Vastyn Privacy Policy

Vastyn is a product of Versatile Commerce Limited, registered office: Maritime House, Discovery Quay, Falmouth, Cornwall, United Kingdom, TR11 3XA ("Vastyn", "we", "us" or "our").

This Privacy Policy explains how Versatile Commerce Limited (trading as Vastyn) and its affiliates collect, use, disclose, and protect information when you use Vastyn's websites, dashboards, admin consoles, browser extensions, APIs, mobile or desktop applications, and related services (collectively, the "Service"), or when you otherwise interact with us.

Capitalised terms not defined in this Privacy Policy have the meaning given to them in our Terms of Use. If you do not want your information processed in accordance with this Privacy Policy, you should not use the Service.

1. Information we collect

We collect the following types of information about you:

1(a). Information you provide to us directly

We may ask for certain information when you register for a Vastyn account or otherwise interact with us, such as:

• Name and contact details (e.g. first and last name, email address, phone number, postal address)
• Account details (e.g. username, password, organisation name, role or profession)
• Billing and payment information (e.g. billing address, tax details)
• Any messages you send us through the Service (e.g. support tickets, feedback, search queries and prompts)
• Content you upload or connect to Vastyn ("User Content"), such as: product data, catalogues, order feeds, pricing rules, messages, files, images, videos, documents, and any other data you choose to sync from marketplaces, ERPs or other systems.

We use this information to operate, maintain, secure and improve the Service, to provide features and functionality, to respond to you, and to address issues you raise. If you do not provide certain information, some parts of the Service may not be available or may not work as intended.

1(b). Information we receive from third-party applications or services

If you choose to connect Vastyn to third-party services (for example, marketplaces, e-commerce platforms, ERPs, CRMs, analytics, cloud storage, SSO/identity providers or social sign-in providers), we may receive information about you from those services. This may include:

• Identifiers such as user IDs, store IDs, account IDs or tenant IDs
• Access tokens or credentials necessary to access that service (stored securely)
• Profile information you have permitted the third party to share with us
• Business data needed to operate Vastyn (for example: products, orders, listings, pricing, inventory, campaigns and other e-commerce activity).

You can control what those third-party services share with us via their own settings, and you may disconnect them at any time. If you disconnect, we will no longer receive new data from that service, but we may retain existing data as needed for our legitimate business purposes, including providing the Service and meeting legal obligations.

1(c). Information we receive from other third parties

We may also obtain information about you from:

• Public sources and business directories
• Social media platforms (e.g. LinkedIn, X/Twitter) where you interact with our content
• Third-party data providers and information services
• Other Vastyn users (for example, when they invite you to a team or share a workspace with you)

The information we obtain may include company name, company size, job title, seniority, industry, and other professional profile details. We use this information to better understand our user base and to tailor our communications, onboarding and product experience.

1(d). Information we collect automatically

We automatically collect certain information when you use the Service. This may include:

• Usage data and analytics events (e.g. features used, screens viewed, buttons clicked)
• Log data such as IP address, browser type, pages visited, referring and exit pages, timestamps
• Device information (e.g. device type, operating system, language settings)
• Error logs, performance metrics and diagnostic information

We use this data for analytics, troubleshooting, security, abuse detection, capacity planning and to improve the Service.

1(e). Cookies and similar technologies

We and our partners use cookies and similar technologies (such as pixels, tags and local storage) to recognise you and/or your device and to:

• Help you sign in and stay signed in
• Remember your preferences and settings
• Measure traffic, usage trends and feature adoption
• Improve performance and user experience
• Support security and fraud prevention

You can usually control or delete cookies through your browser settings. If you disable cookies, some features of the Service may not function properly.

1(f). Log files, device identifiers and location data

When you access the Service, our systems may automatically record:

• Server log information as described above
• Device identifiers (such as a unique device ID) to help us recognise your device
• Approximate location inferred from your IP address or provided by you (for example to set currency, language or tax calculations)

1(g). Content within your account

We receive and store the content you create or sync into Vastyn, including:

• Catalogues, listings, products, offers and pricing
• Orders, shipments, returns and related logistics data
• Rules, workflows, prompts and configuration settings
• Files, media, notes and other materials you attach to your account

How we use this data is described below in Section 2.

2. How we use your information

We use the information we collect for the following purposes:

2(a). Providing you with the Service

• To create and manage your account
• To authenticate you when you log in
• To sync and process your data from connected systems
• To operate core functionality such as catalog, pricing, listing, ordering and reporting
• To provide support, respond to your requests and communicate about your account
• To bill you, collect payments and manage subscriptions

2(b). Analytics, service improvement and AI/ML

We analyse usage data, technical data and (where permitted by your settings) certain aspects of your content in order to:

• Understand how the Service is used and where users struggle
• Improve performance, reliability and user experience
• Develop, train and refine models and algorithms that power AI-assisted features
• Surface suggestions, automations and insights that may be relevant to your use case

Examples include:

• Suggesting pricing or listing tweaks based on patterns
• Recommending actions in workflows based on your historical behaviour
• Improving AI prompts, summarisation, categorisation or tagging accuracy

Where required by law, or where we choose to offer you a choice, you can manage certain AI/ML-related preferences in your account or privacy settings.

2(c). Customising your experience

We use information about you, your organisation, your usage and your content (where appropriate) to tailor the Service, such as:

• Remembering your preferences, language and region
• Surfacing relevant dashboards, features or tips
• Recommending integrations, connectors or modules that may be valuable to your use case

2(d). Communications about the Service

We may use your contact details to send you:

• Service and security notifications
• Administrative messages (e.g. billing, plan changes, downtime notices)
• Onboarding guides, product announcements and how-to information

You can opt out of most non-essential emails, but we may still send important Service or legally-required communications.

2(e). Marketing and optional promotions

Where permitted by law, we may use your information to:

• Send you information about new features, offers and events
• Display more relevant messaging in-product
• Measure and improve the effectiveness of our marketing

You can opt out of marketing emails at any time using the unsubscribe link in those emails, or via your account settings.

2(f). Safety, security, fraud and abuse

We may use information about you and your account to:

• Monitor, prevent and detect fraud, abuse or security incidents
• Protect the integrity of the Service, our infrastructure and our users
• Investigate and respond to suspected violations of our Terms of Use or applicable law

2(g). Legal and compliance

We may use or disclose information about you:

• To comply with laws, regulations, legal processes or enforceable governmental requests
• To enforce our Terms of Use or other agreements
• To protect our rights, property or safety, or that of users or others

3. Sharing your information

3(a). Service providers and group companies

We may share your information with Versatile Commerce group companies and trusted third-party service providers who help us:

• Host and operate the Service and infrastructure
• Provide customer support and account management
• Process payments and billing
• Provide analytics, logging and monitoring
• Deliver notifications (email, SMS, in-app)
• Provide security, backup and storage
• Deliver optional integrations and connectors

These providers are given access only to the information reasonably necessary to perform their functions and are bound by confidentiality and data protection obligations.

3(b). How you can share your content

You control most ways your content is shared from Vastyn, for example by:

• Inviting users into your organisation or workspace
• Assigning roles and permissions to team members
• Using sharing links, APIs or integrations to exchange data with other systems

Please review your sharing settings carefully. If you choose to make information accessible to others (inside or outside your organisation), we will process it as needed to enable that sharing.

3(c). Business transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, reorganisation or similar event involving Vastyn or Versatile Commerce Limited. If such a transaction occurs, we will take steps to ensure your information is handled in line with this Policy.

3(d). Organisations and administered accounts

If you register using an email address associated with an organisation (for example, your work email), that organisation may be treated as having certain rights over your account as an "Admin Entity", such as:

• Seeing which of their email addresses are using Vastyn
• Managing seats, roles and permissions associated with their domain
• Centralising billing and subscription management

In some cases, control of an account may be transferred to the organisation that owns or manages the email domain. Where practical, we will notify you in advance so you can move any purely personal data to a separate personal account.

3(e). Other third parties and integrations

At your request, or where you choose to use certain product features, we may share information with:

• Third-party apps, connectors and integrations you install or enable
• Marketplaces, logistics providers, ERPs and other platforms you connect
• Partners involved in delivering joint services you have requested

These third parties are not controlled by us, and their own privacy policies apply to their use of your information. You should review the terms and privacy policies of any third-party services you connect to Vastyn.

3(f). Aggregated or de-identified information

We may aggregate and/or de-identify information so that it cannot reasonably be used to identify an individual, and may use or share that aggregated/de-identified data for purposes such as:

• Analytics and benchmarking
• Product improvement and research
• Industry or market insights

3(g). Authorities and legal requests

We may access, preserve and share your information with third parties, including law enforcement, regulators or other authorities, if we reasonably believe it is necessary to:

• Comply with applicable law, regulation, legal process or governmental request
• Enforce our Terms of Use or other agreements
• Protect the rights, property or safety of Vastyn, our users or others

4. Advertising

Vastyn is primarily a B2B service. We do not sell your personal information to third-party advertisers. We may, however, use:

• Basic contact and usage data to understand which campaigns and channels are effective
• Third-party tools (such as email platforms or analytics providers) to show you or similar professionals relevant messages about Vastyn

Where required, we will seek your consent or provide an opportunity to opt out of such uses.

5. How we transfer, store and protect your data

Vastyn is a UK-based product with infrastructure that may be hosted or processed in the United Kingdom, the European Economic Area, and other countries where we or trusted providers operate data centres or support operations.

Because of this, your information may be transferred across borders and stored in countries whose data protection laws differ from those in your country of residence. Where required by law, we put in place appropriate safeguards (such as standard contractual clauses) to protect personal data transferred internationally.

6. Keeping your information safe

We use a combination of technical, organisational and physical safeguards designed to protect your information against unauthorised access, loss, misuse or alteration. These may include:

• Encryption in transit and at rest (where appropriate)
• Access controls and role-based permissions
• Monitoring, logging and alerts
• Backups and business continuity measures

However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for:

• Keeping your password and account credentials confidential
• Restricting access to your devices
• Not re-using passwords across services

7. Your choices about your information

7(a). Account information and settings

You can usually:

• Access and update your basic account details from within the Service
• Adjust notification and marketing preferences in your account settings
• Request access, correction or deletion of certain personal data by contacting us

Some information may be retained for legitimate business, legal or security reasons (see Section 8 below).

7(b). Cookies and tracking technologies

You can manage cookies and similar technologies via your browser settings and, where available, our own cookie preferences tools. Blocking some types of cookies may affect your experience of the Service.

7(c). Marketing communications

You can opt out of marketing emails from Vastyn at any time by:

• Clicking the "unsubscribe" link in the email; or
• Updating your preferences in your account settings (where available)

We may still send essential Service-related communications, such as security alerts or billing notices.

7(d). AI-related preferences

Where provided, you may be able to adjust how your data is used in connection with certain AI or machine-learning features. Please check your account or privacy settings for available options.

7(e). Rights under data protection laws

Depending on where you live, you may have legal rights in relation to your personal data, such as:

• Right of access – to request a copy of your personal data we hold
• Right to rectification – to request correction of inaccurate data
• Right to erasure – to request deletion of certain data
• Right to restriction or objection – to limit or object to certain processing
• Right to data portability – to receive certain data in a structured, commonly used format

You can exercise these rights (where applicable) by contacting us using the details in Section 14. We may need to verify your identity before responding.

8. How long we keep your information

We retain personal data for as long as necessary to provide the Service, to comply with legal, accounting or reporting obligations, to resolve disputes, and to enforce our agreements.

When your account is closed, we may:

• Delete or anonymise certain data within a reasonable period; and/or
• Retain some data where we have a lawful basis (for example, transactional records we are required to keep for tax or audit purposes)

9. Children

Vastyn is a business-focused product and is not directed at children. You must not use the Service if you are under the age at which you can legally enter into a binding contract in your jurisdiction. We do not knowingly collect personal information from children. If you believe we have collected information about a child, please contact us using the details in Section 14 and we will take appropriate steps to delete such information.

10. Links to other websites and services

The Service may contain links to third-party websites, services or applications that are not operated by Vastyn. We are not responsible for the privacy practices or content of those third parties. Your use of such services is subject to their own terms and privacy policies.

11. Additional information for users in the EEA, UK and similar regions

11(a). Data controller

For users in the European Economic Area (EEA), the United Kingdom and similar jurisdictions, the "data controller" responsible for your personal data is:

Versatile Commerce Limited
Maritime House, Discovery Quay
Falmouth, Cornwall
United Kingdom, TR11 3XA

11(b). Legal bases for processing

We rely on the following legal bases to process your personal data, where applicable:

• Contractual necessity – to provide the Service and perform our contract with you.
• Legitimate interests – for example, to improve the Service, prevent fraud, and send limited product-related communications, where our interests are not overridden by your rights.
• Consent – where we ask for your consent for a specific use (e.g. certain marketing).
• Legal obligation – where processing is necessary to comply with applicable law.

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

11(c). International transfers

If we transfer your personal data outside of the EEA/UK, we will ensure appropriate safeguards are in place (such as standard contractual clauses or equivalent mechanisms) as required by law.

12. Additional information for users in the United States

Some U.S. state laws provide residents with additional rights in relation to their personal information, such as rights to access, delete, correct, or opt out of certain uses. If you are a resident of such a state and wish to exercise rights available to you, please contact us using the details in Section 14. We will respond in line with applicable law.

13. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or legal requirements. When we do, we will revise the "Last updated" date at the top. If we make material changes, we will take reasonable steps to notify you, for example via email or a notice in the Service.

Your continued use of the Service after the effective date of an updated Privacy Policy means you accept the changes.

14. How to contact us

If you have any questions, concerns or complaints about this Privacy Policy or our data practices, please contact:

Email: help@vastyn.com
Post:
Privacy Officer
Versatile Commerce Limited (Vastyn)
Maritime House, Discovery Quay
Falmouth, Cornwall
United Kingdom, TR11 3XA