BackLast updated: April 2026

Privacy Policy

1. Introduction

This Privacy Policy describes the rights and responsibilities that apply to your use of Zentra's websites, services, and mobile app (collectively, the "Service"), each owned and operated by Zentra Inc. ("Zentra", "we", "our" or "us"). By creating a Zentra account or using our services, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create a Zentra account, we collect:

  • Name and email address – Used for account identification and communications
  • Password – Never stored in plaintext; hashed using bcrypt encryption
  • Profile photo – Optional; stored securely in Cloudinary
  • Timezone and country – For localization and scheduling purposes

2.2 Organization Data

When setting up your workspace, we collect:

  • Organization name and slug – For workspace identification
  • Organization logo – Stored in Cloudinary
  • Member roles and permissions – To enforce access control

2.3 Work Activity Data

To power Zentra's core features, we collect:

  • Check-in and check-out times – Recorded when you log attendance
  • Daily plans and accomplishments – Optional text summaries you provide
  • Task assignments and completions – Project data and status updates
  • Working hours and attendance records – For reporting and analytics

2.4 Hiring Data

When using Zentra's hiring portal, we collect:

  • Job postings and descriptions – Content you create for openings
  • Candidate applications and resumes – Submitted by applicants
  • Interview schedules and notes – Recorded during recruitment
  • Offer letters and onboarding documents – Generated by you

2.5 Usage Data

We automatically collect:

  • Login timestamps and IP addresses – For security and fraud prevention
  • Feature usage patterns – To improve product functionality
  • Real-time notification events – For system reliability and analytics

3. How We Use Your Data

Providing the Service – Delivering all Zentra features including check-ins, task management, hiring portal, and real-time notifications

Improving the Service – Analyzing usage patterns to enhance features, fix bugs, and optimize performance

AI-powered resume screening – Processing resume text for automated candidate analysis

Generating reports – Creating attendance summaries, performance reports, and analytics dashboards

Processing payments – Facilitating subscription billing through Razorpay

Security and fraud prevention – Monitoring for suspicious activity and protecting your account

Communications – Sending service updates, notifications, and support responses

4. Data Sharing

Zentra never sells your data. We only share data with trusted partners necessary to provide the Service, under strict data processing agreements:

  • Cloudinary – Securely stores your profile photos, organization logos, and resume files
  • Razorpay – Processes subscription payments (payment information is not stored on Zentra servers)
  • Groq AI – Receives resume text only for AI-powered candidate screening; does not retain data after analysis
  • MongoDB Atlas – Hosts our database; subject to MongoDB's security and privacy policies
  • Vercel – Hosts the Zentra application infrastructure

Each partner operates under Data Processing Agreements (DPA) that require them to protect your data and use it only as directed by Zentra.

5. Role-Based Data Access

Zentra enforces strict role-based access control. Data visibility depends on your role within the organization:

Founder Access

Founders have full access to all organizational data, including team member check-ins, tasks, hiring data, and billing information.

HR Access

HR team members can access team data and the complete hiring pipeline, including candidate information and interview records. They cannot access billing or financial data.

Employee Access

Employees can only access their own check-in records, their assigned tasks, and shared team documents. They cannot see other employees' check-ins, personal information, or task assignments. Employees also cannot access the hiring portal or billing areas.

Important: All data access is enforced at the API and database level. Role-based middleware protects against unauthorized access attempts.

6. AI and Resume Data

When you use Zentra's AI Resume Screening feature:

  • Resume text is sent to Groq AI for candidate analysis and scoring
  • Groq AI does not store resume content; only analysis results are returned to Zentra
  • Analysis results (scores, insights) are saved to your Zentra account for your review
  • Groq AI's processing of resume text is subject to Groq's Privacy Policy

AI screening is a tool to assist your hiring decisions—not to make them. Final hiring decisions must be made by humans.

7. Data Retention

We retain data for as long as it's necessary to provide the Service and comply with legal obligations:

  • Active accounts: Retained while your account remains active
  • Deleted accounts: Removed within 30 days of account deletion
  • Audit logs: Retained for 2 years for security monitoring and compliance
  • Resume files: Retained until manually deleted by HR or Founder

8. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you
  • Correct: Update or correct inaccurate information in your account
  • Delete: Request deletion of your account and associated data
  • Export: Download your organization data in a machine-readable format
  • Opt out: Disable non-essential notification preferences from Settings

To exercise any of these rights, contact us at zentra@continuuum.in.

9. Security

Zentra implements industry-standard security measures to protect your data:

  • Password hashing: Passwords are hashed using bcrypt (never stored in plaintext)
  • JWT authentication: Secure token-based authentication for API requests
  • HTTPS encryption: All data in transit is encrypted using TLS
  • Role-based API middleware: Enforces access control at the API level
  • File storage security: Media files stored in Cloudinary with secure access tokens
  • Monitoring and logging: Security events are logged and monitored for anomalies

10. Cookies

Zentra uses cookies for essential functionality only:

  • Session cookies: Store authentication tokens to keep you logged in
  • No tracking cookies: Zentra does not use third-party analytics or tracking pixels
  • No Google Analytics: We respect your privacy and do not use GA or similar services

11. Children's Privacy

Zentra is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a minor, please contact us immediately at zentra@continuuum.in, and we will take appropriate steps to delete such information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:

Company

Zentra Inc.