Privacy Policy
Effective Date: August 2, 2025
Last Updated: August 2, 2025
Welcome to Zentri! This Privacy Policy explains how Lyford Holdings GmbH ("we," "us," or "our") collects, uses, shares, and protects information in relation to our Software as a Service platform, Zentri (the "Service"). Our commitment is to protect your privacy and handle your data in an open and transparent manner. This policy is written in compliance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the European Union's General Data Protection Regulation (GDPR). By using our Service, you agree to the collection and use of information in accordance with this policy.
1. Data Controller
The entity responsible for the processing of your personal data (the data controller) is:Lyford Holdings GmbH49 Hinterbergstrasse6312 SteinhausenSwitzerlandCompany Number: CH−170.4.020.381−7One of our directors serves as the company's Data Protection Officer and can be reached via the contact details provided in Section 12 of this policy.
2. Information We Collect
We collect different types of information to provide and improve our Service to you.
a) Information You Provide Directly
- Account Information: When you register for a Zentri account, we collect information such as your name, email address, company name, and a password.
- Payment Information: For paid subscriptions, we use the third-party payment processor Stripe to handle transactions securely. We do not store your full credit card details on our servers.
- Communications: If you contact us directly for support or feedback, we may receive additional information about you such as your name, email address, the contents of the message, and any other information you may choose to provide.
- Service Data: We collect and store the safety data and other content that you create, upload, or manage using the Zentri platform ("Service Data"). You and your company are the controllers of this Service Data; we act as a processor on your behalf.
b) Information We Collect Automatically
- Usage and Performance Data: We automatically collect information when you access and use the Service. This may include your Internet Protocol (IP) address, browser type, device identifiers, and data on your interactions with the Service. We use this information for service delivery, improvement, and performance/error monitoring. We do not record user sessions.
- Cookies and Similar Technologies: We use essential and functional cookies to operate our Service. We may also use analytics cookies to understand usage patterns. You can instruct your browser to refuse non-essential cookies.
3. How We Use Your Personal Data
We use the collected data for various purposes:To provide, operate, and maintain our Service.To process your transactions via our payment processor, Stripe.To manage your account, including authentication and providing customer support.To notify you about changes to our Service, terms, or policies.To communicate with you, including responding to your inquiries.To detect, prevent, and address technical issues, fraud, and security threats.For Service Improvement: We reserve the right to use anonymised or aggregated data derived from personal data and Service Data for statistical analysis, research, and to improve the features and functionality of our Service. This anonymised data does not identify you or any individual.To comply with our legal obligations, such as financial and tax reporting.
4. Legal Basis for Processing
Our legal basis for collecting and using the personal data described above includes:Performance of a Contract: To fulfill our contractual obligations to you.Legitimate Interests: For purposes like service improvement, security, and analytics, where our interests are not overridden by your data protection rights.Consent: Where required by law, we will obtain your consent for specific activities.Legal Obligation: To comply with applicable laws.
5. Data Sharing and Disclosure (Sub-processors)
We do not sell your personal data. We share information with a limited number of third-party service providers (sub-processors) who act on our behalf to make the Service available. Our primary sub-processors are:Railway Corp. (Railway): For application hosting, database services (including Redis), and general cloud infrastructure.Stripe, Inc. (Stripe): For secure payment processing and subscription management.Analytics and Monitoring Providers: We use standard software providers for website analytics and application error monitoring.These providers only have access to the information necessary to perform their functions and are contractually obligated to protect it and use it only for the purposes for which it was disclosed.
6. International Data Transfers
Our service providers, such as Railway and Stripe, may operate in countries outside of Switzerland and the European Economic Area (EEA), including the United States. We will take all steps reasonably necessary to ensure that your data is treated securely. For transfers of data to countries without an adequacy decision, we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs), to protect your data.
7. Data Security
The security of your data is paramount. We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, use, or destruction. However, no method of transmission over the Internet is 100% secure.
8. Data Retention
We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, adhering to industry best practices. We will retain data as long as your account is active and for a reasonable period thereafter in case you decide to re-activate the Service. We will also retain data to the extent necessary to comply with our legal obligations (for example, Swiss law requires us to keep financial and business records for 10 years), resolve disputes, and enforce our agreements.
9. Your Data Protection Rights
You have rights regarding your personal data under applicable law, including:The right to access, rectify, or erase your personal data.The right to restrict or object to processing.The right to data portability.To exercise any of these rights, please contact us at hello@zentri.cc. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).
10. Children's Privacy
Our Service is not intended for use by anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from children. If you become aware that a child has provided us with personal data, please contact us.
11. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
12. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact our Data Protection Officer:By email: hello@zentri.ccBy mail:Lyford Holdings GmbHAttn: Data Protection Officer49 Hinterbergstrasse6312 SteinhausenSwitzerland