Zenosite
Open builder
Back to Home

Legal

Privacy Policy

This Privacy Policy explains how Zenosite processes personal data when you use our website builder and related services. It is designed to comply with the EU General Data Protection Regulation (GDPR) and Polish RODO.

Last updated: [Last Updated Date — e.g. 31 May 2026]

1. Data Controller

The data controller responsible for your personal data is [Legal Operator Name / Zenosite — Data Controller], located at [Registered Business Address, Poland].

For privacy-related enquiries, data subject requests, or complaints, contact us at [Contact Email — e.g. privacy@zenosite.com]. Optional dedicated data protection contact: [Data Protection Contact — if applicable, same as Contact Email]. We will respond within one month as required by GDPR Article 12.

2. Data We Collect

2.1 Account & identity data

When you use Zenosite, we may process:

  • Email address — if you provide one for account recovery, notifications, or support;
  • Authentication identifiers — user IDs and session tokens generated by Supabase Auth (including anonymous user IDs where enabled);
  • Profile metadata — language preferences, builder settings stored in your browser or account.

2.2 Website & content data

Site configurations, page content, images you upload, subdomain choices, and publication status are stored in our database (Supabase) to operate the builder and serve your published sites.

2.3 Technical & usage data

We automatically collect limited technical data, such as:

  • IP address, browser type, device type, and operating system;
  • Timestamps, request logs, and error diagnostics;
  • Referring URLs and pages viewed on zenosite.com (not third-party analytics unless disclosed below).

2.4 Payment data — processed by Stripe only

Zenosite does not collect, store, or process full payment card numbers on our servers. All payment transactions are handled exclusively by Stripe. When you subscribe or pay, Stripe collects card details, billing address, and fraud-prevention signals directly. We receive only limited information from Stripe (e.g. last four digits of card, brand, subscription status, customer ID) necessary to manage your account.

Stripe's privacy policy applies to payment processing: https://stripe.com/privacy.

2.5 Visitor data on published user sites

If your published site includes forms (e.g. lead capture), data submitted by your site visitors is processed to deliver submissions to you and may be stored in Supabase. You are the data controller for visitor data collected through your site; you must provide your own privacy notice to visitors and obtain lawful consent where required.

3. How We Use Your Data

We process personal data for the following purposes and legal bases under GDPR Article 6:

  1. Providing the Service (contract performance) — operating the builder, saving drafts, publishing sites on *.zenosite.com, and delivering hosted pages to visitors.
  2. Account authentication & security (legitimate interests / contract) — verifying sessions, preventing abuse, fraud detection, and protecting infrastructure.
  3. Billing & subscriptions (contract / legal obligation) — managing paid plans via Stripe, invoicing where required, and tax compliance.
  4. Support & communication (legitimate interests / contract) — responding to enquiries sent to [Contact Email — e.g. privacy@zenosite.com].
  5. Legal compliance (legal obligation) — responding to lawful requests from authorities and enforcing our Terms of Service.
  6. Service improvement (legitimate interests) — aggregated, anonymised analysis of usage patterns to improve reliability and UX, where not overridden by your rights.

We do not sell your personal data. We do not use your data for automated decision-making that produces legal or similarly significant effects.

4. Third-Party Data Processors

We use trusted infrastructure partners who process data on our behalf under GDPR-compliant data processing agreements (DPAs):

  • Supabase, Inc. — database hosting, authentication, and file storage. Data may be processed in the EU or other regions per Supabase configuration. Privacy: supabase.com/privacy
  • Vercel Inc. — web application hosting, CDN, and serverless execution for zenosite.com. Privacy: vercel.com/legal/privacy-policy
  • Stripe, Inc. / Stripe Payments Europe, Ltd. — payment processing and subscription management. Privacy: stripe.com/privacy

We may disclose data if required by law, court order, or to protect rights, safety, and security of Zenosite, users, or the public. Business transfers (e.g. merger) will be subject to continued protection consistent with this Policy.

5. International Data Transfers

Some processors may transfer data outside the European Economic Area (EEA). Where this occurs, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions, as offered by our vendors.

6. Your Rights Under GDPR (RODO)

If you are in the EU/EEA (including Poland), you have the following rights regarding your personal data:

  • Right of access — obtain confirmation and a copy of data we hold about you;
  • Right to rectification — correct inaccurate or incomplete data;
  • Right to erasure ("right to be forgotten") — request deletion of your account and associated sites, subject to legal retention obligations;
  • Right to restriction — limit processing in certain circumstances;
  • Right to data portability — receive your data in a structured, machine-readable format where processing is based on consent or contract;
  • Right to object — object to processing based on legitimate interests, including direct marketing;
  • Right to withdraw consent — where processing is consent-based, without affecting prior lawful processing;
  • Right to lodge a complaint with a supervisory authority — in Poland: the President of the Personal Data Protection Office (UODO), uodo.gov.pl.

To exercise any right, email [Contact Email — e.g. privacy@zenosite.com] with sufficient detail to identify your account. We may verify your identity before fulfilling requests.

7. Data Retention

We retain personal data only as long as necessary for the purposes described:

  • Account & site data — until you delete your account or request erasure, plus a short backup window (typically up to 30 days);
  • Billing records — as required by Polish and EU tax/accounting law (generally up to 5 years);
  • Server logs — typically 30–90 days for security and debugging;
  • Support correspondence — up to 3 years unless longer retention is legally required.

After retention periods expire, data is deleted or irreversibly anonymised.

8. Cookies & Similar Technologies

8.1 What we use

Zenosite uses cookies and local storage to:

  • Maintain authentication sessions (essential);
  • Remember UI language preference (functional);
  • Store builder draft state locally where applicable (functional).

8.2 Essential vs optional

Essential cookies are necessary for the Service to function and do not require consent under ePrivacy rules. Non-essential cookies (e.g. analytics, if introduced in the future) will only be deployed with your consent via a cookie banner where required by law.

8.3 Managing cookies

You can control cookies through your browser settings. Blocking essential cookies may prevent login or builder functionality. Third-party cookies from Stripe (during checkout) are governed by Stripe's policies.

9. Security

We implement appropriate technical and organisational measures, including encryption in transit (HTTPS/TLS), access controls, and reliance on SOC-compliant infrastructure providers. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security.

10. Children

Zenosite is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data, contact [Contact Email — e.g. privacy@zenosite.com] and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy to reflect legal or operational changes. The "Last updated" date will be revised accordingly. Material changes will be communicated via the website or email where appropriate. Continued use after changes constitutes acknowledgement.

12. Contact

For privacy enquiries or to exercise your GDPR rights:

  • [Legal Operator Name / Zenosite — Data Controller]
  • [Registered Business Address, Poland]
  • Email: [Contact Email — e.g. privacy@zenosite.com]