Privacy Policy
Last updated: 30 April 2026
1. Who we are
Malvorah Ltd. ("Malvorah", "we", "us") is a UK-registered company and the data controller for personal data we collect about you. Reach us at contactus@malvorah.com.
2. What data we collect
- Identity & contact: name, email address, business name.
- Service inputs: answers you provide in the Growth Scan and roadmap questionnaires.
- Payments: processed by Stripe — we never store your full card details.
- Technical: IP address, device, browser, and basic usage analytics.
3. How we use your data
We use your data to deliver the services you request, respond to enquiries, send transactional emails, prevent fraud, and improve our products. We rely on the lawful bases of contract, legitimate interests and, where required, consent.
4. Sharing
We share data only with trusted processors who help us run the service: Supabase (database & auth), Stripe (payments), Lovable AI / Google / OpenAI (AI generation), and our email provider. We never sell your data.
5. International transfers
Some processors are based outside the UK/EEA. Where this applies, we rely on Standard Contractual Clauses or equivalent safeguards.
6. Retention
We keep account, order and roadmap data for as long as your account is active and up to 6 years afterwards to meet UK accounting and tax obligations.
7. Your rights (UK GDPR)
You can access, rectify, erase, restrict or port your personal data, and object to processing. Email contactus@malvorah.com. You can also complain to the UK ICO at ico.org.uk.
8. Security
HTTPS in transit, encrypted databases, role-based access controls and audit logs. We will notify you and the ICO promptly in the event of a personal data breach affecting you.
9. Changes
We may update this policy. Material changes will be communicated by email or in-app notice.