Privacy Policy

Effective Date: June 10, 2026

Safari Group Trading FZCO ("we," "our," or "us"), registered at IFZA Business Park, DDP, P.O. Box 342001, Dubai, United Arab Emirates, operates the Zehn mobile application and website ("App" / "Services"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over it.

We do not sell, rent, or share your personal data with any third party for advertising or marketing purposes — ever.

1. Data We Collect & Why

We collect only what is necessary to provide and improve the App:

Account data (linked to identity): Name and email address when you register. If you use Sign in with Apple, we receive only what Apple provides (you may hide your real email using Apple's relay). We do not receive your password.
Purchase & subscription data (linked to identity): Your active subscription tier and purchase history (not payment card details — those are handled entirely by Apple or Google).
App usage data (linked to identity): Listening progress, bookmarks, completed books, reading streaks, goals, and in-app preferences — to sync your experience across devices.
Ask AI interactions (linked to identity): Your questions and the AI responses generated for you, stored to maintain conversation context and improve our AI models. See Section 6 for retention details.
Book Club content (visible to other users): Posts, comments, and reactions you submit in the Book Club feature are stored on our servers and are visible to other registered users of the App. Do not post content you wish to keep private.
Device & diagnostics data (not linked to identity): Device model, OS version, crash logs, and anonymized performance metrics to maintain App stability. This data is aggregated and cannot identify you.

We do not collect: precise GPS location, contacts, photos or camera access, microphone (beyond playback), health data, or financial account details.

2. App Tracking Transparency (iOS)

We do not track you across third-party apps or websites for advertising. Zehn does not use Apple's IDFA (Identifier for Advertisers) and does not request ATT (App Tracking Transparency) permission. All analytics are first-party and aggregated, used only to improve the App.

3. Legal Basis for Processing (GDPR — EU/EEA Users)

If you are in the European Economic Area, we process your personal data on the following legal bases under GDPR Article 6:

Contract performance (Art. 6(1)(b)): Account data, subscription data, and usage data are necessary to provide the services you signed up for.
Legitimate interests (Art. 6(1)(f)): Diagnostics and aggregated analytics, used to maintain App security and performance. We have assessed that these interests are not overridden by your rights.
Legal obligation (Art. 6(1)(c)): We may retain certain data to comply with applicable laws (e.g., financial record-keeping).
Consent (Art. 6(1)(a)): Marketing communications (where applicable). You may withdraw consent at any time.

4. How We Use Your Data

We use your data exclusively to:

Provide, personalize, and sync the App's features (listening, Ask AI, Book Club, goals)
Manage your account, subscription, and purchase entitlements
Operate content moderation for the Book Club
Respond to support requests and investigate abuse reports
Diagnose technical issues and improve App performance
Send transactional notices (receipts, security alerts, account changes)
Comply with applicable legal obligations

We do not use your data for targeted advertising, behavioral profiling for third parties, or any purpose not listed above.

5. Third-Party Service Providers

We share limited data with the following trusted service providers who act as data processors on our behalf. They may only use your data as we direct and are contractually bound to protect it:

Apple Inc. / Google LLC: Handle in-app payment processing and subscription management. Their use of your payment data is governed by their own privacy policies. We receive only transaction confirmation — never your card details.
Cloud infrastructure provider: We use secure cloud hosting to store app data. Servers are located in [region — update with your actual hosting region, e.g., EU/US]. Data is encrypted at rest and in transit.
Google Analytics (GA4) — website only: Used on thezehnapp.com (not inside the App) to understand web traffic. You may opt out via Google's opt-out tool.
Cookiebot — website only: Manages cookie consent on our website in compliance with GDPR and ePrivacy Directive.

We do not use advertising SDKs, third-party analytics inside the App, or data brokers.

6. Data Retention Schedule

We keep your data only as long as necessary:

Account & subscription data: For the life of your account, plus up to 30 days after deletion to process the request, except where legal retention obligations apply (e.g., transaction records: 7 years for UAE financial law compliance).
Usage data & preferences: For the life of your account; deleted within 30 days of account deletion.
Ask AI conversation history: Retained for up to 12 months to maintain context, then automatically purged. You can clear your conversation history in-app at any time.
Book Club posts: Retained until you delete them or your account is deleted. Moderation-removed content is purged from public view immediately but may be retained in logs for up to 90 days for abuse investigation.
Crash logs & diagnostics: Anonymized; retained for up to 90 days.
Support correspondence: Retained for up to 3 years to maintain a history of resolved issues.

7. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We disclose data only in these limited circumstances:

Legal process: When required by law, court order, or valid governmental request. We will notify you where legally permitted before complying.
Safety: To prevent imminent harm to you, other users, or the public.
Enforcement: To enforce our Terms of Service or protect our legal rights and property.
Business transfer: If Safari Group Trading FZCO is involved in a merger, acquisition, or asset sale, your data may be transferred. We will notify you via email and/or in-app notice at least 30 days before your data becomes subject to a different privacy policy, and you may delete your account before the transfer takes effect.

8. International Data Transfers

We are based in the UAE and your data may be processed on servers located outside your country of residence. For users in the EU/EEA: when we transfer personal data to countries not recognized as providing adequate protection by the European Commission, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) adopted by the European Commission. You may request a copy of the applicable transfer mechanism by contacting us at contact@safarigrp.com.

9. Data Security

We implement industry-standard technical and organizational security measures:

TLS 1.2+ encryption for all data in transit
AES-256 encryption for data at rest
Access controls: production data access is restricted to authorized personnel on a need-to-know basis
Regular security reviews and vulnerability assessments

No system is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and applicable authorities as required by law (within 72 hours under GDPR).

10. Your Rights

Regardless of where you live, you have the following rights over your data:

Access: Request a copy of the personal data we hold about you
Deletion ("right to be forgotten"): Request deletion of your account and all associated data. Use our account deletion page or email us.
Correction: Correct inaccurate personal data through your account settings or by contacting us
Portability: Receive your data in a structured, machine-readable format
Objection / Restriction: Object to or request restriction of certain types of processing
Withdraw consent: Withdraw any consent-based processing at any time without affecting prior processing

California residents (CCPA/CPRA): You have the right to know what personal information we collect, to delete it, to correct it, and to opt out of its sale. We do not sell your personal information. You also have the right not to receive discriminatory treatment for exercising your privacy rights.

EU/EEA residents (GDPR): You have all rights listed above and the right to lodge a complaint with your local Data Protection Authority (DPA).

UK residents (UK GDPR): You may contact the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any right, contact us at contact@safarigrp.com. We will respond within 30 days (or within the timeframe required by applicable law).

11. Children's Privacy

Zehn is not directed to children under 13 years of age (or 16 in the EU/EEA). We do not knowingly collect personal information from children under these ages. During registration, we ask users to confirm they meet the minimum age requirement. If we discover we have collected data from an underage user, we will delete it promptly. Parents or guardians may contact us at contact@safarigrp.com.

12. Sign in with Apple

If you use Sign in with Apple: Apple authenticates you and shares your name and email (you may use Apple's Hide My Email relay). We store only what Apple provides and do not receive your Apple ID password. Apple's privacy practices are governed by Apple's Privacy Policy.

13. Cookies & Tracking (Website Only)

Our App does not use cookies. Our website (thezehnapp.com) uses:

Essential cookies: Required for the site to function (session management, consent preferences). Cannot be disabled.
Analytics cookies (Google Analytics GA4): With your consent, we use aggregated, anonymized analytics to improve the website. You may opt out at any time via our cookie consent banner or Google's opt-out tool.

14. Changes to This Policy

We may update this Privacy Policy. For material changes, we will notify you by email or in-app notice at least 14 days before the change takes effect and update the "Effective Date." Continued use after the effective date constitutes acceptance. If you disagree with a change, you may delete your account before it takes effect.

15. Terms of Service

Your use of the App is also governed by our Terms of Service & EULA.

16. Contact & Data Controller

For privacy questions, data requests, or to exercise your rights:

Data Controller: Safari Group Trading FZCO
Email: contact@safarigrp.com
Address: IFZA Business Park, DDP, P.O. Box 342001, Dubai, United Arab Emirates

We aim to respond to all privacy requests within 30 days.