Beta Version -We’re Improving Daily!

Sign In
Sign Up
Get Started

StatementZen - Privacy Policy

Last Updated: 19th September 2025

At StatementZen (”we”, “us”, or “our”), we value your privacy and are committed to protecting your personal information. This Privacy Policy (also referred to as our Privacy Notice) explains how we collect, use, share, and protect your personal data when you use our website, services, and any related applications (collectively, the “Services”). It also outlines your rights under various privacy laws. We comply with applicable data protection regulations, including the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Brazil’s Lei Geral de Proteção de Dados (LGPD), South Africa’s Protection of Personal Information Act (POPIA), Australia’s Privacy Act 1988, and other relevant U.S. state privacy laws. We may provide additional jurisdiction-specific information as required by these laws.


By using StatementZen’s Services, you agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with our practices, please discontinue use of our Services. If you have any questions or concerns about this policy or your personal data, please contact us at info@statementzen.com.

1. Data We Collect and How We Use It

We only collect personal data that is necessary for legitimate purposes and we clearly state those purposes at the time of collection. The types of personal information we may collect and process include:

  • Identification and Contact Information: Such as your name, email address, company name, mailing address, phone number, and login credentials. We use this information to create and manage your account, provide customer support, send service-related communications, and fulfil our contract with you (for example, providing access to the StatementZen platform and its features).
  • Transactional Information: If you make a purchase or subscribe to a paid plan, we (through our e-commerce platform) collect information related to the transaction. This may include billing name and address and details of the product or service purchased. Note: We do not collect or store full payment card numbers or financial account information – payments are handled securely by our third-party payment processor (e.g., Stripe). Financial data you provide at checkout (such as credit card details) is transmitted directly to Stripe via the WooCommerce Stripe Gateway and is processed in compliance with PCI-DSS standards. We retain non-sensitive transaction identifiers (like an order number or payment confirmation) to record your purchases.
  • Usage Data: We automatically collect certain information about how you interact with our website and Services. This may include your IP address, browser type, device identifiers, pages or screens viewed, actions taken (e.g., features used, links clicked), and the dates/times of access. We use this data to analyse usage of our Services, troubleshoot performance issues, improve functionality, and personalize your experience. We may also use usage data to detect and prevent fraudulent or abusive activity and to maintain the security of our platform.
  • Cookies and Similar Technologies: When you visit our site or use our app, we and authorized third parties may use cookies, web beacons, and similar tracking technologies to remember your preferences, understand how you use our Services, and provide a customized experience (see Section 5: Cookies and Tracking Technologies below for more details). Some cookies are necessary for our site to function (e.g. to keep you logged in), while others help us improve the site or offer you relevant content and advertising. You have control over non-essential cookies as described in our Cookie Policy.
  • Communication Data: If you subscribe to our newsletter, opt-in to marketing emails, or otherwise communicate with us (such as through email or web forms), we may collect your name, email address, and the contents of your message or request. We use this information to respond to you, and – with your consent – to send you updates, promotional communications, or relevant news about StatementZen. You can opt out of marketing emails at any time by clicking the unsubscribe link in the email or contacting us.
  • Support and Feedback: If you contact our customer support or provide feedback/surveys, we will collect the information you choose to give us (which may include personal data such as your contact info and a description of your issue or opinions). We use this to assist you, resolve issues, and improve our Services.
  • Sensitive Personal Data: We do not intentionally collect any sensitive personal information (such as government ID numbers, financial account passwords, biometric data, health information, etc.) through our platform. We ask that you do not upload or submit such data when using our Services. If it becomes necessary for us to process sensitive data, we will do so only with your explicit consent or as required by law.

Legal Bases for Processing (EU/UK users): When we process personal data of individuals in the EU or UK, we ensure there is a valid legal basis under GDPR/UK GDPR. In most cases, the processing is necessary for the performance of a contract (e.g., to provide the Services you requested), or for our legitimate interests (such as improving our Services, preventing fraud, or securing our platform) and not overridden by your data protection rights. We may also rely on your consent where applicable (for example, for sending marketing communications or setting certain cookies), or compliance with a legal obligation when we must retain or disclose information by law. Where we rely on consent, you have the right to withdraw that consent at any time (see Section 7: Your Privacy Rights).

We aim to limit our collection and use of personal data to what is relevant and necessary for the purposes described above. We will not use your personal information for purposes that are incompatible with those described in this notice without first obtaining your consent.

2. Disclosure of Personal Data to Third Parties

We do not sell your personal information to third parties. However, we may share or disclose personal data in the following circumstances, to enable us to run our business and provide our Services:

  • Service Providers and Processors: We use trusted third-party companies to support our operations and the delivery of our Services. These include:
    • Hosting and Infrastructure: We host our application and database on a secure managed hosting platform (e.g., Kinsta, which is built on Google Cloud Platform) to store data and ensure high performance.
    • E-commerce and Payment Processing: Our website uses WooCommerce for managing subscriptions and orders, and payments are processed by Stripe. When you make a payment, personal data necessary to process the transaction (such as your name, email, and payment details) will be shared with Stripe. Stripe will process your information in accordance with its own privacy policy. We ensure that Stripe and any payment gateways we use employ robust security measures.
    • Email and Communications: We utilize email service providers to send transactional emails (such as account confirmations, password resets, and notifications) and any newsletters or marketing messages you have subscribed to. These providers will have access to your email address and name for the sole purpose of sending communications on our behalf.
    • Analytics and Performance: We may use third-party analytics tools (for example, Google Analytics or similar) to collect aggregated information about user interactions with our site. These tools may set cookies or collect usage data (as described in Section 1) to help us understand website traffic and improve user experience. Where required by law, we will obtain your consent for analytics cookies and honor any opt-out preferences.
    • Other Contractors: From time to time, we might engage developers, cloud service providers, security consultants, or other professionals under contract who may need limited access to systems or data to perform tasks on our behalf (such as developing new features, performing security audits, or providing customer support). In all cases, such parties are bound by confidentiality and data protection obligations and are not permitted to use your data for any unrelated purpose.

We only share the minimum information necessary with our service providers, and we contractually require them to protect your data and use it only as instructed by us.

  • Business Transfers: If StatementZen or its parent company MRU ConsultingPty Ltd is involved in a merger, acquisition, sale of assets, or similar corporate transaction, your personal data may be transferred to the new owner or successor entity. In such cases, we will ensure that the acquiring party is bound to respect your personal information in a manner consistent with this Privacy Policy, and we will provide notice to users before any personal data is transferred or becomes subject to a different privacy policy.
  • Legal Obligations and Protection: We may disclose your personal information if we are required to do so by law or valid legal process (for example, in response to a subpoena, court order, or government request). We may also disclose data if we believe in good faith that it is necessary to: comply with legal obligations; enforce our terms, EULA, or other agreements; investigate or protect against potential illegal activity, fraud, or security issues; or protect the rights, property, and safety of StatementZen, our users, or the public.
  • With Your Consent: In situations where you explicitly consent or direct us to share information with third parties (for example, if you integrate StatementZen with a third-party application or request that we share data with a partner), we will share your data as instructed by you.

Other than the cases above, we will not share your personal data with third parties for their independent marketing or business purposes. If we ever need to share your information in a way not covered by this Privacy Policy, we will explain to you at the point of collection or obtain your consent as required by law.

Additionally, our website may contain links to external websites or integrations with third-party platforms (for example, links to our social media pages or an integration with an accounting system you choose to connect). If you follow links to sites or services not operated by StatementZen, please be aware that those third parties have their own privacy policies. We are not responsible for the privacy practices of unrelated companies. We encourage you to review the privacy statements of any third-party websites or services you visit or use.

3. Data Security

We take the security of your personal data seriously. StatementZen implements a comprehensive range of technical and organizational measures to safeguard your information from unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Encryption: Data transmissions between your browser/app and our servers are protected using industry-standard encryption (HTTPS/TLS). Sensitive information (such as passwords) is stored encrypted or hashed.
  • Access Controls: We restrict access to personal data only to those employees, contractors, and service providers who have a business need to know. Access to administrative systems (such as our website backend, database, hosting account) is protected with strong authentication measures, including multi-factor authentication (MFA) wherever possible. User accounts are password-protected, and we encourage you to use a strong, unique password and enable any available two-factor authentication for your own account security.
  • Network & Application Security: Our hosting environment provides built-in security features such as firewalls, intrusion detection/prevention systems, malware scanning, and DDoS protection. We keep our software (including the StatementZen platform, WordPress, and related plugins) up-to-date with the latest security patches to minimize vulnerabilities. Regular security audits and monitoring are conducted to detect and address potential threats.
  • Backup and Recovery: We perform regular backups of our system and data (including customer data stored in our database) to prevent data loss. Backups are secured and stored in a manner that preserves confidentiality. In the event of any incident or data loss, we have processes in place to restore availability of personal data in a timely manner.
  • Employee Training and Policies: We ensure that our team members are trained on data protection best practices and are bound by confidentiality obligations. We have internal policies to handle personal data properly and to respond appropriately in the event of any security incident.

While we strive to protect your information, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Thus, we cannot guarantee absolute security. You share and transmit data at your own risk. In the unfortunate event of a data breach involving your personal information, we will promptly notify you and the relevant supervisory authorities as required by law, and we will take all reasonable steps to mitigate any potential harm.

4. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Policy, or as required or permitted by law. In general:

  • Account Information: Information associated with your account (such as your profile, account credentials, and usage history) is kept for as long as your account is active. If you delete your account or it becomes inactive, we will remove or anonymize personal data within a reasonable period after account deletion, except where we need to retain it to comply with legal obligations or resolve disputes.
  • Transaction Records: We retain records of transactions, invoices, and related communications as needed for accounting, auditing, and compliance with financial regulations. For example, we may keep invoice data for a number of years as required by tax law.
  • Communications: If you have communicated with us (e.g., support inquiries or email correspondence), we may retain those communications for a period of time to manage our relationship, train our staff, and improve our services.
  • Marketing Data: If you have subscribed to our mailing list, we will retain your contact details until you unsubscribe or ask us to delete that information. Once you opt out, we will stop sending you marketing emails, but may keep your email on a suppression list to ensure we honour your opt-out.
  • Usage Data: We may keep aggregated or de-identified usage data (which does not identify you personally) indefinitely for analytics and service improvement purposes. Any personal identifiers in usage logs are either removed or the data is deleted or anonymized when it’s no longer needed for legitimate business purposes.

When the retention period for personal data expires, or if you request deletion and we have no legal basis to retain it, we will securely erase or anonymize your data so that it can no longer be associated with you. If you would like more specific information about our data retention practices for a particular type of data, feel free to contact us at info@statementzen.com.

5. Cookies and Tracking Technologies

Like many online services, we use cookies and similar tracking technologies to provide, customize, and improve our Services. Cookies are small text files placed on your device that can remember your preferences and actions. In addition, we may use web beacons, pixels, or local storage objects for similar purposes. Our use of these technologies falls into a few categories:

  • Necessary Cookies: These cookies are essential for our website’s functionality. They enable core features such as user authentication, session continuity, and shopping cart or subscription management. Without these cookies, the site may not perform properly.
  • Preference Cookies: These cookies allow us to remember choices you make on our site (such as your language or region, or other settings) to provide a more personalized experience.
  • Analytics Cookies: We use these to collect information about how visitors use our website – for example, which pages are visited most often, and if users encounter error messages on certain pages. The data collected is generally aggregated and helps us improve site performance and user experience. We may use Google Analytics or similar tools; these providers may set their own cookies. We anonymize IP addresses where required and honour any consent requirements for analytics cookies.
  • Advertising/Marketing Cookies: If we participate in any advertising or retargeting campaigns, these cookies would be used to track your browsing habits and serve you relevant advertisements on our site or on other platforms (for example, to remind you of our services or offer promotions). They may be set by us or by third-party advertising partners. We will obtain your consent before using marketing cookies or similar tracking for targeted advertising. Currently, we do not display third-party ads on our site, and any future use of marketing cookies will be disclosed in our Cookie Policy.

For detailed information on the specific cookies and trackers we use, please see our Cookie Policy (available on our website). There, you can find a list of cookies, their purposes, and how long they remain on your device.

Your Choices: When you first visit our site, you will be presented with a cookie consent banner or pop-up that allows you to accept or reject certain categories of cookies. You can modify your preferences at any time by accessing our cookie settings tool (for example, via a “Cookie Preferences” link on the site). Additionally, most web browsers let you control cookies through their settings (you can typically choose to block or delete cookies). Please note that if you disable certain cookies, some features of the Service may not function correctly.

Do Not Track & Global Privacy Control: StatementZen respects user privacy preferences. If your browser or device sends a “Do Not Track” signal or a Global Privacy Control (GPC) signal, our site will honour it to the extent required by applicable law. This means that if we detect such a signal, we will opt you out of any sale or sharing of personal information for targeted advertising purposes as defined by law. Keep in mind that Do Not Track/GPC signals may not affect cookies that are strictly necessary for the Service to function.

6. International Data Transfers

StatementZen is a global service – while our business is based in Australia, we serve users around the world. Personal data you provide may be stored or processed in countries other than your own, including the United States, European Economic Area (EEA) member states, the United Kingdom, Australia, or other jurisdictions where our infrastructure, service providers, or partners are located. For example, our hosting provider may store data in data centres in the EU or US, and our third-party service providers (such as Stripe or email providers) may process data in multiple countries.

Whenever we transfer personal information across borders, we take steps to ensure that adequate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law. If you are located in the UK, EEA, or another region with data transfer restrictions, we will rely on legal transfer mechanisms to ensure your data remains protected. These may include:

  • Standard Contractual Clauses (SCCs): We may incorporate the European Commission’s approved standard contractual clauses into our contracts with service providers to cover the export of data from the EEA/UK to third countries.
  • Adequacy Decisions: Where applicable, we may transfer data to countries that are recognized by the European Commission or UK authorities as providing an adequate level of data protection. For instance, personal data may be transferred to organizations in countries with adequacy rulings, or in the case of transfers from the EU to the UK (or vice versa), which currently are deemed adequate.
  • Other Safeguards: We may rely on other permitted transfer mechanisms under GDPR and relevant laws, such as your explicit consent for certain transfers (if offered and obtained), or transfers that are necessary for the performance of a contract with you.

You have the right to inquire about the safeguards we have in place for exporting your personal data. If you’d like more information about international data transfers or copies of applicable transfer agreements, please contact us. Despite cross-border differences in privacy laws, our handling of your personal data will always be governed by this Privacy Policy and the commitments we make to protect your data.

7. Your Privacy Rights

Depending on your country or state of residence, you may have certain rights regarding your personal data. StatementZen is committed to honouring those rights and has processes in place to help you exercise them. The availability of these rights and what they mean in practice can vary by jurisdiction, but we broadly ensure the following rights for users, where applicable under law:

  • Right to Access: You have the right to request confirmation of whether we are processing personal data about you, and to obtain a copy of the personal data we hold about you, along with information about how we use it. (Applicable, for example, under GDPR, UK law, CCPA/CPRA for California residents, and similar laws in Colorado, Connecticut, Virginia, etc., as well as PIPEDA, LGPD, POPIA.)
  • Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to request that we correct or update it. We encourage you to correct certain information on your account profile directly, and you can also contact us for corrections. (This right is provided under GDPR/UK GDPR, LGPD, POPIA, and others.)
  • Right to Erasure (Right to be Forgotten): You can ask us to delete your personal data. We will honour such requests so long as we do not have a legal obligation or overriding legitimate interest to retain the data. For example, we may need to keep certain records for financial reporting or to comply with legal obligations. If no such exceptions apply, we will erase your data and instruct our processors to do the same. (This right exists under GDPR/UK law, and similar deletion rights exist under CPRA, Virginia/Colorado/Connecticut laws, LGPD, POPIA, etc.)
  • Right to Restrict Processing: In certain circumstances, you have the right to request that we limit the processing of your personal data (for instance, if you contest the accuracy of data or object to our processing, we may pause processing while your request is evaluated). When processing is restricted, we will still store your information but not use it until the issue is resolved. (Provided under GDPR and LGPD.)
  • Right to Data Portability: You have the right to request a copy of personal data you have provided to us in a structured, commonly used, and machine-readable format, and you can ask us to transmit that data to another controller where technically feasible. This typically applies to data processed based on your consent or for performance of a contract. (Applicable under GDPR/UK GDPR, LGPD, and also aligned with the right of access under some other laws.)
  • Right to Object: If we process your information based on our legitimate interests (or those of a third party), you have the right to object to that processing on grounds relating to your particular situation. You also have a right to object at any time to processing of your personal data for direct marketing purposes. If you lodge an objection, we will stop the processing unless we have compelling legitimate grounds that override your rights or if needed for legal claims. (Right to object exists under GDPR/UK law, and similar concepts under LGPD and POPIA for certain processing.)
  • Right to Opt-Out of Sale/Sharing or Certain Processing: If you are a resident of California or certain U.S. states with privacy laws (such as Colorado, Connecticut, Utah, Virginia, etc.), you have the right to direct us not to sell your personal information to third parties and to opt out of targeted advertising (sharing of personal data for cross-context behavioural advertising) or profiling in furtherance of decisions that produce legal or similarly significant effects. StatementZen does not sell personal data, and we only share personal data with third parties as described in this policy (and for our operational purposes). If we ever engage in practices deemed a “sale” or “share” under applicable law (for instance, using certain advertising cookies), we will provide a clear way for you to opt out (such as a “Do Not Sell or Share My Personal Information” link on our website or recognition of Global Privacy Control signals as described above).
  • Right to Non-Discrimination: We will not discriminate or retaliate against you for exercising any of your privacy rights. For example, we will not deny you our Services, charge you different prices, or provide a lesser quality of service just because you exercised your rights under CCPA/CPRA or other laws. (This principle of non-discrimination is assured under laws like CPRA and similarly respected by StatementZen for all users.)
  • Right to Withdraw Consent: Where we rely on your consent to process your personal data (for example, for sending marketing emails or certain cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it won’t affect processing that is based on other lawful bases. If you withdraw consent for cookies, you can change your browser settings or use our cookie preference tools to do so; if you withdraw consent for marketing, simply unsubscribe or contact us to be removed from our mailing list.
  • Right to Appeal (for Certain U.S. States): If you are in a jurisdiction like Colorado, Virginia, or Connecticut that grants a right to appeal a business’s denial of your privacy request, you have the right to appeal our decision within a reasonable time. If we decline to take action on a request you submitted, we will inform you of our decision and how you can appeal it. Generally, you may submit an appeal by contacting us (using the information in Section 11) and indicating that you are appealing our prior decision. We will review appeals in accordance with applicable law. If after an appeal you are still unsatisfied, you may have the right to contact your state’s Attorney General or regulator to lodge a further complaint.
  • Right to Lodge a Complaint with a Regulator: In addition to the rights above, if you believe we have infringed your data protection rights or mishandled your information, you have the right to complain to a supervisory authority. EU and UK individuals can contact their nation’s Data Protection Authority or the UK Information Commissioner’s Office (ICO), respectively. For example, if you are in the EU, you can find your DPA’s contact information on the European Data Protection Board website. Canadian residents may contact the Office of the Privacy Commissioner of Canada (OPC). Brazilian users can reach out to the National Data Protection Authority (ANPD). South African users can contact the Information Regulator (South Africa). We would, however, appreciate the chance to address your concerns directly before you do this – so please feel free to contact us first, and we will do our best to resolve the issue.

How to Exercise Your Rights: You can exercise your applicable privacy rights at any time by contacting us at info@statementzen.com. Please specify your identity (so we can verify it’s you) and which right you wish to exercise. For certain requests, we may need to ask for additional information to verify your identity or clarify your request (for instance, we may need you to confirm control of the email associated with your account). We will respond to your request within the timeframe required by law (generally within 30 days for most requests, or 45 days for California requests, with the possibility of a reasonable extension). There is no fee for making a request, although if requests become excessive or manifestly unfounded, we reserve the right to charge a reasonable fee or refuse to act on the request as permitted by law.

8. Children’s Privacy

Our Services are not intended for individuals under the age of 16 (or the relevant minimum age in your jurisdiction for providing consent to data processing). We do not knowingly collect personal information from children. If you are under 16, please do not use the Services or provide any personal data to us.

If we become aware that we have inadvertently collected personal information from a child under 16 (or the applicable age of consent) without proper consent, we will take immediate steps to delete that information. If you are a parent or guardian and believe that a minor has provided us with personal data, please contact us at info@statementzen.com, and we will promptly investigate and address the issue, including deleting the information as required.

9. Updates to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational or regulatory reasons. When we make significant changes, we will notify you in an appropriate manner. For example, we may post a prominent notice on our website or send you an email notification if the changes are material. The “Last Updated” date at the top of this Policy will always indicate the date of the latest revisions.

It is your responsibility to review this Privacy Policy periodically to stay informed about how we are protecting and using your information. We encourage you to check back on this page for any updates. By continuing to use our Services after any changes to this Policy become effective (and after we have provided any required notice), you acknowledge and accept the updated terms of the Privacy Policy.

If we make changes that materially affect how we use personal data that we collected from you previously, we will seek your consent for those new uses where required by law.

10. Contact Us

Your privacy is important to us, and we welcome any questions or concerns you might have about this Policy or our data practices. For privacy-related inquiries, data access or deletion requests, or any complaints, please contact our data protection point of contact at:

Email: info@statementzen.com

Mailing Address: MRU ConsultingPty Ltd (StatementZen) – P.O. Box 1493, Sunnybank Hills, QLD 4109, Australia

We will do our best to respond to your inquiry within 30 days or sooner if required by law. If you contact us, please provide sufficient detail about your question or concern, and any relevant information that will help us address it properly.

Thank you for trusting StatementZen with your information. We are committed to safeguarding your privacy and delivering a secure, high-quality service to you.

Congratulation on your signing up!

Welcome to Statement Zen! As part of your free trial, we’ve given you 100 pages for statement recognition limit for your trial!
Go to Dashboard