This Privacy Policy explains how Stack Zero Limited trading as Savvi ("Savvi", "we") collects, uses and shares personal data when you use Savvi.
1. Information Collection and Use
Controller: For your account data, billing, communications, product usage and website data, Savvi is the data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 as amended by the Data (Use and Access) Act 2025 (DUAA).
Processor: For content you process about others (e.g., tenants, customers) through Savvi, we act as processor and our DPA (in the Terms) applies.
Contact: privacy@savvibills.com. Address: Millers House, Roman Way, Market Harborough, England, LE16 7PQ. Data Protection Officer: amyr@savvibills.com.
2. Use of Data
Account & profile: name, email, role, company, password hash, preferences.
Billing: address, plan, payment method token (handled by our payment provider), invoices, VAT details.
Product data: documents you upload/forward; extracted fields (e.g., supplier, contract dates, costs); property/account metadata you create; integrations you connect.
Usage & device: log data, IP address, device/browser info, session IDs, crash reports.
Support & comms: messages you send us, survey responses, beta feedback.
Marketing: opt-ins, campaign responses.
3. Where we get data from
From you and your users; from services you connect (e.g., accounting, energy data, open banking read-access); from processors like hosting, analytics, payment, email delivery; and from publicly available sources where lawful.
4. Why we use your data (lawful bases)
Provide the Service: create accounts, process documents, run integrations, provide support – contract necessity.
Improve & secure: debugging, analytics, model quality, threat prevention – legitimate interests (balanced against your rights).
Communicate: service messages – contract/legitimate interests. Marketing – consent (you can withdraw at any time).
Compliance: tax/audit, legal requests, record-keeping – legal obligation.
5. Cookies and similar tech
We use essential cookies for security and core functions. Non-essential cookies (e.g., analytics/advertising) are used only with your consent. You can change choices anytime via the cookie banner/settings. See our Cookie Notice for details.
6. Direct Marketing
We send product updates and marketing only if you opt in or as permitted for business contacts. You can unsubscribe in any email or via settings. We never sell your data.
7. Sharing your data
We share personal data with:
- Service providers/processors: hosting, storage, search/indexing, email/SMS, analytics, payment, identity and access management, customer support, logging/monitoring.
- Integrations you enable: when you connect an integration, we share data necessary to operate it.
- Corporate events: business transfers (merger, acquisition) where permitted by law.
- Legal: if required by law, regulation or to protect rights/safety.
A current list of key processors is available on request.
8. International transfers
If we transfer personal data outside the UK, we will ensure appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, plus a transfer risk assessment where required.
9. Retention
We keep personal data only as long as needed: account data for the life of your subscription plus 12 months; logs for 90 days; backups on a rolling basis for 35 days. You can request deletion; we will delete or anonymise unless we must keep data by law or to resolve disputes.
10. Your rights
You can request: access, correction, deletion, restriction, portability, and to object to certain processing. Where we rely on consent, you can withdraw it at any time. You can also object to direct marketing at any time.
How: contact privacy@savvibills.com. We will respond within one month (extendable in complex cases). You can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.
11. Security
We use reasonable and appropriate measures (encryption in transit/at rest, secure development, role-based access, least privilege, incident response). No system is 100% secure; help us keep your account safe with strong, unique passwords and multi-factor authentication where available.
12. Children
Savvi is not intended for children under 16. We do not knowingly collect data from children.
13. Automated decision-making
We do not make decisions with legal or similarly significant effects based solely on automated processing.
14. Changes to this Policy
We will post any changes here and update the "Last updated" date. For material changes, we will provide additional notice.
15. Contact
Stack Zero Limited trading as Savvi — Millers House, Roman Way, Market Harborough, England, LE16 7PQ — privacy@savvibills.com
Cookie Notice (summary)
- Essential cookies: required for login, security, load balancing.
- Analytics cookies: optional; used to understand feature usage and improve the product.
- Advertising cookies: currently off/not used; if introduced, we will ask for consent first.
- Controls: granular choices via banner and settings; consent logs retained for compliance.
Annex: Sub-processor examples (illustrative)
- Cloud infrastructure and storage; search/indexing; email delivery; payment processing; support; logging/monitoring; analytics/telemetry.
