Privacy Policy
Last updated: 12 April 2026
Zenvro (“we”, “us”, “our”) is an AI-powered inbox assistant for recruitment agencies, operated by Zenvro Ltd. This policy explains what personal data we collect, why we collect it, and what rights you have.
1. What we collect
- Google account info— your name and email address, received via Google OAuth when you sign in.
- Gmail content— email thread subjects, sender and recipient names and addresses, message body text, and PDF/DOCX attachments. We access this using the Gmail API with the
gmail.modifyscope. - Uploaded files— CV/resume files (PDF, DOCX) that you upload for candidate analysis.
- Usage data— IP addresses, request timestamps, and page visits for security monitoring and abuse prevention. We do not use tracking cookies or third-party analytics.
2. How we use your data
- Email classification & summarisation— we send email content to OpenAI’s API to categorise threads, generate summaries, draft replies, and score candidates. OpenAI processes this data under their API data usage policy, which states that API inputs are not used to train their models.
- Inbox search— when you search, your query and matching thread data are sent to OpenAI to generate a conversational answer.
- Sending replies— when you send a reply via Zenvro, we use the Gmail API to send the message from your account.
- Security— IP addresses and request metadata are logged to detect abuse, rate-limit violations, and unauthorised access attempts.
3. Third-party processors
| Provider | Data shared | Purpose |
|---|---|---|
| Google (Gmail API) | OAuth tokens, email operations | Reading and sending emails |
| OpenAI | Email text, CV text, search queries | AI classification, summarisation, search |
| Supabase | All stored data (hosted PostgreSQL) | Database hosting and authentication |
| Vercel | Request logs (IP, path, timestamp) | Application hosting and logging |
4. Data storage & security
- Your data is stored in a Supabase-managed PostgreSQL database hosted in the EU (AWS eu-west-1).
- Google refresh tokens are encrypted at rest using AES-256-GCM before storage.
- All connections use TLS encryption in transit.
- Access to your data is scoped to your account only — no other user or administrator can view your emails or candidates.
5. Data retention & deletion
- Your email data is retained for as long as your account is active.
- You can delete all your classified threads and candidates at any time from Settings → Danger Zone → Reset Data.
- You can disconnect your Gmail account from Settings → Disconnect, which stops all data collection and disables the sync.
- To fully delete your account and all associated data, email privacy@zenvro.app. We will process deletion requests within 30 days.
6. Your rights (UK & EU GDPR)
If you are in the UK or European Economic Area, you have the right to:
- Access— request a copy of all personal data we hold about you.
- Rectification— ask us to correct inaccurate data.
- Erasure— ask us to delete your data (see Section 5).
- Portability— receive your data in a machine-readable format.
- Objection— object to processing based on legitimate interests.
- Withdraw consent— disconnect your Gmail account or delete your Zenvro account at any time.
To exercise any of these rights, contact privacy@zenvro.app.
7. Legal basis for processing
- Contract performance— processing your email data is necessary to provide the service you signed up for.
- Legitimate interests— security logging and abuse prevention.
- Consent— you grant Gmail access via Google OAuth and can revoke it at any time.
8. Cookies
We use only essential cookies required for the service to function:
- Supabase session cookies— maintain your login session. Strictly necessary, no consent required.
- zenvro_onboarded— a preference cookie that remembers whether you’ve dismissed the welcome banner. Expires after 1 year.
We do not use analytics, advertising, or tracking cookies.
9. Children
Zenvro is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.
10. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. The “last updated” date at the top reflects the most recent revision.
11. Contact
Zenvro Ltd
Email: privacy@zenvro.app