Privacy Notice

Last updated: June 26, 2026

This Privacy Notice explains how Morningstar Group (“we”, “us”, “our”) collects, uses, shares, and protects personal data in connection with the Zentric CRM platform (the “Service”). Morningstar Group is the data controller responsible for personal data processed about visitors to our website and users of the Service. Personal data of the contacts, leads, and customers that you import into Zentric is processed by us on your behalf, and you remain the controller of that data.

1. Personal data we collect

  • Account data — name, work email, password (stored hashed), workspace name, and role.
  • Profile and communication data — messages you send to support, fit-call form submissions, and feedback you provide.
  • Usage and telemetry — pages visited, features used, errors encountered, approximate location, device identifiers, browser type, and IP address.
  • Customer Data — contacts, deals, tasks, notes, and other CRM records you create or upload. We process this on your instructions.
  • Cookies and similar technologies — see “Cookies” below.

Payment-card details are collected directly by our payment provider, Paddle. We do not see or store full card numbers.

2. How we use personal data

  • To create and operate your account and provide the Service;
  • To respond to enquiries and provide customer support;
  • To secure the Service and prevent fraud, abuse, and unauthorised access;
  • To improve features, fix bugs, and develop new functionality;
  • To send service announcements and, where permitted, marketing about Zentric;
  • To comply with legal obligations and enforce our Terms.

3. Legal bases

Where the GDPR or equivalent law applies, we rely on the following legal bases: performance of a contract (to provide the Service you signed up for); our legitimate interests (to secure, improve, and market the Service in a balanced way); your consent (for optional analytics, marketing cookies, and marketing emails where required); and compliance with legal obligations.

4. How we share personal data

  • Service providers / subprocessors we rely on to run the Service, including cloud hosting, database, email delivery, error monitoring, and product analytics providers, under written contracts requiring confidentiality and appropriate security.
  • Paddle, our Merchant of Record, for processing payments, managing subscriptions, calculating and remitting taxes, and issuing invoices and refunds. Paddle acts as an independent controller for that activity under its own privacy notice.
  • Professional advisers (legal, accounting, insurers) where necessary for the operation of our business.
  • Authorities where we are required by law, regulation, court order, or to protect our rights, your safety, or the safety of others.
  • Corporate transactions — in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

We do not sell personal data.

5. International transfers

Some of our subprocessors are located outside the UK and the EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an adequacy decision recognised by the relevant authority.

6. Retention

We keep personal data only as long as needed for the purposes described above. In practice: account and Customer Data are retained while your workspace is active and for a limited grace period after termination so you can export records; invoicing and tax records are retained for the period required by law (typically 6–10 years); support correspondence is retained for up to 3 years; logs and telemetry are retained for up to 12 months. After these periods data is deleted or anonymised.

7. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or object to the processing of your personal data, the right to data portability, the right to withdraw consent, and the right to lodge a complaint with your local data-protection authority. We aim to respond to verified requests within one month. You can exercise these rights by emailing privacy@zentriccrm.com.

8. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls based on least privilege, audit logging on sensitive systems, regular dependency updates, and isolated per-workspace data access enforced at the database layer.

9. Cookies

Zentric uses strictly necessary cookies to keep you signed in and to remember your workspace preferences. We may also use analytics cookies to understand how the Service is used, and these are set only with your consent where required. You can manage cookies through your browser settings.

10. Changes to this Notice

We may update this Notice from time to time. Material changes will be communicated through the Service or by email.

11. Contact us

For any privacy question, contact Morningstar Group at privacy@zentriccrm.com.