privacy

SANVORD

Privacy Policy

Last updated: 25 January 2026

Version 2.1

Sanvord Ltd (“Sanvord”, “we”, “us”, “our”) is committed to protecting personal data and respecting privacy.
This Privacy Policy explains how we collect, use, store, and protect personal data when individuals and organisations use our services, platforms, and products (collectively, the “Services”).

This Policy is intended to comply with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and other applicable data protection laws.

 

1. Who We Are

Sanvord Ltd is the data controller for personal data processed in connection with the Services, as defined under UK GDPR.

  • Legal Entity: Sanvord Ltd
  • Registered in: England and Wales
  • Company Number: 16913428 

 

Where applicable, Sanvord may act as a data processor on behalf of customers in accordance with contractual arrangements.

 

2. Scope of This Policy

This Privacy Policy applies to personal data processed in connection with:

  • Use of Sanvord’s Services
  • Customer accounts, subscriptions, and billing
  • Communications, support, and customer relationships

The specific data processed may vary depending on the service used and customer configuration.

This Policy does not apply to third-party services independently operated by external providers, except where their outputs are processed as part of the Services.

 

3. Personal Data We Collect

We collect and process only the personal data that is necessary to provide the Services, manage customer relationships, process payments, and comply with legal and regulatory obligations.

3.1 Data Provided by Customers

Depending on the Services used, we may collect:

  • Contact information (such as name, business name, and email address)
  • Account and authentication details
  • Billing, payment, and subscription information
  • Communications and support requests

 

3.2 Service-Related Data

In order to deliver the Services, we may process data submitted by customers or generated through use of the Services.
This data is limited to what is reasonably required to perform the requested service.

Where such data includes personal data, it is processed solely for the purpose of providing the Services and in accordance with UK GDPR principles.

 

3.3 Automatically Collected Data

We may automatically collect limited information relating to use of the Services, including:

  • Log and usage data
  • Timestamps and activity records
  • Performance and diagnostic information

This data is used for security, auditing, abuse prevention, service operation, and improvement.

 

4. Data We Do Not Intentionally Collect

Our Services are designed to minimise data collection and are not intended to collect:

  • Authentication secrets or passwords
  • Private content not intended to be processed by the Services
  • Personal data unrelated to the provision of the Services

If personal data outside the scope of the Services is inadvertently collected, it will be deleted or anonymised as soon as reasonably practicable, unless retention is required by law.

 

5. How We Use Personal Data

We process personal data to:

  • Provide, operate, and maintain the Services
  • Authenticate users and manage accounts
  • Process payments and subscriptions
  • Provide customer support
  • Monitor performance, security, and abuse
  • Improve reliability and functionality
  • Comply with legal and regulatory obligations

We do not sell personal data.
We do not use customer data or service outputs to train artificial intelligence or machine learning models without explicit customer consent.

 

6. Lawful Bases for Processing

Under UK GDPR, we process personal data on the following lawful bases:

  • Performance of a contract – to provide the Services
  • Legitimate interests – to secure, monitor, and improve the Services
  • Legal obligations – to comply with applicable laws

Where processing is based on consent, consent may be withdrawn at any time.

 

7. Data Storage and Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it is processed, including service delivery, contractual obligations, and legal requirements.

Retention periods are determined based on:

·       The nature of the service provided

·       The purpose for which the data is processed

·       Whether the data is required to maintain or support an active customer relationship

·       Legal, regulatory, or contractual retention obligations

·       The need to resolve disputes, enforce agreements, or maintain security and audit records

Service-related data is reviewed periodically and deleted or anonymised when it is no longer required for the provision of the Services or for the purposes outlined above.

Upon delivery of service outputs, customers become independently responsible for any further retention or processing of such outputs.

 

 

8. Data Sharing

We may share personal data:

  • With trusted service providers acting on our behalf, such as hosting providers, monitoring services, email delivery services, and payment processors
  • Where required by law, regulation, or legal process

We do not share personal data for advertising or marketing purposes.

 

9. International Data Transfers

Where personal data is transferred outside the United Kingdom, such transfers are made in compliance with UK GDPR requirements, including the use of:

  • The UK International Data Transfer Agreement (IDTA), or
  • Other approved safeguards recognised under UK data protection law

 

10. Security Measures

Sanvord implements appropriate technical and organisational measures designed to protect personal data while under our control.
However, no system can be guaranteed to be completely secure, and we cannot guarantee absolute security.

 

11. Customer Responsibilities

Customers are responsible for:

  • Ensuring they have lawful authority to submit data for processing
  • Complying with applicable data protection laws
  • Securing service outputs and exported data once delivered

Customers act as independent controllers for any further processing of service outputs after delivery.

 

12. Your Rights

Under UK GDPR, individuals may have the right to:

  • Access their personal data
  • Request correction or deletion
  • Object to or restrict processing
  • Request data portability
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

The ICO can be contacted at www.ico.org.uk.

Requests may be made using the contact details below.

 

13. Automated Processing

Our Services may use automated processes to generate technical or analytical outputs.
These processes do not constitute automated decision-making with legal or similarly significant effects under UK GDPR.

 

14. Children’s Data

Our Services are not intended for individuals under the age of 18.
We do not knowingly process children’s personal data.

 

15. Changes to This Policy

We may update this Privacy Policy from time to time.
Where required by law, we will notify users of material changes.

 

16. Contact Details

For privacy-related questions or requests, please contact:

Sanvord Ltd
Email: support@sanvord.com