Privacy Policy
رازداری کی پالیسی
ZehnOra is committed to protecting your personal data in accordance with Pakistan's Personal Data Protection Act (PDPA) and international best practices.
Effective: 1 March 2026 · Data Controller: ZehnOra (Pvt) Ltd, Pakistan
1. Who We Are
ہم کون ہیں
ZehnOra is Pakistan's first AI-powered mental health platform. Our registered address is in Pakistan. As your data controller, we are responsible for all personal data you provide when using our platform.
Contact: privacy@zehnora.pk · Data Protection Officer: ZehnOra Legal Team
2. What We Collect
ہم کیا جمع کرتے ہیں
We collect only what is necessary to provide our services:
- Identity data: name, email address, phone number
- Profile data: age, city, country, profile picture (optional)
- Health data: journal entries, mood logs, session notes, homework tasks
- Communication data: therapy chat messages, direct messages with practitioners
- Usage data: login timestamps, IP addresses, audit events
- Payment data: subscription tier, transaction status (card numbers handled by Safepay only — never stored by us)
- Consent records: when and what you consented to, version, IP
We do not sell your data to advertisers or third parties. Ever.
3. How We Use AI
ہم AI کیسے استعمال کرتے ہیں
ZehnOra uses its proprietary AI engine (ZehnOra AI) for AI-powered features:
- Journal analysis: entry text is sent to OpenAI's API only when you explicitly consent. OpenAI's enterprise DPA ensures your data is never used to train their models.
- AI Companion (Zara): conversation context is stored in our database, encrypted at rest with AES-256.
- Crisis detection: if AI detects high-risk language, a risk flag is created for admin review. Your safety takes priority.
- All AI features can be disabled in Settings → Privacy & Consent.
4. Security & Encryption
سیکیورٹی اور انکرپشن
- Sensitive fields (journals, session notes, messages) encrypted at rest with AES-256-GCM
- All traffic over TLS 1.3 (HTTPS only)
- Passwords hashed with bcrypt (cost factor 12) — never stored in plaintext
- Session tokens are signed JWTs with revocation support
- Two-factor authentication (TOTP) available for all accounts
- All authentication events logged in an immutable audit trail
6. Your Rights Under PDPA
PDPA کے تحت آپ کے حقوق
Request a copy of all personal data ZehnOra holds about you at any time.
آپ کسی بھی وقت اپنا ڈیٹا مانگ سکتے ہیں۔
Download all your data in structured JSON format from Settings → Privacy.
آپ اپنا ڈیٹا JSON فارمیٹ میں برآمد کر سکتے ہیں۔
Request deletion — PII anonymised immediately; all data hard-deleted after 30-day grace period.
۳۰ دن کی مہلت کے بعد تمام ڈیٹا مکمل حذف ہو جائے گا۔
Update your personal information at any time from your profile settings.
آپ اپنی معلومات کو کسی بھی وقت درست کر سکتے ہیں۔
Withdraw any optional consent (AI insights, AI companion memory, marketing) at any time from Settings → Privacy & Consent.
آپ اختیاری رضامندی کسی بھی وقت واپس لے سکتے ہیں۔
To exercise any right, visit Settings → Privacy & Data in the app, or email us at privacy@zehnora.pk. We respond within 30 days.
7. Data Retention
ڈیٹا رکھنے کی مدت
- Active account data: retained while your account is active
- Journal entries: until you delete them or close your account
- Session notes: 7 years per Pakistan PMDC guidelines
- Audit logs: 3 years for security and legal compliance
- Consent records: permanently (immutable legal audit trail)
- Deleted accounts: all PII purged within 30 days of deletion request
8. Children & Minors
بچے اور نابالغ
ZehnOra is not intended for users under 18. If you believe a minor has created an account, contact privacy@zehnora.pk immediately.
9. Contact Us
ہم سے رابطہ کریں
- Email: privacy@zehnora.pk
- Response time: within 30 days
- Data Controller: ZehnOra (Pvt) Ltd, Pakistan
You have the right to lodge a complaint with the Pakistan Telecom Authority (PTA) as the designated PDPA supervisory authority.
ZehnOra Privacy Policy · Version 1.0 · Effective 1 March 2026
زیہنورا رازداری پالیسی · ورژن ۱.۰ · یکم مارچ ۲۰۲۶ سے نافذ