Privacy Policy

Introduction

Zephyra is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered financial management services.

We operate in full compliance with Singapore's Personal Data Protection Act (PDPA) and maintain transparent practices regarding data handling. Your financial information is sensitive, and we treat it with the highest standards of care and security.

1. Information We Collect

Personal Information

We collect the following types of personal information:

• Name and contact details (email address, phone number, mailing address)
• Account credentials for our service (username, encrypted password)
• Identification documents as required for account verification
• Communication preferences and service settings

Financial Information

With your explicit consent, we collect financial data through secure connections to:

• Bank accounts (transaction history, balance information)
• Payment platforms (transaction data, payment patterns)
• Credit card accounts (transaction records)
• Investment accounts (portfolio information, transaction history)

All financial data connections use read-only access through bank-approved APIs. We never request or store your banking passwords.

Usage Information

We automatically collect certain information about how you use our services:

• Log data (access times, pages viewed, features used)
• Device information (browser type, operating system, IP address)
• Service interaction patterns (feature usage, preferences)

2. How We Use Your Information

Service Delivery

We use your information primarily to provide our AI-powered financial management services, including transaction categorization, spending analysis, budget suggestions, and financial insights tailored to your patterns.

Communication

We may contact you regarding service updates, account notifications, responses to your inquiries, and optional monthly reflection prompts if you have enabled this feature.

Service Improvement

We analyze aggregated, anonymized usage patterns to improve our AI algorithms, enhance service features, and optimize user experience. This analysis never involves individual identification.

Legal Compliance

We process your data as necessary to comply with Singapore legal obligations, including financial services regulations, anti-money laundering requirements, and tax reporting obligations where applicable.

3. Data Storage and Security

Data Location

All personal and financial data is stored exclusively on servers located within Singapore. Your information never leaves Singapore jurisdiction during storage or processing.

Security Measures

We implement comprehensive security measures including:

• 256-bit AES encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication for account access
• Regular security audits by independent third parties
• Penetration testing conducted quarterly
• Strict access controls limiting employee data access
• Continuous monitoring for suspicious activities

Data Retention

We retain your personal data for as long as your account remains active. If you close your account, we securely store your data for 90 days to allow for account reactivation, after which it is permanently deleted unless legal obligations require longer retention.

Financial transaction data may be retained for up to seven years to comply with Singapore tax and financial record-keeping requirements.

4. Data Sharing and Third Parties

Third-Party Services

We share limited data with the following types of service providers:

• Cloud infrastructure providers (Singapore-based servers only)
• Security and monitoring services
• Customer support platform providers
• Analytics services (using anonymized data only)

All third-party providers are contractually bound to maintain data confidentiality and security standards equivalent to our own.

No Marketing Data Sharing

We never share, sell, or rent your personal or financial information to third parties for marketing purposes. Your data is used exclusively for service delivery and improvement.

Legal Disclosures

We may disclose your information if required by Singapore law, court order, or regulatory authority, or if necessary to protect our legal rights, prevent fraud, or ensure user safety.

5. Your Rights Under PDPA

Under Singapore's Personal Data Protection Act, you have the following rights:

Right to Access

You may request a copy of all personal data we hold about you. We will provide this information in a commonly used electronic format within 30 days of your request.

Right to Correction

You can request correction of any inaccurate or incomplete personal data. Most account information can be updated directly through your account settings.

Right to Data Portability

You may request export of your financial data and generated reports in standard formats (CSV, PDF) at any time through your account settings or by contacting us.

Right to Withdraw Consent

You may withdraw consent for data collection at any time by disconnecting financial accounts or closing your account. Note that withdrawing consent will limit or prevent our ability to provide services.

Right to Deletion

You may request deletion of your personal data, subject to any legal obligations requiring us to retain certain information. Upon account closure, all data not subject to legal retention requirements is deleted within 90 days.

6. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and gather usage analytics. For detailed information about our cookie practices, please review our Cookie Policy.

You can manage cookie preferences through your browser settings or through our cookie consent management tool available in the Cookie Policy page.

7. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from someone under 18, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or service features. Material changes will be communicated via email to all active users at least 30 days before taking effect.

The "Last Updated" date at the top of this policy indicates when the most recent changes were made. Continued use of our services after policy changes constitutes acceptance of the updated terms.

9. Contact Information

For questions about this Privacy Policy, to exercise your rights under PDPA, or to raise privacy concerns, please contact our Data Protection Officer:

We aim to respond to all privacy inquiries within 7 business days.