Privacy Policy

This Privacy Policy explains how VAZOOL Ltd ("VAZOOL", "we", "us", or "our") collects, uses, discloses, and protects personal information when you visit our websites, use VAZOOL (our Revenue Execution Platform), partner and admin portals, mobile experiences, and related services (collectively, the Services).

We are committed to protecting your privacy and handling personal data in a transparent, lawful manner consistent with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) where applicable, and other applicable data protection laws.

Please read this policy carefully. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. Where we rely on consent, you may withdraw it at any time as described below.

1. Who we are (data controller)

The data controller responsible for your personal information is:

• VAZOOL Ltd (company number and registered office details available on request)
• Email: privacy@vazool.com
• General enquiries: support@vazool.com

If you use the Services on behalf of an organisation (your Organisation), we process information about users and sales records as described below. In many cases your Organisation is the controller of business contact and customer data entered into the platform, and VAZOOL acts as a processor for that Organisation data under a separate data processing agreement. This policy primarily addresses personal data for which VAZOOL is the controller (for example account registration, billing, support, and platform security).

2. Scope and applicability

This policy applies to:

• VAZOOL (our Revenue Execution Platform) and authenticated application
• Marketing websites (for example vazool.com)
• Administrative and partner portals operated by or for VAZOOL
• APIs, integrations, and support channels linked to the Services

It does not apply to third-party websites, apps, or services that we do not control, even if linked from the Services. Those providers have their own privacy policies.

3. Categories of personal information we collect

The information we collect depends on how you interact with us. We may collect the following categories:

3.1 Account and identity information

• Name, email address, phone number, job title or role
• Organisation name, industry, and workspace settings
• Authentication credentials (passwords are stored using industry-standard hashing; we do not store plaintext passwords)
• One-time passcodes and session tokens for login and security
• Profile photo or avatar if you upload one

3.2 Organisation and platform data you or your users submit

When you use VAZOOL, you may store business information about companies, contacts, deals, activities, notes, targets, hierarchy structures, regions, locations, and related sales data. This may include:

• Business contact details (names, emails, phones, addresses)
• Commercial and pipeline information (deal values, stages, competitors, outcomes)
• Internal notes, tasks, and communications metadata
• Files or attachments uploaded to records

You are responsible for ensuring you have a lawful basis to collect and process this data in the platform, including providing appropriate notices to your customers and contacts where required.

3.3 Billing and subscription information

• Plan selection, subscription status, invoices, and payment history
• Billing contact details and tax identifiers where provided
• Payment method metadata processed by our payment providers (we do not store full card numbers on our servers)

3.4 Technical, usage, and security information

• IP address, browser type, device identifiers, operating system
• Log files, API request metadata, error reports, and performance metrics
• Feature usage, click paths, and session duration (where analytics are enabled)
• Security events such as failed logins, permission changes, and audit trail entries

3.5 Communications and support

• Messages you send to support, including tickets and attachments
• Email delivery and notification preferences
• Records of administrative actions for troubleshooting and quality assurance

3.6 Partner and affiliate programme data

If you participate in partner, agency, or affiliate programmes, we may collect business registration details, payout instructions, tax information, and verification documents as required for compliance and payments.

3.7 Information from third parties

• Organisation administrators who invite you to a workspace
• Identity or company search providers where you request enrichment features
• Payment gateways confirming transaction outcomes
• Public business registries or directories where integrated with your consent or configuration

4. How we use personal information

We use personal information for the following purposes:

1. Providing the Services — creating accounts, authenticating users, hosting platform data, enabling collaboration, reporting, and integrations you configure.
2. Account and workspace administration — managing users, roles, hierarchy, regions, locations, ownership transfers, and organisation settings.
3. Billing and contract performance — processing subscriptions, invoices, plan limits, and payment collection.
4. Security and fraud prevention — detecting abuse, enforcing access controls, maintaining audit logs, and protecting the integrity of the platform.
5. Support and communications — responding to enquiries, sending service announcements, product updates, and transactional emails.
6. Product improvement — analysing aggregated or de-identified usage to improve reliability, performance, and user experience.
7. Legal and compliance — complying with law, responding to lawful requests, and establishing or defending legal claims.
8. Marketing — where permitted, sending information about VAZOOL products. You may opt out at any time.

5. Legal bases for processing (UK / EU GDPR)

Where UK or EU GDPR applies, we rely on one or more of the following legal bases:

• Contract — processing necessary to provide the Services you or your Organisation requested.
• Legitimate interests — securing the platform, improving the Services, preventing fraud, and communicating about your account, balanced against your rights.
• Legal obligation — tax, accounting, regulatory, or law enforcement requirements.
• Consent — where required for optional cookies, certain marketing, or specific integrations. You may withdraw consent without affecting the lawfulness of processing before withdrawal.

Where we act as a processor for your Organisation's platform data, your Organisation determines the legal basis and is responsible for privacy notices to data subjects whose information you upload.

6. How we share personal information

We do not sell your personal information. We may share information in these circumstances:

6.1 Service providers (processors)

We use trusted third parties who process data on our instructions, including providers for:

• Cloud hosting and database infrastructure (for example Google Cloud Platform)
• Email delivery (for example SendGrid or SMTP services in non-production environments)
• Payment processing (for example Stripe, Razorpay, or other gateways configured for your region)
• File storage and content delivery
• Analytics on public marketing sites (for example Google Analytics, where enabled)
• Customer support and error monitoring tools

These providers are bound by contractual obligations to protect data and use it only for the services they provide to us.

6.2 Within your Organisation

Information you add to VAZOOL may be visible to other authorised users in your Organisation according to roles, hierarchy, and visibility rules configured by your administrators.

6.3 Business transfers

If we undergo a merger, acquisition, restructuring, or sale of assets, personal information may transfer to the successor entity subject to equivalent protections.

6.4 Legal disclosures

We may disclose information where required by law, court order, or governmental authority, or where necessary to protect rights, safety, and security of VAZOOL, our users, or others.

7. International data transfers

VAZOOL may process and store information in the United Kingdom and other countries where we or our service providers operate. Where personal data is transferred outside the UK or EEA to countries without an adequacy decision, we implement appropriate safeguards such as:

• UK International Data Transfer Agreement / Addendum
• EU Standard Contractual Clauses
• Supplementary measures where required by regulators

You may request further information about transfer mechanisms by contacting privacy@vazool.com.

8. Data retention

We retain personal information only as long as necessary for the purposes described in this policy, including:

• Active accounts — for the duration of your subscription and a reasonable period thereafter.
• Platform content — according to your Organisation's use of the platform; you may export or delete data subject to product features and your admin permissions.
• Billing records — as required for tax and accounting (typically up to seven years in the UK).
• Security and audit logs — for a limited period to investigate incidents and demonstrate compliance.
• Support tickets — for the time needed to resolve issues and improve service quality.

When data is no longer required, we delete or anonymise it using commercially reasonable measures. Backups may retain encrypted copies for a limited retention window before automatic purging.

9. Security measures

We implement technical and organisational measures designed to protect personal information, including:

• Encryption in transit (TLS) for data transmitted over public networks
• Access controls, role-based permissions, and authentication mechanisms
• Segregation of production and non-production environments
• Monitoring, logging, and incident response procedures
• Restricting employee and contractor access on a need-to-know basis

No method of transmission or storage is completely secure. You are responsible for safeguarding your credentials and configuring appropriate access within your Organisation.

10. Your privacy rights

Depending on your location, you may have the following rights regarding personal information we control about you:

• Access — request a copy of your personal data.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion in certain circumstances.
• Restriction — request limited processing in certain cases.
• Portability — receive data in a structured, machine-readable format where applicable.
• Objection — object to processing based on legitimate interests or for direct marketing.
• Withdraw consent — where processing is based on consent.
• Complaint — lodge a complaint with a supervisory authority.

To exercise rights, contact privacy@vazool.com. We may need to verify your identity. If your request relates to platform data controlled by your Organisation, we may direct you to your Organisation administrator.

UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk. EEA residents may contact their local data protection authority.

11. Cookies and similar technologies

Our websites and applications use cookies and similar technologies to:

• Keep you signed in and maintain session security
• Remember preferences (for example locale or notification settings)
• Measure marketing site traffic and campaign performance where analytics are enabled

Essential cookies are necessary for the Services to function and cannot be switched off in our core application flows. Analytics or marketing cookies on public sites may be configurable depending on your jurisdiction; where required, we will request consent before setting non-essential cookies.

You can control cookies through browser settings; disabling certain cookies may affect functionality.

12. Marketing communications

We may send product updates, educational content, or promotional messages if you have opted in or where permitted by law. You can unsubscribe using the link in emails or by contacting us. Transactional messages (for example security alerts, billing receipts, and account notices) are not marketing and may still be sent while you have an account.

13. Children's privacy

The Services are intended for business use and are not directed at children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will take steps to delete it.

14. Automated decision-making

VAZOOL does not make decisions based solely on automated processing that produce legal or similarly significant effects on individuals without human involvement. If we introduce such features in future, we will update this policy and provide required notices.

15. Third-party links and integrations

The Services may contain links to third-party websites or allow integrations with external systems. Your use of those services is governed by their privacy policies. We are not responsible for their practices.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated version on our website and update the version number and effective date. Where required, we will provide additional notice (for example by email or in-app notification). Continued use of the Services after the effective date constitutes acceptance of the updated policy, except where otherwise required by law.

17. Contact us

For privacy questions, requests, or complaints:

• Email: privacy@vazool.com
• Support: support@vazool.com

We aim to respond to privacy requests within one month, subject to extension for complex requests as permitted by law.

Document version 1.0.0. This policy is published by VAZOOL Ltd and made available through the VAZOOL legal document service.