Privacy Notice

Last updated: 23 June 2026

1. Who we are

This Privacy Notice describes how Zylo ("Zylo", "we", "us", "our") collects and processes personal data when you use our website and services. Zylo acts as the data controller for personal data described below.

2. Personal data we collect

  • Account data: name, email address, business name, login credentials.
  • Profile and content data: business details, logos, invoices, quotes, bills, receipts, clients and other records you enter.
  • Usage and telemetry data: pages visited, features used, referrer, device identifiers and IP address.
  • Support data: messages you send to our support team and any attachments.
  • Cookies: essential cookies required for authentication and limited analytics cookies.

Payment card details are collected directly by our payment provider and are not stored by us.

3. How we use your data

  • To create your account and provide the Zylo service (contract performance).
  • To secure the service and prevent fraud or abuse (legitimate interests).
  • To improve features and fix bugs (legitimate interests).
  • To respond to support requests (contract performance / legitimate interests).
  • To send service-related notices and, where you have opted in, marketing communications (consent).
  • To comply with legal, accounting and tax obligations (legal obligation).

4. Who we share data with

  • Service providers / subprocessors that host our infrastructure, send transactional email and provide analytics or error monitoring.
  • Paddle.com Market Limited ("Paddle"), our Merchant of Record, who handles payment processing, subscription management, billing, tax compliance, invoicing and refunds for purchases of Zylo. Paddle's processing is governed by Paddle's own privacy policy.
  • Professional advisers such as our lawyers and accountants where reasonably necessary.
  • Authorities where we are required by law, or to protect our rights, property or safety, or those of our users.

5. International transfers

Some of our service providers and Paddle may process data outside your country of residence. Where this involves transfers from the UK or EEA, appropriate safeguards such as Standard Contractual Clauses or adequacy decisions are used.

6. Retention

We retain personal data for as long as your account is active and for a reasonable period afterwards to comply with legal, tax and accounting obligations. When data is no longer needed it is deleted or anonymised.

7. Your rights

Depending on your location, you may have the right to access, correct, delete, restrict, port or object to our processing of your personal data, and to withdraw consent at any time. UK and EEA users have these rights under the UK GDPR and EU GDPR and may complain to their local supervisory authority. We will respond to verified requests within one month.

To exercise any right, contact us using the details below.

8. Security

We use appropriate technical and organisational measures including encryption in transit, access controls and audit logging. No system is perfectly secure, but we work to protect your data and notify you of breaches as required by law.

9. Cookies

We use essential cookies to keep you signed in and to remember your preferences, and limited analytics cookies to understand how Zylo is used. You can control cookies through your browser settings.

10. Contact

For privacy questions or to exercise your rights, contact us via the support channel inside the app or at the email shown on our website.