Information Handling Statement
Current version effective: January 2025
When someone visits our website or registers for budget workflow services, questions arise about what happens with submitted details. This document explains how Zensthoria manages the information entrusted to us through our platform.
Our approach centers on necessity and clarity. We gather what supports functionality, maintain transparency about usage, and provide straightforward channels for individuals to exercise control over their records.
What Information Reaches Our Systems
Registration and Account Records
Creating an account requires basic identification details: full name, professional email address, phone contact, and organizational affiliation. These elements enable account setup and service access. Payment processing for subscribed services captures billing addresses and payment method identifiers through our processor—we never store complete payment credentials on our servers.
Service Interaction Data
Budget approval workflows generate substantial records. Each workflow submission includes approver names, timestamps, decision notes, attached documentation, and modification history. This transactional information forms the operational backbone of our platform—without it, the service cannot function.
Communication through our support channels produces correspondence records: message content, attachment files, response threads, and resolution timestamps. These records remain accessible for quality assurance and reference purposes.
Technical Access Information
Server logs capture standard access details: IP addresses, browser types, device identifiers, access timestamps, and navigation patterns. This technical metadata helps maintain system security and diagnose performance issues. Session management requires temporary identifiers that expire after logout or timeout periods.
Why Records Are Created and Maintained
Service Delivery
Account details authenticate users, enable workflow access, and facilitate approval routing. Without identification records, individual accounts cannot function or maintain separate organizational spaces.
Transaction Processing
Payment information enables subscription billing, processes upgrades or cancellations, and generates invoices. Billing addresses satisfy tax jurisdiction requirements and payment processor regulations.
Support Operations
Communication records allow support staff to understand issues, reference previous interactions, and provide consistent assistance across multiple contacts. Historical context improves resolution quality.
Security Maintenance
Access logs detect unauthorized entry attempts, identify unusual activity patterns, and support incident investigation. Technical records provide forensic capability when security events occur.
Platform improvement relies on aggregated usage patterns—which features receive frequent use, where users encounter difficulties, what workflows prove most efficient. Individual identification gets stripped from analytical datasets; we examine collective patterns rather than specific user behaviors.
Information Flow and External Access
Service Provider Relationships
Several external organizations access limited information subsets to enable specific functions. Payment processors receive transaction details necessary for charge authorization—cardholder names, billing addresses, and payment amounts. These processors operate under contractual data handling obligations and industry security standards.
Cloud infrastructure providers host our servers and databases. While they maintain the physical and virtual infrastructure, contractual terms prohibit accessing hosted data for their own purposes. Encryption protects stored information from infrastructure-level exposure.
Email delivery services transmit system notifications, password resets, and workflow alerts. These services receive recipient addresses and message content but operate under strict usage limitations that prohibit retention or alternative use.
Legal and Regulatory Disclosure
Court orders, valid subpoenas, or regulatory investigations may compel disclosure. We assess each demand for legal sufficiency before responding. When permitted by law, affected users receive notice of such requests. Emergency circumstances involving immediate physical danger or criminal activity may necessitate disclosure without advance notification.
Business Transition Scenarios
Acquisition, merger, or asset sale would transfer user information to successor entities. Any such transition includes contractual requirements that the acquiring party maintain equivalent protection standards. Users would receive notification about ownership changes and any resulting policy modifications.
What We Don't Do
User information never appears in advertising networks, data broker catalogs, or marketing databases sold to third parties. We don't generate revenue by monetizing user records. Aggregate statistics may inform public statements about platform usage, but these contain no individually identifying elements.
Protection Measures and Security Approach
Information security requires multiple defensive layers. Transport encryption protects data moving between user browsers and our servers—all connections use current TLS protocol versions. Database encryption secures stored information at rest. Access controls limit which staff members can view specific record categories based on job function necessity.
Authentication systems require strong passwords and offer optional two-factor verification for enhanced account protection. Session timeouts force re-authentication after inactivity periods. Failed login attempts trigger temporary account locks to prevent automated attacks.
Regular security assessments examine system vulnerabilities, and identified issues receive prioritized remediation. Backup systems maintain encrypted copies stored in geographically separate locations, enabling recovery from equipment failure or disaster scenarios.
Despite comprehensive protections, no internet-connected system achieves absolute security. Sophisticated attacks, zero-day vulnerabilities, or insider threats create residual risk. Users should maintain their own security practices: unique passwords, cautious email link handling, and prompt reporting of suspicious activity.
Individual Control Mechanisms
Access Requests
You can request copies of information we maintain about your account. Responses arrive within fifteen business days and include all personally identifying records except those subject to legal privilege or third-party confidentiality.
Correction Rights
Inaccurate information can be corrected through account settings or by contacting support. Some historical records remain unchanged to maintain audit trails, but current profile information accepts updates.
Deletion Requests
Account closure triggers deletion of personal identification details. Workflow transaction records may persist in anonymized form for legal compliance periods. Complete erasure occurs after retention obligations expire.
Processing Objections
Where information handling relies on legitimate interest rather than contractual necessity, you can object to specific processing activities. We evaluate such objections against operational requirements and cease processing unless compelling justification exists.
Restriction Requests
Pending accuracy disputes or processing objections, you can request temporary restriction of information use. Restricted records remain stored but aren't actively processed until disputes resolve.
Portability Options
Structured information you've provided—profile details, workflow configurations, approval histories—can be exported in machine-readable formats for transfer to alternative services.
Exercising these rights requires identity verification to prevent unauthorized access. Requests submitted through our official channels receive acknowledgment within three business days and resolution within the legally mandated timeframe for your jurisdiction.
Retention Duration and Deletion Schedules
Different information categories follow distinct retention periods based on legal requirements and operational necessity. Active account profiles remain accessible throughout subscription periods. Following cancellation, identification details persist for ninety days to accommodate reactivation requests, then undergo deletion.
Financial transaction records meet tax regulation retention requirements—typically seven years from transaction date. Workflow approval records maintained for contract compliance purposes follow similar retention spans, though specific durations depend on applicable industry regulations and organizational needs.
Technical logs undergo rolling deletion—access records older than eighteen months get purged unless flagged for ongoing security investigation. Support correspondence persists for three years after case closure to support quality review and training purposes.
Users who request expedited deletion receive it for discretionary records not subject to legal retention mandates. Compliance obligations prevent early deletion of financial, contractual, or regulatory records until mandatory retention periods expire.
Legal Foundations for Information Handling
Processing relies on multiple legal bases depending on information type and usage context. Contractual necessity justifies most service delivery processing—we can't provide budget approval workflows without maintaining user accounts and transaction records. You enter a service agreement when subscribing, and information handling enables contract performance.
Legal compliance creates obligations for certain record keeping. Tax regulations mandate financial record retention. Industry-specific rules may require audit trail preservation. These requirements constitute independent legal bases for processing regardless of user preference.
Legitimate business interests support some information uses. Security monitoring, fraud prevention, and service improvement represent legitimate interests balanced against user privacy expectations. When relying on this basis, we provide objection mechanisms for users who dispute the balance.
Consent governs optional features—marketing communications, optional analytics participation, or experimental features. Consent-based processing permits withdrawal at any time without affecting core service access.
Geographic location determines which privacy regulations apply. Users in California have specific rights under CCPA. European users fall under GDPR provisions. We maintain compliance with applicable frameworks based on user location and service delivery points.
Policy Modifications and Update Procedures
Business evolution, regulatory changes, or service enhancements may necessitate policy updates. Material modifications—those significantly altering information handling practices or user rights—trigger email notification to active account holders at least thirty days before implementation.
Minor clarifications, formatting improvements, or contact detail updates may occur without advance notice. The effective date at the top of this document indicates the current version. Substantial changes include version comparison summaries highlighting key modifications.
Continued service use following notification periods constitutes acceptance of modified terms. Users who disagree with material changes can close accounts before new terms take effect, triggering deletion procedures described above.
Questions and Information Requests
Privacy inquiries, rights exercise requests, or questions about specific information handling practices should come through official channels. We respond to verified requests within required timeframes and provide detailed explanations when processing decisions need clarification.