Privacy Policy

This Privacy Policy explains how INSTANTIA IT LTD ("Instantia", "we", "us") collects and uses personal data when you use Zana (the "Service").

1. Who We Are

For UK data protection law, INSTANTIA IT LTD is the data controller for personal data processed to provide the Service.

Contact: support@getzana.app

2. What Data We Collect

Account data

• Email address, name (if provided), authentication identifiers.
• Space membership and role information.

Usage and device data

• Basic usage events needed to operate, secure, and improve the Service.
• Technical data such as IP address, device/browser metadata, and logs.

Financial data you enter

• Transactions, categories, merchants, budgets, planned and recurring items.
• Notes and descriptions you choose to add.

Receipt data (if you upload receipts)

• Receipt images/files and extracted fields, where available.

3. How We Use Your Data

• Provide the Service (including space-scoped analytics and charts).
• Authenticate you, prevent abuse, and keep accounts secure.
• Support requests and communications.
• Maintain, debug, and improve reliability and performance.
• Comply with legal obligations and enforce our terms.

4. Legal Bases (UK GDPR)

• Contract: where processing is necessary to provide the Service to you.
• Legitimate interests: to secure, operate, and improve the Service (balanced against your rights).
• Consent: where we ask for it (and you can withdraw it at any time).
• Legal obligation: where we must comply with UK law.

5. Sharing and Processors

We do not sell your personal data. We may share data with trusted service providers (processors) to run the Service, such as hosting, storage, authentication, analytics, and email delivery.

If you use receipt scanning features, receipt files may be processed by third-party providers to extract information. We aim to minimise access and only share what is necessary.

6. International Transfers

Some providers may process data outside the UK. Where this happens, we use appropriate safeguards such as International Data Transfer Agreements (IDTAs) or other recognised mechanisms.

7. Data Retention

We keep personal data only as long as needed for the purposes described in this policy, including for legal, accounting, or reporting requirements. You can request deletion of your account; some data may be retained where required by law or for legitimate interests (for example, fraud prevention).

8. Security

We use reasonable technical and organisational measures to protect data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9. Your Rights

Depending on your circumstances, you may have rights to:

• Access your personal data
• Correct inaccurate or incomplete data
• Delete data (where applicable)
• Restrict or object to processing
• Data portability
• Withdraw consent (where processing is based on consent)

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). We encourage you to contact us first.

10. Cookies and Similar Technologies (Website)

The website may use cookies or similar technologies for essential functions (such as login and security) and, where enabled, to understand usage.

11. Children

The Service is not intended for children under 16. If you believe a child has provided personal data, contact us and we will take appropriate steps.

12. Changes

We may update this policy from time to time. We will post the updated version on this page and update the "Last updated" date.