Privacy Policy

ILSEVEN TECH LTD ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

1.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Fill out our contact form
• Request a quote or consultation
• Subscribe to our newsletter or communications
• Engage with our services

This information may include:

• Full name
• Email address
• Phone number
• Company name and details
• Project requirements and specifications

1.2 Automatically Collected Information

When you visit our website, we may automatically collect certain information about your device, including:

• IP address
• Browser type and version
• Operating system
• Referral source
• Pages visited and time spent on pages
• Device information

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our services
• Communication: To respond to your inquiries and communicate about projects
• Marketing: To send promotional materials and updates (with your consent)
• Analytics: To analyze usage patterns and improve our website
• Legal Compliance: To comply with legal obligations and protect our rights
• Security: To detect, prevent, and address technical issues and fraud

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and context:

• Consent: You have given clear consent for us to process your data
• Contract: Processing is necessary to fulfill a contract with you
• Legal Obligation: Processing is necessary to comply with the law
• Legitimate Interests: Processing is in our legitimate interests and does not override your rights

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Payment Processors

We use multiple third-party payment processors to handle financial transactions securely, depending on the service type:

Payments are securely processed via Stripe and Mollie (for client projects), Paddle, Polar.sh (for SaaS products), Apple, and Google (for mobile apps). View Stripe's privacy policy: https://stripe.com/privacy and Mollie's privacy policy: https://www.mollie.com/privacy

For Our SaaS Product Subscription Payments (Web Platform):

• Paddle (Primary): Primary Merchant of Record for our SaaS product subscriptions. Accepts credit/debit card payments (Visa, Mastercard, American Express), PayPal, Google Pay, and Apple Pay. Paddle handles all VAT/tax compliance globally and is PCI-DSS Level 1 certified. Privacy policy: https://www.paddle.com/legal/privacy
• Polar.sh (Backup): Backup Merchant of Record for our SaaS subscriptions and digital product sales. Accepts credit/debit card payments and handles tax compliance for digital products. Privacy policy: https://polar.sh/legal/privacy

For Our SaaS Mobile App In-App Purchases (iOS and Android):

• Apple In-App Purchase (IAP): All iOS app purchases, subscriptions, and in-app content for our mobile SaaS applications are processed through Apple's payment system. Apple acts as Merchant of Record for iOS transactions. Privacy policy: https://www.apple.com/legal/privacy/
• Google Play Billing: All Android app purchases, subscriptions, and in-app content for our mobile SaaS applications are processed through Google Play's billing system. Google acts as Merchant of Record for Android transactions. Privacy policy: https://policies.google.com/privacy

For Client Project Payments (Software Development & Consulting):

• Stripe: Payment processor for custom software development and consulting projects when clients prefer card payments. We send secure payment links via Stripe that accept credit/debit card payments (Visa, Mastercard, American Express), Google Pay, and Apple Pay. Stripe is PCI-DSS Level 1 certified. Privacy policy: https://stripe.com/privacy
• Mollie: Alternative payment processor for custom software development and consulting projects. We send secure payment links via Mollie that accept credit/debit card payments (Visa, Mastercard, American Express), Google Pay, Apple Pay, PayPal, iDEAL, Bancontact, and other European payment methods. Mollie is PCI-DSS Level 1 certified. Privacy policy: https://www.mollie.com/privacy
• Wise (Business Account): Our primary UK business banking account for receiving bank transfers (international and domestic). Wise is FCA-authorized and provides secure banking services. Bank transfer details are provided on invoices. Privacy policy: https://wise.com/gb/legal/privacy-policy

Payment Data Processing:

• We do not store your complete payment card details on our servers
• Payment information is processed securely by our payment processors in compliance with PCI-DSS and relevant international standards
• We only retain transaction references, payment confirmation details, and invoices necessary for accounting, VAT compliance, and dispute resolution
• Paddle and Polar.sh (as Merchants of Record) handle all VAT/tax collection, remittance, and compliance for web-based SaaS subscriptions and digital products
• Apple and Google (as Merchants of Record) handle all tax collection and compliance for mobile in-app purchases
• All payment processors use bank-level encryption (SSL/TLS), tokenization, and fraud prevention systems
• Google Pay, Apple Pay, and PayPal transactions use advanced tokenization for added security

Invoicing and Receipt Data:

• Paddle (Our SaaS Products - Primary): Automatically generates fully VAT-compliant invoices and emails them immediately upon payment completion or subscription renewal. As Merchant of Record, Paddle handles all tax documentation and regulatory compliance globally
• Polar.sh (Our SaaS Products - Backup): Automatically generates tax-compliant receipts and invoices for digital product purchases and subscriptions, provides them immediately via email
• Apple App Store (Our Mobile SaaS Apps): Apple generates and provides receipts for all in-app purchases through the App Store. Customers can access their purchase history and receipts through their Apple ID account
• Google Play (Our Mobile SaaS Apps): Google generates and provides receipts for all in-app purchases through Google Play. Customers can access their purchase history and receipts through their Google account
• Stripe (Client Projects - Card Payments): Automatically generates and emails invoices immediately upon payment completion when clients pay via Stripe payment links for consulting/development projects
• Mollie (Client Projects - Card Payments): Automatically generates and emails invoices immediately upon payment completion when clients pay via Mollie payment links for consulting/development projects
• Wise Business Account (Client Projects - Bank Transfers): Invoices are generated through our accounting software and emailed within 24 hours of payment confirmation received to our Wise business account
• All invoices comply with UK HMRC requirements and include company registration number, VAT details (where applicable), and payment references
• Invoice and receipt data is retained for a minimum of 6 years as required by UK tax law and accounting regulations

4.2 Other Third-Party Service Providers

• Hosting and Infrastructure: Cloud service providers who host our website and services
• Email Services: Email service providers for communicating with clients
• Analytics Tools: Services that help us understand website usage (e.g., Google Analytics)
• Project Management Tools: Platforms we use to manage and deliver projects
• Communication Tools: Video conferencing and messaging platforms

All third-party service providers are carefully vetted and required to maintain appropriate data protection standards.

4.3 Legal and Regulatory Sharing

• Legal Requirements: When required by law, court order, or legal process
• Regulatory Compliance: With HMRC, Companies House, or other regulatory bodies as required
• Law Enforcement: When necessary to protect our rights, property, or safety, or that of others

4.4 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity.

4.5 With Your Consent

When you explicitly authorize us to share your information with specific third parties.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• SSL/TLS encryption for data transmission
• Secure server infrastructure
• Regular security audits and updates
• Access controls and authentication
• Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need your information, we will securely delete or anonymize it.

Transaction Records and Financial Data: We retain transaction records, invoices, payment confirmations, and delivery proofs for at least 5 years (or longer where required by UK tax law) to comply with financial regulations, tax obligations, anti-fraud requirements, and to support dispute resolution and chargeback investigations. This retention period aligns with UK HMRC requirements and payment processor compliance standards (including Stripe, Mollie, Paddle, Polar.sh, Apple, and Google).

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Objection: Object to processing of your personal information
• Restriction: Request restriction of processing
• Portability: Request transfer of your data to another organization
• Withdraw Consent: Withdraw consent at any time where we rely on consent

To exercise these rights, please contact us at the email address provided below.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files stored on your device. You can control cookie settings through your browser preferences.

Types of Cookies We Use:

• Essential Cookies: Necessary for website functionality
• Analytics Cookies: Help us understand how visitors use our website
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track effectiveness of marketing campaigns (with consent)

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information.

11. International Data Transfers

As a UK-registered company, we primarily process data within the United Kingdom and European Economic Area (EEA). However, some of our third-party service providers may process data outside the UK/EEA.

When we transfer personal data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): Approved by the UK Information Commissioner's Office
• Adequacy Decisions: Transfers to countries deemed to have adequate data protection laws
• Privacy Shield (where applicable): For US-based services that are certified
• Binding Corporate Rules: For transfers within multinational organizations

Data Localization for Payment Processing: Payment data processed by Paddle, Polar.sh, Stripe, Mollie, Apple, and Google is handled in accordance with their respective data protection certifications and compliance frameworks. Paddle and Polar.sh operate as Merchants of Record for web-based transactions and maintain GDPR compliance for all EU customers. Apple and Google act as Merchants of Record for mobile transactions. All payment processors maintain strong data protection commitments and comply with UK GDPR, CCPA, and other international data protection requirements.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any automated processing we conduct (e.g., analytics) is used solely for business insights and does not result in automated decisions about individuals.

14. Your Right to Complain

If you are unhappy with how we have handled your personal data or have a privacy concern, you have the right to complain to the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF, United Kingdom
Telephone: 0303 123 1113
Website: https://ico.org.uk

We would appreciate the opportunity to address your concerns directly, so please contact us first before filing a formal complaint.

15. Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay in accordance with UK GDPR requirements. We will also report the breach to the ICO within 72 hours where required by law.

16. Business-to-Business (B2B) Data

If you interact with us in a professional capacity (e.g., as a representative of a business client or partner), we process your business contact information for legitimate business purposes. This may include your name, job title, business email, and phone number. This processing is necessary for the performance of our contract with your organization or our legitimate business interests.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or wish to exercise your privacy rights, please contact us:

ILSEVEN TECH LTD
General Email: info@ilseventech.com
Data Protection Email: privacy@ilseventech.com
Payment or Refund Inquiries: refunds@ilseventech.com
Support: support@ilseventech.com
Phone: +90 553 214 10 30
Registered Office Address: 71-75, Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Company Registration No: 16784528