Zenager

Privacy Policy

Last updated: August 29, 2025

1. Introduction

Welcome to Zenager ("we," "our," or "us"), operated by M21 Ventures LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial intelligence platform and services. We are committed to protecting your privacy and maintaining the security of your personal and financial information.

2. Information We Collect

2.1 Personal Information

  • Name, email address, phone number
  • Account credentials and authentication information
  • Profile information and preferences
  • Communication history with our support team

2.2 Financial Information

  • Bank account information and transaction data (via Plaid)
  • Credit card and payment information
  • Investment account data and portfolio information
  • Income, expense, and budget data
  • Financial goals and preferences

2.3 Usage Information

  • Device information and browser type
  • IP address and location data
  • Usage patterns and feature interactions
  • Zenager Pulse scores and sharing activities

3. How We Use Your Information

  • Provide and improve our financial intelligence services
  • Calculate your Zenager Pulse financial health score
  • Generate personalized insights and recommendations
  • Enable social sharing features (with your consent)
  • Send service updates and educational content
  • Detect and prevent fraud or unauthorized access
  • Comply with legal and regulatory requirements

4. Information Sharing

We do not sell your personal or financial information. We may share your information in the following circumstances:

  • Service Providers: With trusted third-party providers (like Plaid) who help us deliver our services
  • Legal Requirements: When required by law, regulation, or court order
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: When you explicitly authorize us to share specific information
  • Social Features: Zenager Pulse scores and achievements when you choose to share them

5. Data Security

We implement industry-standard security measures to protect your information:

  • End-to-end encryption of all financial data
  • Multi-factor authentication for account access
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance framework
  • Secure data storage with leading cloud providers
  • Employee training on data protection best practices

5.1 Plaid Integration Security

When you connect bank accounts through Plaid, we implement additional security measures:

  • Plaid access tokens encrypted with AES-256 encryption at rest
  • Access tokens never exposed to client-side JavaScript or browser
  • All Plaid API calls made exclusively server-side with secure credentials
  • Tokens stored in secure database with role-based access controls
  • Regular security audits of our Plaid integration code and practices
  • Immediate token revocation when you disconnect bank accounts
  • Your bank login credentials are never seen or stored by Zenager - only Plaid handles them

6. Your Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data
  • Portability: Request transfer of your data to another service
  • Opt-out: Unsubscribe from marketing communications
  • Revoke Consent: Withdraw consent for data processing

7. How Bank Connections Work

We partner with Plaid to securely connect your bank accounts. Here's exactly how the process works:

7.1 Connecting a Bank Account

  1. You click "Connect Bank Account" in your Zenager dashboard
  2. Plaid Link opens in a secure modal window
  3. You select your bank from Plaid's list of supported institutions
  4. You enter your bank credentials directly with Plaid (not Zenager)
  5. Your bank authenticates your identity (may include 2FA/security questions)
  6. You select which specific accounts to connect (checking, savings, credit cards)
  7. Plaid securely transmits an encrypted access token to Zenager
  8. Zenager uses this token to retrieve your transaction history (typically 90 days)
  9. Your transactions appear in your Zenager dashboard

7.2 What We Do NOT See

  • Your bank username and password: Handled only by Plaid, never by Zenager
  • Your bank security questions: Never transmitted to or stored by Zenager
  • Your multi-factor authentication codes: Used only by Plaid for verification

7.3 Ongoing Synchronization

After initial connection:

  • Plaid monitors your accounts for new transactions (usually daily)
  • When new transactions are available, Plaid sends us a webhook notification
  • Zenager retrieves the new transactions using your encrypted access token
  • Your dashboard updates automatically with the latest data
  • You never need to re-enter credentials unless your bank requires re-authentication

7.4 Your Control

  • Disconnect Anytime: Remove bank connections instantly from account settings
  • Select Accounts: Choose which accounts to connect (you don't have to connect all)
  • Delete Data: Request deletion of all transaction history at any time
  • Re-authenticate: If Plaid requires re-authentication, you'll be prompted securely

8. Data Retention

We retain your personal and financial information only as long as necessary to provide our services and comply with legal obligations.

8.1 Active Accounts

  • Transaction Data: Retained while your account is active to provide historical analysis and trends
  • Plaid Access Tokens: Valid until you disconnect the bank account or Plaid requires re-authentication
  • Account Balances: Updated daily while bank accounts remain connected
  • Zenager Pulse Scores: Historical scores retained to show progress over time
  • User Preferences: Saved categories, budgets, and settings retained while account is active

8.2 Account Deletion

  • Complete Deletion Timeline: All personal and financial data permanently deleted within 30 days of account deletion request
  • Plaid Access Tokens: Revoked immediately upon account deletion (within minutes)
  • Transaction History: Permanently erased from all databases and backups within 30 days
  • Anonymized Statistics: Aggregated, non-identifiable usage data may be retained for service improvement
  • Legal Holds: Data subject to legal proceedings may be retained as required by law

8.3 Bank Account Disconnection (Without Full Account Deletion)

  • Plaid Access Token: Revoked immediately (you can reconnect later if desired)
  • Historical Transaction Data: Retained by default to preserve your financial history
  • Delete Specific Data: You can manually delete individual transactions or entire account history
  • Re-connection: If you reconnect the same account, historical data will still be available

8.4 Inactive Accounts

  • Definition: Accounts with no login activity for 24 consecutive months
  • Notification: We'll email you 90 days and 30 days before account deletion
  • Automatic Deletion: After 24 months of inactivity (with advance notice), accounts and data are deleted
  • Reactivation: Log in anytime before deletion to keep your account active

8.5 Backup Retention

  • Encrypted Backups: Daily backups retained for disaster recovery (encrypted at rest)
  • Backup Retention Period: Backups retained for 90 days, then permanently deleted
  • Deletion from Backups: When you delete your account, data is purged from active backups within 30 days

9. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@zenager.com
Address: M21 Ventures LLC, Privacy Officer
Website: https://zenager.com/contact