Zanaby Noria
Back

Privacy Policy

Last updated: 7 June 2026

This Privacy Policy explains how Zana, operated by Noria Technologies LTD (“Noria”, “we”, “us”), collects, uses, and protects personal data when you use our invoicing, payment-collection, payout, customer-messaging, and utility-billing platform (the “Service”). It should be read together with our Terms of Service.

1. Our roles

  • Your account and workspace data (the people who sign in and administer a workspace): we act as the controller.
  • Your customers’ data that you load into the Service to invoice, message, and bill (the “Customer Data”): we act as a processor on your behalf. You are the controller and are responsible for having a lawful basis and the necessary notices to process it.

2. Data we collect

  • Account data - name, email, and authentication identifiers (we use one-time email codes and Google sign-in; we do not store passwords).
  • Workspace data - company profile, logo, invoicing defaults, and (encrypted) payment-provider credentials you configure.
  • Customer & transaction data - customers, invoices, line items, payments, and payment references you create or that providers return (e.g. payment receipt numbers, phone numbers used to request a payment, provider references, amounts).
  • Contact & messaging data - contacts you load for messaging (names, phone numbers, emails, group membership), message templates and content, delivery status returned by messaging providers, inbound replies, and opt-out records.
  • Utility billing data - service accounts, meter numbers and readings, and service addresses you record for metered billing.
  • Disbursement data - details of payout recipients you enter (e.g. recipient name, phone number, or bank/till/paybill number) and the references providers return for a payout.
  • Usage & technical data - log entries, IP address, request metadata, and aggregate metrics used for security, rate-limiting, and reliability.
  • Cookies - a single secure, httpOnly session cookie to keep you signed in.

We do not store full card numbers, CVVs, or mobile-money PINs - those are handled by the payment providers, never by us.

3. How we use data

  • to provide, operate, and secure the Service;
  • to process and reconcile payments and send transactional emails (one-time codes, invoices, receipts, invitations, renewal reminders);
  • to deliver the SMS, WhatsApp, and email messages you compose, at your direction, and to record their delivery status and opt-outs;
  • to enforce plan limits and bill your subscription;
  • to detect, prevent, and investigate abuse, fraud, and security incidents;
  • to comply with legal obligations and enforce our Terms.

Where data-protection law applies, we rely on: performance of a contract (to provide the Service), legitimate interests (security, reliability, product improvement), consent (where required), and compliance with legal obligations.

5. Sub-processors

We use trusted third parties to run the Service. Each processes data only as needed to perform its function:

Sub-processor categoryPurpose
Mobile-money payment providersCollecting mobile-money payments and sending payouts
Card and bank payment providersCard and bank payment processing and subscription billing
Messaging providers (SMS and WhatsApp)Delivering messages you send and returning delivery status

We also engage infrastructure providers for hosting, data storage, email delivery, and error monitoring. A current list of these sub-processors is available on request at privacy@norialabs.com.

Your configured payment providers receive the data necessary to process a given transaction.

6. Sharing and disclosure

We do not sell personal data. We share data only with the sub-processors above, at your direction, or where required by law or to protect our rights, users, or the public. If we are involved in a merger or acquisition, data may transfer subject to this Policy.

7. International transfers

Where data is processed outside your country, we take steps to ensure an adequate level of protection consistent with applicable law.

8. Retention

We retain account and Customer Data for as long as your workspace is active and as needed to provide the Service, then delete or anonymize it in line with our retention practices, unless a longer period is required by law (for example, financial-record obligations). You can delete your workspace at any time, which permanently removes its data.

9. Security

We apply industry-standard safeguards, including encryption in transit (TLS), encryption at rest for stored payment-provider credentials, strict per-workspace data isolation enforced at the database (row-level security), scoped access roles, and rate limiting. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to incidents.

10. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing.

  • Export - workspace owners/admins can download all workspace data from Settings → Export.
  • Deletion - workspace owners can permanently delete the workspace and its data from Settings → Danger zone.
  • For requests about your individual account data, contact us using the details below. If we process data on behalf of a Merchant (as a processor), please direct your request to that Merchant.

11. Cookies

We use a strictly necessary session cookie for authentication. We do not use third-party advertising or tracking cookies.

12. Children

The Service is not directed to children under 18, and we do not knowingly collect their personal data.

13. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, for material changes, provide reasonable notice.

14. Contact

Privacy questions or requests: privacy@norialabs.com.