1. DATA CONTROLLER

The controller responsible for the collection and processing of your personal data through the ZEN Reminder Platform is the owner and legal holder of the platform (hereinafter referred to as the "Controller").

For any questions, requests, or the exercise of rights provided by the GDPR, you can contact us directly via the electronic form in the "Contact" section available on the official website zenreminder.com.

2. PERSONAL DATA WE COLLECT

In order to provide the ZEN Reminder Service and to ensure the functioning of Alerts, we collect the following categories of data:

• Identification and authentication data: Name, email address, and access credentials (encrypted password) necessary for creating and securing your Account. In the case of authentication through third parties (Google or Apple), we receive the unique identifier provided by those platforms.
• Reminder Content (Input Data): Written texts, notes, alert titles, and labels that you manually enter into the application to configure your memos.
• Audio Data / Voice Recordings: Audio fragments and voice commands recorded through the device's microphone when you use the dictation or voice command function to generate a Reminder.
• Geolocation Data (Geofencing): Exact geographic coordinates (GPS data, network) of your mobile device, as well as the set perimeters (for example, the coordinates of the Dedeman store), necessary for triggering Location Alerts.
• Technical and Connection Data: IP address, device type, operating system version (Android/iOS), unique device identifier (Device ID) for sending push notifications, and server logs (the times at which the application queries the server).
• Billing Data (if applicable): In the case of purchasing a Subscription, third-party processors (Google Play, Apple App Store) may transmit payment confirmation and billing data to us, but ZEN Reminder DOES NOT collect and DOES NOT store your bank card data.

3. PURPOSES AND LEGAL GROUNDS FOR PROCESSING

We process your data exclusively based on the following legal grounds and for the specific purposes mentioned:

• Performance of a contract (Art. 6 para. 1 lit. b of the GDPR): Necessary to provide you with the ZEN Reminder functionalities, to run the verification cron job every 10 seconds on the server, and to send the Alert to your device.
• Your consent (Art. 6 para. 1 lit. a of the GDPR): Explicitly requested through the operating system permissions for: location access (including in the background), microphone use for voice commands, and sending push notifications.
• The Controller's legitimate interest (Art. 6 para. 1 lit. f of the GDPR): To secure servers against fraud or cyber attacks, optimize application performance, and fix technical bugs.
• Compliance with legal obligations (Art. 6 para. 1 lit. c of the GDPR): Retention of financial/fiscal data in case of transactions, according to applicable laws.

4. CRITICAL CLAUSE: BACKGROUND LOCATION ACCESS

In order for the “Location Alarms” function to work correctly (for example, to remind you to buy a light bulb when you arrive at IKEA), the ZEN Reminder app requires the collection and monitoring of your geolocation data even when the app is closed, running in the background, or the phone screen is locked.

This data is securely transmitted to our servers to evaluate whether the device's position coincides with the perimeter set in the Reminder. You can activate or revoke this permission at any time from your phone's operating system settings, but disabling it will make the operation of Location Alarms impossible.

5. DATA PROCESSING THROUGH ARTIFICIAL INTELLIGENCE (AI)

The platform uses Artificial Intelligence (AI) systems to automate the extraction of logical data from User Content.

• When you enter text or transmit a voice command, that data (audio or text) is processed by AI algorithms to understand the intent (e.g., automatic extraction of date, time, or location).
• Data transmitted to AI modules is anonymized or pseudonymized to the extent of technical possibilities and is not used by third-party AI providers for training public language models, being protected by strict confidentiality agreements.

6. DATA RECIPIENTS

We do not sell, rent, or trade your personal data. In order to technically run the Service, data may be shared exclusively with the following service providers (sub-processors), within the strict limits of operational necessity:

• Cloud Infrastructure and Hosting Providers: Secure servers where the application database is stored and where cron jobs run.
• Google FCM (Firebase Cloud Messaging): Used as a third-party service for sending push notifications to Android and iOS devices, for the purpose of waking the application and triggering the Alarm.
• AI and Voice Recognition Service Providers: Authorized third-party entities that process voice or text for the automatic structuring of Reminders.
• Payment Processors: Google Play Store and Apple App Store, for the exclusive purpose of validating your Subscription status.
• Public Authorities: Law enforcement institutions or courts of law, only based on a strict legal obligation or an official warrant.

7. PARTICULAR DATA: ALARMS FOR THIRD PARTIES OR COMMON ALARMS

If you use the "Third-Party Alarms" or "Common Alarms" function and enter identification data (such as name, email, or work tasks) of other natural persons into the platform to send them notifications on their devices:

You act as an independent data controller, and ZEN Reminder is only a technical processor. You have the absolute legal obligation to obtain the prior and informed consent of those persons before entering their data into the system. The ZEN Reminder operator is completely exonerated from any liability if you enter the data of third parties without authorization.

8. INTERNATIONAL DATA TRANSFERS

As a general rule, your data is stored on servers located within the European Economic Area (EEA). In the event that certain technical providers (such as Google push services or certain AI modules) process data on servers outside the EEA (for example, in the USA), these transfers are secured through the use of Standard Contractual Clauses (SCC) approved by the European Commission, guaranteeing an equivalent level of protection.

9. DATA RETENTION PERIOD

We keep your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account Data and active texts/Reminders are kept for the entire lifespan of your Account.
• If you delete a Reminder, it is immediately removed from the server's active database.
• In the event of an Account deletion request, all associated personal data is permanently deleted within a maximum of 30 days, except for logical data that must be kept due to legal or tax obligations (e.g., subscription invoice history).

10. SECURITY OF YOUR DATA

The Controller implements rigorous technical and organizational measures to prevent accidental loss, unauthorized use, access, modification, or disclosure of your data.

All connections between the application, website, and server are encrypted using secure protocols (HTTPS / SSL). Passwords are saved in hashed encrypted form, and databases are subject to strict access controls. However, no transmission over the internet is 100% secure, which is why we recommend that you carefully protect your Account credentials.

11. YOUR RIGHTS UNDER GDPR

As a data subject, you benefit from a series of fundamental rights that you can exercise free of charge by sending us a request through the "Contact" section:

• Right of access (Art. 15 GDPR): The right to obtain confirmation that we are processing your data and to receive a copy thereof.
• Right to rectification (Art. 16 GDPR): The right to request the correction of inaccurate data or the completion of incomplete data in the Account.
• Right to erasure / "Right to be forgotten" (Art. 17 GDPR): The right to request the permanent deletion of the Account and all associated Reminders from our servers.
• Right to restriction of processing (Art. 18 GDPR): The right to ask us to temporarily block the processing of data in certain specific cases.
• Right to data portability (Art. 20 GDPR): The right to receive your data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR): The right to object to processing based on the legitimate interest of the Controller.
• Right to withdraw consent: You can withdraw granted permissions (location, microphone, notifications) at any time directly from the mobile device's operating system settings. Withdrawal does not affect the lawfulness of processing carried out before that moment.

Additionally, you have the legal right to lodge a complaint with a data protection supervisory authority (such as ANSPDCP in Romania) if you believe that the processing of your data violates GDPR provisions.

12. CHANGES TO THE PRIVACY POLICY

We may periodically update this Privacy Policy to reflect changes in how we process data or technical developments of the application. Any changes will be published on this page (zenreminder.com/gdpr.php) and will take effect immediately. We recommend regular consultation of this section.