install the app we generate a random UUID stored only on your device. If you wipe app data or uninstall, that identifier is gone and we cannot trace your historic usage.
ZenCena does not sell, rent, or share your data with third parties for marketing. The only third parties receiving information are those described in this policy (Sentry, PostHog, RevenueCat, Apple, Google, Supabase, Resend), and only what is strictly necessary for the corresponding feature to work. Supabase and Resend only receive data if you enable optional Premium Sync.
Local data is kept while the app is installed. You can delete it any time from Profile → Clear data. Sentry and PostHog retain anonymous events up to 12 months; being anonymous we cannot associate them with you and therefore cannot delete them individually.
GDPR (Europe) and CCPA (California) apply: you have rights of access, rectification, and deletion. Since we do not store identifiable personal data on our own servers, exercising these rights consists of deleting local data from the app. For data sent to Sentry/PostHog, contact us at [email protected].
ZenCena is not directed at children under 13. We do not knowingly collect data from minors. If you believe a minor is using ZenCena, contact us to delete any associated data.
If we modify this policy, we will update the date and version above. Significant changes will be notified inside the app and will require new acceptance.
If you enable Sync (Premium feature), your financial data is also stored on Supabase servers so you can access it from multiple devices.
What syncs: accounts, institutions, transactions, categories, budgets, goals, payment reminders, recurring transactions. Receipt images stay local for now.
What's stored about your account:
Where it's stored: Supabase (supabase.com), servers in US and Europe. Data encrypted in transit (TLS) and at rest. Each user can only access their own data via Row-Level Security in the database.
Transactional emails: we use Resend (resend.com) to deliver authentication emails (confirmation, password reset). Resend receives only your email address and the email content.
Control: you can turn Auto Sync off any time from Profile → Sync. To permanently delete your cloud data, contact us at [email protected] and we'll process account + data deletion.
Without Sync enabled, your financial data stays 100% local on your device.
For any inquiry about this policy: [email protected].