NefruNefru

Legal

Privacy Policy

Last updated: April 28, 2026

1. Who we are

This Privacy Notice describes how Zahed designs ("Zahed designs", "we", "us", or "our"), trading as Nefru, processes personal data in connection with the Nefru studio management platform (the "Service"). Zahed designs acts as the data controller for personal data processed through the Service.

For privacy questions or to exercise your rights, contact us through the support channels available inside the Service.

2. Data we collect

  • Account data: name, email address, password (hashed), profile preferences and authentication identifiers.
  • Studio data you provide: client records, projects, tasks, files, quotations, invoices, finance entries and any other content you upload.
  • Usage and telemetry: device identifiers, IP address, browser type, pages visited, feature interactions, diagnostic logs and error reports.
  • Communications: support messages, feedback and email correspondence.
  • Payment metadata: subscription status, plan, invoice references and transaction identifiers (full payment card data is collected and stored by Paddle, not by us).

3. How we use your data

  • To create and operate your account and provide the Service (contract).
  • To process subscriptions and invoicing through our payment provider (contract).
  • To secure the Service, prevent fraud and abuse (legitimate interests).
  • To improve, debug and develop the Service (legitimate interests).
  • To provide customer support (contract / legitimate interests).
  • To comply with legal obligations (legal obligation).
  • To send service or marketing communications where permitted (consent or legitimate interests).

4. Sharing your data

We share personal data with the following categories of recipients:

  • Service providers / subprocessors: hosting, database, email delivery, analytics, error tracking and customer support tooling.
  • Merchant of Record — Paddle: Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle handles payments, subscription management, tax compliance, invoicing and refund handling, and provides customer service inquiries related to billing.
  • Professional advisers: legal, accounting and compliance advisers under confidentiality.
  • Authorities: where required by law, regulation or legal process.

5. International transfers

Your data may be processed in countries outside your own. Where data leaves the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions where applicable.

6. Data retention

We retain personal data only for as long as necessary for the purposes described above, to comply with our legal obligations, resolve disputes and enforce our agreements. When data is no longer needed, we delete or anonymise it. You can request account deletion at any time from within the Service.

7. Your rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict or port your personal data, to object to processing, and to withdraw consent at any time. UK/EEA users additionally have the right to lodge a complaint with their local supervisory authority. We will respond to verifiable requests within the timeframe required by applicable law (typically within one month).

8. Security

We implement appropriate technical and organisational measures including encryption in transit, access controls, audit logging and routine review of our security practices. No method of transmission or storage is 100% secure, but we work continuously to protect your information.

9. Cookies

We use strictly necessary cookies to operate the Service (for example, keeping you signed in). We may use limited analytics cookies to understand product usage. You can manage cookie preferences through your browser settings.

10. Changes

We may update this Privacy Notice from time to time. Material changes will be communicated through the Service or by email.

← Back to home