Privacy Policy

1. Introduction

Zelicra (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Zelicra platform (“Service”).

Zelicra is operated by Salvus Paul, based in Helsinki, Finland. We process data in accordance with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

Account Information

When you register, we collect:

• Name and email address
• Business name and type
• Country of operation
• Password (stored securely hashed)

Business Data

When you use our compliance tools, we process:

• Business registration details you provide
• Compliance checklist responses
• Invoice data (for Arabic invoice generation)
• Return policy configurations

Usage Data

We automatically collect:

• IP address and browser type
• Pages visited and features used
• Session duration and timestamps

3. How We Use Your Data

We use your data to:

• Provide and maintain the Service
• Generate compliance documents and certificates
• Send account-related notifications
• Improve the Service based on usage patterns
• Respond to support requests

We do not sell your personal data to third parties.

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract performance: Processing necessary to provide the Service you subscribed to
• Legitimate interest: Service improvement and security
• Consent: Marketing communications (you may opt out at any time)
• Legal obligation: Where required by EU or Finnish law

5. Data Storage and Security

All data is stored on servers located in Helsinki, Finland (Hetzner Cloud, EU region). We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS/SSL)
• Encrypted database connections
• Regular security updates and monitoring
• Access controls and authentication

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (“right to be forgotten”)
• Restriction: Restrict processing of your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interest
• Withdraw consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at salvuspaul.dev@gmail.com. We will respond within 30 days.

8. Cookies

We use essential cookies required for the Service to function (session management, authentication). We do not use third-party advertising or tracking cookies.

9. Third-Party Services

We may use the following third-party services that process data on our behalf:

• Hetzner Cloud: Server hosting (Helsinki, Finland)
• Let’s Encrypt: SSL certificate provisioning

All third-party processors are GDPR-compliant and process data within the EU.

10. International Data Transfers

Your data is stored and processed within the European Union. We do not transfer personal data outside the EU/EEA unless required and only with appropriate safeguards in place.

11. Children’s Privacy

The Service is not intended for individuals under 18. We do not knowingly collect data from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The “Last updated” date at the top reflects the most recent revision.

13. Contact and Data Protection

For privacy-related inquiries or to exercise your data rights:

• Email: salvuspaul.dev@gmail.com
• WhatsApp: +91 799 424 8385

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).