Legal

Privacy Policy

Last updated: June 2026  ·  Effective upon acceptance

Your privacy matters. This policy explains exactly what data Zeni collects, why, who it is shared with, and your rights over it.

The Zeni Service is operated by Every Ingredient Gourmet Spices LLC (Aneurin Advisory). Your data is processed in the United States on infrastructure located there. Canadian users: this policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

Contents

  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. Legal Basis for Processing
  5. Third-Party Data Processors
  6. Data Storage and Cross-Border Transfers
  7. Data Retention
  8. AI Processing Disclosure
  9. Your Rights
  10. Cookies and Analytics
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact and Complaints

Section 1Who We Are

The data controller for all personal information collected through the Zeni Service is:

Every Ingredient Gourmet Spices LLC
Operating as: Aneurin Advisory / Zeni
Website: ca.aneurinadvisory.com
Contact: support@aneurinadvisory.com

Section 2Information We Collect

We collect the following categories of information when you use Zeni:

Account Information

  • Your WhatsApp phone number (used as your primary identifier)
  • Your name, as provided during onboarding
  • Your business name and structure (service vs. ecommerce, etc.)
  • Canadian province or territory
  • Email address (if provided)
  • Account status and subscription tier

Business Data You Provide

  • Financial data: income amounts, expenses, invoice details, transaction records, CAD and USD figures
  • Client and contact information you enter into Zeni (names, emails, company names)
  • Business registration details: corporation name, BN, GST/HST number, EIN, entity structure
  • Banking and payment preferences (platform names only — not account credentials or card numbers)
  • Business goals, plans, and strategic information you share
  • Tasks, reminders, and scheduling information
  • Documents you request Zeni to generate
  • Notes and open loop items
  • Shipment tracking information

Conversation Data

  • The full text content of your conversations with Zeni through WhatsApp
  • Voice notes you send (transcribed by OpenAI's Whisper API)
  • Images and PDFs you send for processing (receipts, documents)
  • Interactive selections (button taps, list selections)
  • Timestamps and session metadata

Technical Data

  • WhatsApp message IDs and delivery metadata
  • API usage logs for rate limiting and service integrity
  • Error logs and diagnostic information

Payment Data

Payment processing is handled directly by Stripe. We do not store full card numbers, CVV codes, or complete payment credentials. We receive confirmation of payment status, subscription tier, and billing dates from Stripe.

Information We Do Not Collect

We do not collect: physical addresses (unless you voluntarily provide one); government identification numbers beyond what you choose to enter for your business setup; biometric data; protected health information; or any data from individuals who have not affirmatively engaged with the Zeni Service.

Section 3How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: Processing your messages, generating AI responses, maintaining your financial records, sending reminders and briefings, and operating all features of the Zeni platform
  • Account management: Managing your subscription, processing payments, and communicating with you about your account
  • AI personalization: Building and maintaining your business context so Zeni can provide relevant, specific responses rather than generic outputs
  • Compliance and legal obligations: Meeting applicable legal requirements, responding to lawful requests from authorities, and enforcing our Terms of Service
  • Service improvement: Using anonymized, aggregated, non-identifiable usage patterns to improve the Service. We do not use identifiable personal data for model training
  • Security: Detecting and preventing fraud, abuse, and unauthorized access
  • Pro tier services: Coordinating tax filing and compliance services for Pro subscribers, which requires sharing relevant business and financial data with human specialists working under confidentiality obligations

We do not sell your personal information to third parties. We do not use your personal information for advertising targeting by third parties.

Section 4Legal Basis for Processing

We process your personal information on the following legal bases:

  • Contractual necessity: Processing required to deliver the Service you have subscribed to, including all core features of Zeni
  • Legitimate interests: Service security, fraud prevention, aggregate analytics, and service improvement
  • Consent: For optional features or data uses where we have requested and received your consent
  • Legal obligation: Where required to comply with applicable law

Under PIPEDA, we collect only the personal information reasonably required for the identified purposes and will not use or disclose that information for purposes other than those for which it was collected without your consent or as required by law.

Section 5Third-Party Data Processors

Your data is stored securely and used solely to provide Zeni's business operator features. AI responses are generated through OpenAI's API, which processes data in the United States under OpenAI's privacy policy and enterprise data protection terms. OpenAI's current API terms do not permit using API inputs to train their models, though this is subject to OpenAI's own policies. No client data is sold or shared with any third party for marketing purposes.

Payment processing is handled by Stripe. Message delivery runs through WhatsApp (Meta Platforms). All other infrastructure operates within the United States.

We may disclose personal information to professional advisors under confidentiality obligations, and to law enforcement or regulatory authorities where required by law or valid legal process.

Full processor list (PIPEDA disclosure)
Processor Purpose Location
OpenAI, LPAI response generation, voice transcriptionUnited States
Supabase, Inc.Database storage and hostingUnited States
Meta Platforms (WhatsApp)Message delivery infrastructureUnited States
Stripe, Inc.Payment processingUnited States
Vercel, Inc.Application hostingUnited States

Section 6Data Storage and Cross-Border Transfers

Your data is stored on Supabase infrastructure located in the eastern United States. By using Zeni, you acknowledge and consent to your personal information being transferred to and processed in the United States, where data protection laws may differ from those in Canada or your home jurisdiction.

We implement contractual safeguards with our processors to ensure your data receives an appropriate level of protection regardless of where it is processed.

Section 7Data Retention

We retain your personal information for as long as your subscription is active and for a period of 30 days following cancellation or termination of your account, after which your data may be permanently deleted from our systems.

We may retain certain records for longer periods where required by law (for example, financial records required for tax compliance purposes), where necessary to resolve ongoing disputes, or to enforce our agreements. Anonymized, aggregated data that cannot identify you may be retained indefinitely for analytical purposes.

You may request deletion of your account and associated data at any time (see Section 9). Note that data transmitted to and stored by third-party processors such as OpenAI and Meta is subject to their own retention policies.

Section 8AI Processing Disclosure

Zeni's responses are generated by OpenAI's large language model AI. Your conversation content, including business information you share, is transmitted to OpenAI's API for processing.

What this means for your data: The business information, financial data, and context you share with Zeni is used to generate relevant, personalized AI responses. This data is transmitted to OpenAI's servers in the United States for processing. OpenAI's current API terms prohibit using API inputs and outputs to train OpenAI's models; however, this is subject to OpenAI's terms which may change.

Voice notes you send are transcribed using OpenAI's Whisper API, which receives the audio file content. Images and PDFs are processed by OpenAI's vision API.

We encourage you to review OpenAI's privacy policy at openai.com/privacy and API usage policies for full details of how OpenAI handles data submitted via API.

AI-generated outputs may be inaccurate. See the Terms of Service Section 4 for important disclaimers about AI limitations.

Section 9Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

Access

You may request a copy of the personal information we hold about you. We will respond within 30 days.

Correction

If any personal information we hold is inaccurate or incomplete, you may request that it be corrected.

Deletion

You may request deletion of your personal information. We will delete your data within 30 days of a verified request, subject to legal retention obligations. Note that deletion of your data will result in termination of your Service access, as the Service cannot function without your data.

Portability

You may request an export of your business data (financial records, contact lists, documents) in a machine-readable format where technically feasible.

Withdrawal of Consent

Where we process data on the basis of consent, you may withdraw that consent at any time. Withdrawal does not affect processing already carried out.

Complaints

Canadian users have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca if they believe their privacy rights have been violated. We encourage you to contact us directly first so we can attempt to resolve the matter.

How to Exercise Your Rights

To exercise any of these rights, contact us at support@aneurinadvisory.com with the subject line "Privacy Request." We may require verification of your identity before processing a request.

Section 10Website and Cookies

The Zeni marketing website (zeni.aneurinadvisory.com) is a static page that does not use persistent tracking cookies, does not deploy third-party advertising trackers, and does not use analytics tools that collect personally identifiable information. Basic server logs (IP address, referrer, browser type) may be retained by Vercel infrastructure for security and performance purposes.

Section 11Children's Privacy

The Zeni Service is intended for business use by adults aged 18 and older. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected information from a minor, we will delete it promptly. If you believe we have inadvertently collected such information, please contact us immediately.

Section 12Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted here with a revised "Last Updated" date. Your continued use of the Service following the effective date of any change constitutes your acceptance of the updated policy.

Section 13Contact and Privacy Enquiries

For any questions, concerns, or requests related to this Privacy Policy or your personal information, contact:

Privacy Contact
Every Ingredient Gourmet Spices LLC / Aneurin Advisory
Email: support@aneurinadvisory.com
Website: ca.aneurinadvisory.com

We will respond to privacy enquiries within 30 days. If we require more time due to complexity, we will notify you of the extension and reason within the initial 30-day period.

For unresolved privacy concerns, Canadian users may contact the Office of the Privacy Commissioner of Canada: 30 Victoria Street, Gatineau, Quebec K1A 1H3 · 1-800-282-1376 · www.priv.gc.ca