Zenda.is

Privacy policy page

1. Introduction

This Privacy Policy explains how Nexum ehf., Skútuvogur 2, 104 Reykjavík, Iceland ("we", "us", "our") processes personal data in connection with the Zenda service.

We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR).

2. Roles & Responsibilities

Nexum ehf.

We act as a data controller for limited data related to:

  • Account creation and management

  • Billing and communication

  • Website analytics and marketing

You (the client)

You act as the data controller for all data processed within your Zenda system, including:

  • Email recipients

  • Contact lists

  • Campaign data

We do not control or process this data.

3. What Data We Collect

We may collect the following personal data:

  • Name and email address (account owners)

  • Login credentials (passwords are securely hashed and not accessible to us)

  • Billing information (handled by payment providers)

  • Communication data (support requests, emails)

  • Technical data (IP address, logs, browser information)

4. Data Processed by You (Important)

Zenda is installed on infrastructure controlled by you.

  • We do not store or process email recipient data

  • All campaign data remains on your server

  • We do not access your data unless explicitly requested by you

You are fully responsible for:

  • Data you collect

  • Legal basis for processing (e.g. consent)

  • Compliance with GDPR and anti-spam laws

5. Infrastructure & Access

  • The system is deployed on a server owned by you

  • After setup, we do not have access to your server

  • Access is only possible if you explicitly grant it for support purposes

6. Third-Party Services

Zenda relies on third-party services:

Email delivery

Handled via providers such as Amazon Web Services (SES)

  • We do not control how these providers process your data

  • You are responsible for compliance with their policies

Payments

Payments may be processed by third-party providers (e.g. Stripe)

  • We do not store payment card data

  • Payment data is handled directly by the provider

Analytics & Marketing

We may use tools such as:

  • Google Analytics

  • Google Tag Manager

  • Meta (Facebook) Pixel

  • Other advertising platforms (e.g. Google Ads, TikTok)

These tools may collect:

  • Cookies

  • Device and browser data

  • Usage behavior

7. Cookies

We use cookies for:

  • Essential functionality (e.g. sessions)

  • Analytics

  • Marketing and advertising optimization

You can control cookies via your browser settings.

Where required by law, consent is obtained before using non-essential cookies.

8. Legal Basis (GDPR)

We process personal data based on:

  • Contractual necessity (to provide the service)

  • Legitimate interests (security, improvement, analytics)

  • Consent (for marketing and tracking technologies)

9. Data Retention

We retain personal data only as long as necessary:

  • Account data → while you use the service

  • Support data → limited retention period

  • Analytics data → according to tool providers

10. Your Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Request correction

  • Request deletion

  • Restrict processing

  • Data portability

  • Withdraw consent (where applicable)

To exercise your rights, contact us at: [your email]

11. Security

We implement appropriate technical and organizational measures.

However:

  • Your system runs on your infrastructure

  • You are responsible for securing your server and data

12. International Transfers

Some third-party providers may process data outside the European Economic Area (EEA).

In such cases, appropriate safeguards (e.g. Standard Contractual Clauses) are applied.

13. Changes

We may update this Privacy Policy from time to time.

14. Contact

For any questions regarding this policy:

Nexum ehf.

Skútuvogur 2

104 Reykjavík

Iceland

Email: [email protected]