Legal

Privacy Policy

Last updated: 17 March 2026 · Effective: 17 March 2026

Contents

  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Data Sharing
  5. Data Residency & Storage
  6. Cookies
  7. GDPR & TDRA
  8. Your Rights
  9. Security
  10. Contact Us

1. Who We Are

Zena is a WhatsApp Business platform developed and operated by Fictoralabs FZ LLC, a company registered in the United Arab Emirates ("we", "us", "our"). Our website is fictoralabs.ae and the Zena platform is accessible at zena.fictoralabs.ae.

For privacy-related enquiries, contact us at hello@fictoralabs.ae.

2. Data We Collect

Account Data

When you register for Zena, we collect your name, email address, company name, and password (stored as a bcrypt hash — never in plain text).

WhatsApp Business Data

To connect your WhatsApp Business account, we store your Meta Phone Number ID, WABA ID, and access token (encrypted using AES-256-CBC). We do not store your personal WhatsApp messages outside of the platform's conversation history feature.

Conversation & Contact Data

Zena stores WhatsApp conversation history, contact names, and phone numbers (wa_id) on your behalf. This data belongs to you and is scoped to your tenant. You can delete it at any time.

Lead Data

Lead forms and captured lead data (name, email, phone, etc.) are stored in your Zena account. All PII (personally identifiable information) is encrypted at rest using AES-256-CBC.

Usage Data

We collect basic platform usage metrics (message counts, AI reply counts) for billing and analytics purposes. We do not sell this data.

Payment Data

Payments are processed by Stripe. We do not store credit card numbers. Stripe is PCI DSS compliant. We store only your Stripe customer ID and subscription status.

3. How We Use Your Data

  • To provide and operate the Zena platform
  • To process payments and manage subscriptions
  • To send transactional emails (account invites, password resets)
  • To provide customer support
  • To improve the platform based on aggregate usage analytics
  • To comply with legal obligations

We do not use your data for advertising. We do not sell your data to third parties.

4. Data Sharing

We share data only with the following service providers, strictly for platform operation:

  • Meta (WhatsApp Cloud API) — to send and receive WhatsApp messages on your behalf
  • Stripe — payment processing
  • OpenAI / Google Gemini — AI replies (using your own API key, sent to your chosen provider)
  • Google — Google Sheets integration (optional, OAuth-authorised by you)

We do not share data with advertisers, data brokers, or any third party for commercial purposes.

5. Data Residency & Storage

All Zena platform data — including your account data, conversation history, contacts, and leads — is stored on servers located in the UAE region. We do not transfer your data outside the UAE except as required to operate the services listed in Section 4 (Meta, Stripe, OpenAI/Gemini APIs).

Zena is compliant with the UAE's Telecommunications and Digital Government Regulatory Authority (TDRA) data protection requirements.

6. Cookies

The Zena landing page (zena.fictoralabs.ae) uses minimal cookies:

  • Strictly necessary cookies: Session management for the dashboard application
  • CSRF cookie: A __Host-csrf cookie for security (double-submit CSRF protection)

We do not use advertising cookies, tracking pixels, or third-party analytics cookies on the platform. The landing page may use Google Fonts (loaded via Google's CDN). You can block this via your browser settings.

7. GDPR & TDRA Compliance

For users in the European Economic Area (EEA) or UK, Fictoralabs acts as a data processor when you use Zena to communicate with your customers. You are the data controller for your customers' WhatsApp data. Our Terms of Service include standard data processing clauses.

For UAE users, Fictoralabs complies with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and TDRA regulations. Data is stored in-country and processed lawfully.

8. Your Rights

You have the right to:

  • Access your personal data held by us
  • Correct inaccurate data via your account settings
  • Delete your account and all associated data — contact hello@fictoralabs.ae
  • Export your contact and lead data from the dashboard
  • Withdraw consent for non-essential data processing

To exercise any of these rights, email hello@fictoralabs.ae. We will respond within 30 days.

9. Security

Zena uses industry-standard security measures:

  • All passwords hashed with bcrypt (12 rounds)
  • All PII encrypted at rest with AES-256-CBC
  • JWT RS256 authentication with 15-minute access tokens
  • CSRF protection on all state-changing requests
  • TLS/HTTPS enforced on all endpoints via Traefik
  • Redis-based rate limiting and account lockout
  • Webhook signatures verified with HMAC-SHA256

If you discover a security vulnerability, please report it responsibly to hello@fictoralabs.ae.

10. Contact Us

For privacy questions, data requests, or complaints:

We aim to respond to all privacy enquiries within 5 business days.