Privacy Policy

1. Who we are

CleanZuno is a field-service management platform operated by Zuno Smart Labs Limited (“we”, “us”, “our”), a company registered in New Zealand. This policy explains how we collect, use, store, and protect personal information when you use our platform at cleanzuno.com and related services.

We comply with the New Zealand Privacy Act 2020 and, where we carry on business in Australia, the Australian Privacy Act 1988 (Cth) including the Australian Privacy Principles (APPs).

2. Information we collect

We collect the following categories of personal information:

• Account information — name, email address, phone number, and company affiliation provided during registration.
• Work activity data — check-in/check-out times, site locations, task completion records, and shift durations.
• Communication data — WhatsApp phone numbers and message delivery metadata when notifications are enabled.
• Notification delivery data — message delivery status, timestamps, and notification type stored when WhatsApp messages are sent.
• Photo verification data — photographs uploaded to verify task completion or site conditions. These images are not used for biometric identification.
• Device and usage data — browser type, IP address, and anonymised analytics collected via Vercel Analytics.

3. How we use your information

We use personal information to:

• Provide and operate the CleanZuno platform.
• Authenticate your identity and secure your account.
• Send operational notifications (e.g. shift summaries, schedule changes) via the WhatsApp Business Cloud API or other enabled channels.
• Send you promotional communications where you have opted in (see “Direct marketing” below).
• Suggest scheduling optimisations through automated logic.
• Improve our services through anonymised usage analytics.
• Comply with legal obligations.

4. WhatsApp messaging consent

We use the WhatsApp Business Cloud API to send you operational notifications related to your work on the CleanZuno platform (e.g. shift summaries, schedule changes). We never send marketing or promotional messages via WhatsApp.

• Opt-in — you consent to receive WhatsApp notifications during onboarding or by enabling them in your notification preferences within your profile settings.
• Opt-out — you can disable WhatsApp notifications at any time via your notification preferences, or by emailing privacy@zunosmartlabs.com. We will stop sending messages within 24 hours of your request.

5. Direct marketing

We may send you promotional emails about CleanZuno features, updates, or offers. We will only do so where you have opted in or where we have an existing business relationship with you and the communication relates to similar services.

Every marketing email includes an unsubscribe link. You can also opt out at any time by emailing privacy@zunosmartlabs.com. We will action your request within 5 business days.

We do not send marketing or promotional messages via WhatsApp (see section 4 above).

6. Third-party services

We share data with the following service providers, solely to operate the platform:

• Supabase — database hosting and authentication (hosted in Sydney, Australia).
• Vercel — application hosting and analytics (edge network with nodes in Australia; corporate infrastructure in the United States).
• Meta (WhatsApp Business Cloud API) — Meta acts as a data processor for message delivery via the WhatsApp Business Cloud API. Phone numbers and message content are transmitted to Meta’s servers solely for delivery. Meta processes this data in accordance with the WhatsApp Business Policy.
• Sentry — error monitoring (no personal data is intentionally sent; errors may contain request metadata).

We do not sell your personal information to any third party.

We do not share information received from one user’s WhatsApp conversation with any other user or third party.

Where personal information is transferred to service providers outside Australia or New Zealand, we take reasonable steps to ensure those recipients handle it in accordance with the Australian Privacy Principles and the New Zealand Privacy Act 2020. We remain accountable for information disclosed to overseas recipients.

7. Data retention

We retain your personal information for as long as your account is active or as needed to provide services. Work activity records are retained for the duration required by your employer’s record-keeping obligations. You may request deletion of your account and associated data at any time (see “Your rights” below).

Notification delivery logs are retained for 12 months for troubleshooting and audit purposes, then automatically deleted.

8. Data security

We use industry-standard security measures including encrypted connections (TLS), row-level database security policies, and secure authentication flows. Access to personal data is restricted to authorised personnel and governed by role-based permissions.

9. Data breach notification

If we become aware of a data breach that is likely to result in serious harm, we will:

• Assess the breach within 30 calendar days of becoming aware of it.
• Notify the Office of the Australian Information Commissioner (OAIC) and/or the New Zealand Privacy Commissioner, as applicable, as soon as practicable.
• Notify affected individuals directly, including a description of the breach, the kinds of information involved, and recommended steps you should take.

This process complies with the Australian Notifiable Data Breaches scheme and the New Zealand Privacy Act 2020 breach notification requirements.

10. Your rights

Under the New Zealand Privacy Act 2020 and the Australian Privacy Act 1988, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your personal information.
• Request a copy of your data in a portable format.
• Opt out of direct marketing communications at any time.
• Withdraw consent for optional communications (e.g. WhatsApp notifications).

To exercise any of these rights, email privacy@zunosmartlabs.com describing your request. We will respond within 30 days.

Complaints. If you are not satisfied with our response, you may lodge a complaint with:

• The Office of the New Zealand Privacy Commissioner.
• The Office of the Australian Information Commissioner (OAIC), GPO Box 5218, Sydney NSW 2001.

11. Cookies

We use essential cookies for authentication and session management. We use Vercel Analytics for anonymised usage data — no advertising or tracking cookies are used.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the platform. The “last updated” date at the top reflects the most recent revision.

13. Children’s data

CleanZuno is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

14. Automated decision-making

CleanZuno uses automated logic to suggest scheduling optimisations such as shift allocation and route suggestions. These suggestions are presented to business administrators for review and are not applied without human approval.

No automated decision is made that produces legal effects or similarly significant effects on individuals without human oversight.

15. Contact

If you have questions about this privacy policy or your personal data, contact us at:

Zuno Smart Labs Limited
Data Protection Officer: Sethu V George
Email: privacy@zunosmartlabs.com