Privacy Policy

Last updated: March 2026

Zelvinto Technologies ("we", "us", "our") is committed to protecting your personal data. This policy explains how we collect, use, store and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). We are the data controller in respect of the personal data we process.

1. Information we collect

We may collect and process the following categories of personal data:

Account information: name, email address, company name, and other details you provide when registering or updating your account.
Financial and business data: data you upload or enter into the service (e.g. CSV uploads of transactions, invoices, client details, ledger entries) to provide financial analytics and reporting.
Payment information: billing address and payment method details are processed by our payment provider (Stripe). We do not store your full card number or CVV.
Technical and usage data: IP address, browser type, device information, log data, and how you use the platform (e.g. pages visited, features used) for security, analytics and improving the service.

2. How we use your information

We use your data for the following purposes:

To provide, operate and maintain the Zelvinto platform and its features (e.g. dashboards, reports, AI tools where applicable).
To process payments and manage your subscription and free trial.
To communicate with you about your account, billing, security alerts and product updates.
To improve our service, develop new features and ensure security (e.g. fraud prevention, abuse detection).
To comply with legal and regulatory obligations and to enforce our terms.

3. Legal basis (UK GDPR)

We process your personal data on the following legal bases:

Contract: processing necessary to perform our contract with you (e.g. providing the service, billing).
Legitimate interests: where necessary for our legitimate interests (e.g. improving the service, security, analytics) provided these are not overridden by your rights.
Legal obligation: where we must process data to comply with UK law.
Consent: where we have asked for your consent (e.g. marketing communications). You may withdraw consent at any time.

4. Data retention

We retain your personal data only for as long as necessary for the purposes set out in this policy. Account and financial data are retained while your account is active and for a reasonable period after closure for legal, accounting and dispute-resolution purposes. You may request deletion of your account and associated data; we will comply subject to any legal or regulatory retention requirements (e.g. tax, anti-fraud).

5. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. Data is stored using Supabase with Row Level Security (RLS) and access controls. Payment processing is handled by Stripe; we do not store full card details. Despite our efforts, no system can guarantee absolute security; you use the service at your own risk in this regard.

6. Sharing and third-party services

We do not sell your personal or financial data. We may share data with:

Service providers: Stripe (payments), Supabase (hosting/database), and authentication providers (e.g. Google) that process data on our instructions and under contract.
Legal and regulatory: where required by UK law or to protect our rights, safety or property.

These third parties have their own privacy policies. We recommend you review Stripe, Supabase and your authentication provider's policies for how they handle your data.

7. International transfers

Your data may be processed in the UK and, where we use services that operate outside the UK (e.g. in the EEA or USA), we ensure appropriate safeguards are in place as required by UK data protection law (e.g. adequacy decisions, standard contractual clauses, or other approved mechanisms).

8. Your rights (UK)

Under UK GDPR and the DPA 2018 you have the right to:

Access: request a copy of the personal data we hold about you.
Rectification: request correction of inaccurate or incomplete data.
Erasure: request deletion of your personal data in certain circumstances.
Restriction: request that we restrict processing in certain circumstances.
Data portability: receive your data in a structured, machine-readable format where applicable.
Object: object to processing based on legitimate interests or for direct marketing.
Withdraw consent: where processing is based on consent.

To exercise any of these rights, contact us using the details in section 11. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK: ico.org.uk/make-a-complaint.

9. Cookies and similar technologies

We use cookies and similar technologies where necessary to operate the service (e.g. session management, security) and, where applicable, for analytics. We will only use non-essential cookies (e.g. analytics or marketing) where we have a lawful basis and, where required by the Privacy and Electronic Communications Regulations (PECR), with your consent. You can manage cookie preferences via your browser settings.

10. Changes to this policy

We may update this privacy policy from time to time. The "Last updated" date at the top will be revised. We encourage you to review this page periodically. Material changes may be communicated by email or a notice in the service where appropriate.

11. Contact

For any questions about this privacy policy or to exercise your data protection rights, contact Zelvinto Technologies at the email address provided on our website or in the app (e.g. support or legal contact). We will respond within one month of a valid request.