Privacy Policy

1. Introduction

At Appvia Ltd ("Appvia", "we", "us", or "our"), we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Wayfinder platform and related services (the "Service").

This Privacy Policy applies to all users of our Service, including website visitors, registered users, and enterprise customers. Please read this policy carefully to understand our practices regarding your personal data.

2. Data Controller

Appvia Ltd is the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our details:

• Company Name: Appvia Ltd
• Company Number: 10653692
• Registered Address: Cap House Ground Floor, 9-12 Long Lane, London, EC1A 9HA, United Kingdom
• Email: privacy@appvia.io

If you have any questions about this Privacy Policy or our data practices, please contact us using the details above.

3. Data We Collect

3.1 Information You Provide

We collect information that you provide directly to us, including:

• Account Information: Name, email address, company name, job title, and password when you register for an account
• Billing Information: Payment card details, billing address, and VAT number (processed securely by our payment provider)
• Communications: Information you provide when you contact our support team, respond to surveys, or communicate with us
• Customer Data: Data, content, and information you upload or process through the Service

3.2 Information We Collect Automatically

When you use our Service, we automatically collect certain technical information, including:

• Usage Data: Information about how you use the Service, including features accessed, actions taken, and time spent
• Device Information: Browser type, operating system, device type, and screen resolution
• Log Data: IP address, access times, pages viewed, and referring URLs
• Cookie Data: Information collected through cookies and similar technologies (see Cookies section)

3.3 Information from Third Parties

We may receive information about you from third parties, including:

• Identity verification services
• Business contact databases (for marketing purposes, with appropriate consent)
• Integration partners when you connect third-party services to Wayfinder

4. Legal Basis for Processing

We process your personal data only when we have a valid legal basis to do so. The legal bases we rely on include:

4.1 Performance of a Contract

We process data necessary to provide the Service to you, including:

• Creating and managing your account
• Processing payments
• Providing customer support
• Delivering the core functionality of the Service

4.2 Legitimate Interests

We process data where necessary for our legitimate business interests, provided these do not override your rights. This includes:

• Improving and developing our Service
• Understanding how users interact with our Service
• Detecting and preventing fraud and security incidents
• Marketing our services to existing customers (you can opt out at any time)

4.3 Legal Obligations

We process data where necessary to comply with legal obligations, such as:

• Tax and accounting requirements
• Responding to lawful requests from authorities
• Maintaining required business records

4.4 Consent

Where required by law, we obtain your consent before processing, such as for:

• Marketing communications to prospective customers
• Non-essential cookies

Where we rely on consent, you may withdraw it at any time.

5. How We Use Your Data

We use your personal data for the following purposes:

5.1 Providing the Service

• Operating and maintaining the Service
• Processing your transactions
• Authenticating users and managing access
• Providing technical support

5.2 Improving the Service

• Analysing usage patterns to improve features
• Conducting research and development
• Testing new features and functionality

5.3 Communications

• Sending service-related notifications and updates
• Responding to your enquiries and support requests
• Sending marketing communications (with your consent or as permitted by law)

5.4 Security and Compliance

• Protecting against fraud and abuse
• Enforcing our Terms of Service
• Complying with legal requirements

6. AI and Your Data

6.1 How AI Features Work

Our AI-powered features process your Customer Data in real-time to provide platform insights, automation, and recommendations. This processing is solely for delivering the Service to you.

6.2 No Training on Customer Data

We want to be clear: your Customer Data is never used to train, improve, or develop our AI models. This means:

• Your infrastructure configurations remain private
• Your usage patterns are not used for model training
• Your data does not influence AI outputs for other customers

6.3 Anonymised Analytics

We may collect anonymised, aggregated data about Service usage (such as which features are most popular) to improve the Service. This data cannot be used to identify you or your organisation.

7. Data Sharing

We do not sell your personal data. We may share your data in the following circumstances:

7.1 Service Providers

We work with trusted third-party service providers who process data on our behalf, including:

• Cloud infrastructure providers (for hosting the Service)
• Payment processors (for billing)
• Analytics services (for understanding usage)
• Customer support tools

These providers are contractually bound to protect your data and may only use it for the purposes we specify.

7.2 Legal Requirements

We may disclose your data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.

7.4 With Your Consent

We may share your data with third parties when you have given us your explicit consent to do so.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

8.1 Retention Periods

• Account Data: Retained while your account is active and for 2 years after account closure
• Customer Data: Deleted within 30 days of account termination (unless you request earlier deletion or data export)
• Billing Records: Retained for 7 years as required by UK tax law
• Usage Logs: Retained for 12 months for security and analytics purposes
• Marketing Data: Retained until you unsubscribe or withdraw consent

8.2 Data Deletion

When data is no longer needed, we securely delete or anonymise it. You can request deletion of your data at any time (see Your Rights).

9. Your Rights

Under UK data protection law, you have the following rights regarding your personal data:

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you.

9.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data.

9.3 Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

9.4 Right to Restrict Processing

You have the right to request that we restrict processing of your personal data in certain circumstances.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

9.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

9.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that have legal or similarly significant effects on you.

9.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@appvia.io. We will respond to your request within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

10.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They help us provide you with a better experience and allow certain features to work.

10.2 Cookies We Use

We use the following types of cookies:

Essential Cookies

These cookies are necessary for the Service to function and cannot be switched off. They include:

• Authentication cookies to keep you logged in
• Security cookies to protect against threats
• Session cookies to remember your preferences during a session

Analytics Cookies

These cookies help us understand how visitors interact with our website. We use this information to improve our Service. These cookies are only set with your consent.

Preference Cookies

These cookies remember your settings and preferences to provide a more personalised experience.

10.3 Managing Cookies

You can control and manage cookies through:

• Our cookie consent banner (for non-essential cookies)
• Your browser settings (most browsers allow you to refuse or delete cookies)

Please note that disabling certain cookies may affect the functionality of the Service.

10.4 Third-Party Cookies

Some cookies are placed by third-party services that appear on our pages. We do not control these cookies and recommend reviewing the privacy policies of these third parties.

11. Data Security

11.1 Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments and testing
• Employee training on data protection
• Incident response procedures

11.2 Data Location

All personal data and Customer Data is stored and processed within the United Kingdom. We do not transfer your data outside the UK.

11.3 Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by law.

12. Children's Privacy

Our Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website with a new effective date
• Sending you an email notification (for significant changes)
• Displaying a notice within the Service

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

14. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

You also have the right to lodge a complaint with the UK supervisory authority: