Privacy Policy

1 Introduction

We are a technology company that provides business management software. When you use our Service, we process personal data to provide, secure, and improve the Service and to comply with legal obligations. This policy describes our practices in a clear and accessible way. By using the Service or our website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use our Service.

We may update this policy from time to time. We will post the revised policy on this page and update the “Last updated” date. For material changes, we may notify you by email or through the Service. Continued use after changes constitutes acceptance.

2 Data we collect

We collect information that you provide directly and information we obtain automatically when you use our Service.

Information you provide

• Account and profile: name, email address, password (stored in encrypted form), phone number, job title, and profile photo if you upload one.
• Business data: company or business name, address, tax identifiers, currency preferences, and other details you enter when setting up your workspace.
• Content you create: data you input into the Service, such as products, inventory, transactions, customers, employees, and any other business or operational data (“User Content”).
• Communications: messages you send to support, feedback, or survey responses.
• Payment information: billing address and payment method details; we do not store full card numbers; payment processing is handled by our payment providers.

Information we collect automatically

• Usage data: how you use the Service (e.g. features used, pages viewed, actions performed, time and date).
• Device and log data: IP address, browser type and version, device type, operating system, and similar technical identifiers; server logs and error reports.
• Cookies and similar technologies: as described in the Cookies section below.

3 How we use your data

We use the data we collect to:

• Provide, operate, maintain, and improve the Service.
• Authenticate you and manage your account and workspace.
• Process payments and send billing-related communications.
• Send service-related notifications (e.g. security alerts, product updates, and important changes).
• Respond to your requests, comments, and support inquiries.
• Analyze usage to improve performance, fix bugs, and develop new features.
• Detect, prevent, and address fraud, abuse, and security issues.
• Comply with legal obligations and enforce our Terms of Service.
• Send marketing communications where you have opted in or where we have a legitimate interest and the law allows; you can opt out at any time.

We may use anonymized or aggregated data (which does not identify you) for analytics, benchmarking, and product improvement without restriction.

4 Legal basis (GDPR and similar laws)

Where laws such as the GDPR require a legal basis for processing, we rely on:

• Contract: processing necessary to perform our contract with you (e.g. providing the Service, billing).
• Legitimate interests: operating and improving the Service, security, analytics, and direct marketing (where applicable), balanced against your rights.
• Consent: where we ask for your consent (e.g. optional marketing, non-essential cookies). You may withdraw consent at any time.
• Legal obligation: compliance with applicable law (e.g. tax, anti-fraud).

If you have questions about the legal basis for a specific processing activity, you can contact us using the details in the Contact section.

5 Cookies and similar technologies

We use cookies, local storage, and similar technologies to provide the Service, remember your preferences, and understand how you use our website and application.

Types we use

• Strictly necessary: required for the Service to function (e.g. session and authentication).
• Functional: remember settings and choices (e.g. language, region).
• Analytics: help us understand usage (e.g. page views, feature usage); we may use first-party or third-party analytics providers.
• Marketing: used for advertising or remarketing only where you have consented or where permitted by law.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service. For more detail, see our Cookie Policy if one is published, or contact us.

6 Data sharing and disclosure

We do not sell your personal data. We may share data in the following circumstances:

• Service providers: with vendors who help us operate the Service (e.g. hosting, payment processing, email delivery, analytics). They are contractually required to protect your data and use it only for the purposes we specify.
• Legal and safety: when required by law, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction; we will notify you of any change in control.
• With your consent: where you have given us explicit consent to share data for a specific purpose.

We may share anonymized or aggregated data that cannot identify you with partners or for research.

7 Data retention

We retain your data only as long as necessary for the purposes described in this policy or as required by law. In general:

• Account and profile data: until you close your account, plus a reasonable period for backup and legal compliance.
• User Content: for the duration of your subscription and for a period after termination to allow export and for backup/legal purposes.
• Usage and log data: for a limited period (e.g. 12–24 months) unless we need it for security or legal reasons.
• Marketing and support communications: as long as needed for the purpose or until you withdraw consent or object.

After the retention period, we delete or anonymize your data. You may request earlier deletion subject to our legal and operational constraints.

8 Security

We implement technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit and at rest (where applicable), access controls, secure development practices, and regular assessments. We require our service providers to apply appropriate security measures.

No method of transmission or storage is 100% secure. We encourage you to use a strong password, enable two-factor authentication if we offer it, and keep your login details confidential. If you become aware of a security issue, please contact us promptly.

9 Your rights

Depending on where you live, you may have the following rights:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your data, subject to legal and contractual exceptions.
• Restriction: request that we limit how we process your data in certain circumstances.
• Portability: request a copy of your data in a structured, machine-readable format where applicable.
• Objection: object to processing based on legitimate interests or to direct marketing.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time.
• Complaint: lodge a complaint with a supervisory authority in your country.

To exercise these rights, contact us using the details below. We will respond within the time required by applicable law. We may need to verify your identity before processing your request.

10 International transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place, such as standard contractual clauses approved by relevant authorities or other mechanisms permitted by law, so that your data receives an adequate level of protection. Details of transfers and safeguards can be provided on request.

11 Children

The Service is not directed at individuals under the age of 16 (or higher where required by local law). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

12 Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. For material changes that affect how we use your personal data, we will provide additional notice (e.g. by email or in the Service) and, where required by law, obtain your consent. We encourage you to review this policy periodically.