Privacy Policy

Zivlo (zivlo.io) - operated by Dare to Accept Ltd

Effective date: 3 June 2026

Last updated: June 2026

1. Introduction

This Privacy Policy explains how Dare to Accept Ltd ("we", "our", or "us") collects, uses, stores and protects your personal data when you use Zivlo ("the Service"), a business-to-business lead-generation tool available at zivlo.io.

We are committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy tells you what data we collect, why we collect it, how long we keep it, and what rights you have.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Who We Are

The data controller responsible for your personal data is:

  • Company name: Dare to Accept Ltd
  • Companies House number: 16010528
  • Registered address: 128 City Road, London, EC1V 2NX, United Kingdom
  • ICO registration number: ZC138888
  • Website: zivlo.io
  • Contact email: help@zivlo.io

3. What Personal Data We Collect

3.1 Account information

When you register for a Zivlo account, we collect:

  • Your full name
  • Email address
  • Account password (encrypted using industry-standard hashing - we cannot read it)
  • Any other information you voluntarily provide

3.2 Payment information

All payments are processed by Stripe, our payment processor. We do not collect, store or have access to your full payment card details. Stripe provides us with:

  • The last four digits of your payment card
  • Card expiry date
  • Billing address (if provided to Stripe)
  • Payment confirmation and transaction history

Stripe processes your payment data under its own privacy policy. We recommend you review Stripe's privacy policy at stripe.com/privacy.

3.3 Usage data

We automatically collect information about how you interact with the Service:

  • Log data: IP address, browser type and version, pages visited, time and date of visits, time spent on pages
  • Device data: device type, operating system, unique device identifiers
  • Feature usage: which features you use, search queries (business type and location terms), generated pitches
  • Error reports: technical errors or crashes

3.4 Communications

When you contact us (for example, for support or account queries), we collect:

  • Your email address and any information you include in your message
  • Support ticket history

3.5 Cookies

We use only strictly necessary cookies that are essential for the Service to function, including:

  • Session cookies to keep you signed in to your account
  • Security cookies to protect your account

We do not use analytics cookies, tracking cookies or any cookies for marketing purposes. Because we only use strictly necessary cookies, no cookie consent banner is required. You can control or delete cookies through your browser settings, but doing so may prevent the Service from functioning correctly.

4. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis to process your personal data. The bases we rely on are:

4.1 Contract (Article 6(1)(b))

Processing necessary to perform our contract with you: providing the Service, managing your account, processing payments, and sending service-related communications.

4.2 Legitimate interests (Article 6(1)(f))

Processing necessary for our legitimate business interests, provided your rights do not override these interests: fraud prevention, network security, service improvement, and analytics. We do not use your data for direct marketing.

4.3 Legal obligation (Article 6(1)(c))

Processing necessary to comply with the law: tax and accounting requirements (we retain billing records for 6 years as required by HMRC), and responding to legal requests from authorities.

5. How We Use Your Personal Data

We use your personal data to:

  • Provide, operate and maintain the Service
  • Process your subscription payments and manage billing
  • Send transactional emails (account confirmations, password resets, payment receipts, subscription reminders)
  • Respond to your enquiries and provide customer support
  • Monitor and improve the Service (bug fixes, feature development)
  • Detect, prevent and address technical issues, fraud and security incidents
  • Comply with legal obligations, including tax and accounting record-keeping

We do NOT use your personal data to:

  • Send marketing emails (we only send transactional, account-related emails)
  • Sell your personal data to third parties
  • Contact the businesses surfaced in your search results on your behalf

6. Third Parties and Sub-Processors

We use the following third-party services (sub-processors) to provide the Service. Each processes data only to the extent necessary to perform their function and is bound by contractual data protection obligations.

Sub-ProcessorPurposeData ProcessedLocation
StripePayment processingPayment details (last 4 digits), billing info, transaction historyUS / EU
ResendTransactional email deliveryEmail address, email content (account-related only)US
SupabaseDatabase and authenticationAccount data, usage data, search queriesOutside UK/EEA
HostingerApplication hostingAll data transmitted through the ServiceEU

6.1 Stripe

Stripe processes all payment transactions. We never see your full card number. Stripe is certified to PCI DSS Level 1. Stripe may process data in the United States and European Union.

6.2 Resend

Resend delivers transactional emails on our behalf (account-related emails only - we do not send marketing emails). Resend may process data in the United States.

6.3 Supabase

Supabase provides our database infrastructure and authentication services. Your account data and usage data are stored on Supabase servers. Supabase may process data outside the UK/EEA.

6.4 Hostinger

Hostinger provides application hosting infrastructure for the Service. All data transmitted through the Service passes through Hostinger's servers.

6.5 Companies House and Google Maps

The Service queries public data from Companies House (UK government register) and Google Maps Places API. These are public record databases. We do not share your personal data with them when you make searches.

6.6 Other disclosures

We may also disclose your personal data:

  • To comply with a legal obligation, court order or regulatory request
  • To enforce our Terms & Conditions or protect our rights
  • If we are involved in a merger, acquisition or asset sale (we will notify you before your data is transferred)
  • To protect the vital interests of you or another person (in emergencies)

7. Data Retention

7.1 Active accounts

We retain your personal data for as long as your account is active.

7.2 Cancelled accounts

After you cancel your subscription, we delete your account data within 30 days, except where we are legally required to retain it.

7.3 Billing and tax records

We retain billing records and payment transaction data for 6 years after cancellation, as required by UK tax law (HMRC record-keeping obligations). This data includes transaction amounts, dates and payment method details (last 4 digits of card), but does not include your full card number, which we never possess.

7.4 Anonymised data

After the retention period ends, we either delete your personal data or anonymise it (so it can no longer identify you). Anonymised statistical data may be retained for analytical purposes indefinitely.

7.5 Legal retention

In some cases we may be legally required to retain data for longer periods (for example, if required by a court order or regulatory investigation).

8. Data Security

We take appropriate technical and organisational measures to protect your personal data:

  • All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
  • Passwords are hashed using industry-standard algorithms (bcrypt) - we cannot read them
  • Database connections are encrypted and access is restricted
  • We conduct regular security reviews and vulnerability assessments
  • Access to personal data is limited to authorised personnel who need it to perform their duties

No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security. If we become aware of a data breach that affects your personal data, we will notify you and the ICO as required by law.

9. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom and European Economic Area (EEA). However, some of our sub-processors (Stripe, Resend and Supabase) may transfer and process data outside the UK/EEA.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office, with the UK Addendum
  • Adequacy decisions where the destination country has been deemed adequate by the UK government
  • Appropriate technical security measures, including encryption in transit and at rest

These safeguards ensure that your personal data receives an equivalent level of protection to that provided under UK GDPR, regardless of where it is processed.

10. Your Data Protection Rights

Under UK GDPR, you have the following rights:

10.1 Right to access

You have the right to request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge.

10.2 Right to rectification

You have the right to ask us to correct any inaccurate or incomplete personal data. You can update most account information directly in your account settings.

10.3 Right to erasure ("right to be forgotten")

You have the right to ask us to delete your personal data. We will comply unless we have a legal obligation to retain it (for example, billing records kept for HMRC). You can delete your account from your account settings, or contact us to request deletion.

10.4 Right to restrict processing

You have the right to ask us to restrict processing of your data in certain circumstances (for example, if you contest its accuracy).

10.5 Right to data portability

You have the right to receive your personal data in a structured, commonly used format, and to transfer it to another controller.

10.6 Right to object

You have the right to object to processing based on legitimate interests. Since we do not conduct direct marketing, this right primarily applies to our analytics processing.

10.7 Right to complain

If you are unhappy with how we handle your personal data, you have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance at help@zivlo.io.

10.8 Exercising your rights

To exercise any of these rights, please contact us at help@zivlo.io. We will respond within one month. We may need to verify your identity before processing your request.

11. Data About Third-Party Businesses

The Service displays data about UK limited companies sourced from Companies House (public register) and Google Maps Places (public business listings). This is public-record information.

This version of the Service does not allow you to export or download business contact data. Lead data is displayed on-screen only and remains public-record information throughout.

If you are a director or officer of a company whose information appears in our Service and you wish to discuss how this data is presented, please contact us at help@zivlo.io. Companies House data is public by law; we do not create or control the underlying register.

12. Data Processing Agreement

A separate Data Processing Agreement is not required at this time. Users cannot export or download personal data of business contacts from the Service in this version. Lead data displayed is public-record information from Companies House and Google Maps.

If we add data export functionality in a future version, we will make a Data Processing Agreement available to business customers at that time.

13. Children's Privacy

The Service is a business-to-business tool and is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at help@zivlo.io and we will delete it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on this page with a revised "Last updated" date
  • Sending an email to the address associated with your account
  • Displaying a notice when you next log in to the Service

Continued use of the Service after changes constitutes acceptance of the updated policy. If you do not agree with the changes, you should stop using the Service and cancel your subscription.

15. Contact Us

For any questions about this Privacy Policy, to exercise your data protection rights, or to raise a concern:

  • Email: help@zivlo.io
  • Post: Dare to Accept Ltd, 128 City Road, London, EC1V 2NX, United Kingdom
  • ICO registration: ZC138888