Vastyn
Legal

Privacy Policy

Effective Date: January 2026 · Last Updated: January 2026

Introduction

Vastyn is provided by Versatile Commerce Ltd ("we", "us", "our"). We are committed to protecting your privacy and handling your personal data responsibly.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website (vastyn.com) and our e-commerce operations platform (the "Service").

Company Details:
  • Company Name: Versatile Commerce Ltd
  • Company Number: 10984996 (registered in England and Wales)
  • ICO Registration: 00019463104
  • Contact: hello@vastyn.com

We act as the data controller for the personal data we process about you.

Summary of Key Points

Before reading our full policy, here are the key points:

What Summary
Data we collectAccount information, usage data, business data you upload
Why we collect itTo provide our Service, improve it, and communicate with you
How long we keep it90 days after account closure
Who we share withOnly essential service providers (AWS, Stripe)
International transfersData stays in your region
Your rightsAccess, correct, delete, port, object — see "Your Rights" section
Contacthello@vastyn.com

1. Data We Collect

1.1 Information You Provide

Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Company name
  • Password (encrypted)
  • Billing information (processed by Stripe)

Business Data

When you use the Service, you may upload:

  • Product catalogues
  • Inventory data
  • Order information
  • Supplier information
  • Customer data from your marketplaces

Communications

When you contact us:

  • Email correspondence
  • Support requests
  • Feedback and survey responses

1.2 Information Collected Automatically

Usage Data

When you use our Service, we automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and features used
  • Time and date of access
  • Referring website

Cookies and Similar Technologies

We use cookies to operate the Service. See our Cookie Policy for details.

1.3 Information from Third Parties

Marketplace Data

When you connect marketplace accounts (Amazon, eBay, etc.), we receive:

  • Order information
  • Product listings
  • Inventory levels
  • Buyer information (as provided by the marketplace)

This data is accessed via official marketplace APIs with your authorisation.

2. How We Use Your Data

We process your personal data for the following purposes:

2.1 To Provide the Service

Processing Activity Legal Basis (GDPR)
Create and manage your accountContract performance
Process your marketplace dataContract performance
Sync inventory across channelsContract performance
Process orders and fulfilmentContract performance
Provide customer supportContract performance

2.2 To Improve and Protect the Service

Processing Activity Legal Basis (GDPR)
Analyse usage patterns to improve featuresLegitimate interest
Monitor for security threatsLegitimate interest
Prevent fraud and abuseLegitimate interest
Fix bugs and technical issuesLegitimate interest

2.3 To Communicate With You

Processing Activity Legal Basis (GDPR)
Send service notificationsContract performance
Respond to support requestsContract performance
Send product updatesLegitimate interest
Send marketing communicationsConsent (where required)

2.4 To Comply With Legal Obligations

Processing Activity Legal Basis (GDPR)
Maintain financial recordsLegal obligation
Respond to legal requestsLegal obligation
Report to regulatory authoritiesLegal obligation

3. How We Share Your Data

We do not sell your personal data. We share data only with:

3.1 Service Providers (Subprocessors)

We use trusted third parties to help provide the Service:

Provider Purpose Location
Amazon Web Services (AWS)Cloud hosting and infrastructureUser's region (no cross-border transfer)
StripePayment processingUK/EU/US (as applicable)
AWS SESTransactional email deliveryUser's region

These providers process data only on our instructions and are contractually bound to protect your data. For a complete list, see our Subprocessors page.

3.2 Marketplace Platforms

When you connect marketplaces, data flows between Vastyn and those platforms (Amazon, eBay, Shopify, etc.) as necessary to provide sync and management features. This is at your direction and under your marketplace agreements.

3.3 Legal Requirements

We may disclose data if required by law, legal process, or government request. We will notify you unless legally prohibited.

3.4 Business Transfers

If Vastyn is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any change in data controller.

4. International Data Transfers

We keep your data in your region.

Your Location Data Stored In
United KingdomUK (AWS London)
European UnionEU (AWS Frankfurt/Ireland)
United StatesUS (AWS US regions)
Other regionsNearest appropriate AWS region

We do not transfer your personal data outside your region except where necessary to provide the Service with appropriate safeguards in place.

Where transfers are necessary (e.g., to access global support), we use:

  • UK International Data Transfer Agreement (IDTA)
  • EU Standard Contractual Clauses (SCCs)
  • Other legally approved transfer mechanisms

5. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy.

Data Type Retention Period
Account informationDuration of account + 90 days
Business data (products, orders, inventory)Duration of account + 90 days
Usage logs90 days
Support correspondence2 years
Financial/billing records7 years (legal requirement)

After account closure: We delete or anonymise your data within 90 days, except where we are legally required to retain it.

You can request deletion sooner — see "Your Rights" below.

6. Data Security

We implement appropriate technical and organisational measures to protect your data:

Technical Measures

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (AES-256)
  • Secure password hashing
  • Regular security testing
  • Access logging and monitoring

Organisational Measures

  • Access limited to authorised personnel
  • Staff confidentiality obligations
  • Security awareness training
  • Incident response procedures

Infrastructure

  • Hosted on AWS with ISO 27001, SOC 2 certifications
  • 99.9% uptime commitment
  • Automated backups with point-in-time recovery

For more details, see our Security page.

7. Your Rights

You have the following rights regarding your personal data:

7.1 Rights Under UK/EU GDPR

Right Description
Right of AccessRequest a copy of your personal data
Right to RectificationCorrect inaccurate or incomplete data
Right to ErasureRequest deletion of your data ("right to be forgotten")
Right to Restrict ProcessingLimit how we use your data
Right to Data PortabilityReceive your data in a portable format
Right to ObjectObject to processing based on legitimate interests
Rights Related to Automated DecisionsNot be subject to solely automated decisions with legal effects
Right to Withdraw ConsentWithdraw consent at any time (where processing is based on consent)

7.2 How to Exercise Your Rights

Email us at: hello@vastyn.com

Include:

  • Your name and email address
  • Which right you wish to exercise
  • Any relevant details

We will respond within:

  • 30 days (UK/EU GDPR requirement)
  • We may extend by up to 60 days for complex requests (we'll notify you)

Verification: We may ask you to verify your identity before processing requests.

No fee: Most requests are free. We may charge a reasonable fee for excessive or unfounded requests.

7.3 Right to Complain

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with a supervisory authority:

  • UK: Information Commissioner's Office (ICO) — Website: ico.org.uk — Telephone: 0303 123 1113
  • EU: Your local Data Protection Authority

We'd appreciate the chance to address your concerns first — please contact us at hello@vastyn.com.

8. Cookies

We use cookies and similar technologies to operate the Service. For detailed information about the cookies we use and how to manage them, see our Cookie Policy.

9. Children's Privacy

Vastyn is a business service not directed at children. We do not knowingly collect personal data from anyone under 16 years of age. If you believe we have collected data from a child, please contact us immediately at hello@vastyn.com.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read their privacy policies.

11. Regional Privacy Information

11.1 For California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your California Rights:

  • Right to Know: What personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Correct inaccurate personal information
  • Right to Opt-Out: Opt out of "sale" or "sharing" of personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

We do not sell your personal information. We do not "share" your personal information for cross-context behavioural advertising.

Categories of Personal Information Collected:

  • Identifiers (name, email, IP address)
  • Commercial information (transaction history)
  • Internet activity (usage data)
  • Professional information (company name)

To Exercise Your Rights: Email hello@vastyn.com with "California Privacy Request" in the subject line.

11.2 For Brazil Residents (LGPD)

If you are a resident of Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD):

Your LGPD Rights:

  • Confirmation of data processing
  • Access to your data
  • Correction of incomplete or inaccurate data
  • Anonymisation, blocking, or deletion of unnecessary data
  • Data portability
  • Information about sharing with third parties
  • Revocation of consent

To Exercise Your Rights: Email hello@vastyn.com with "LGPD Request" in the subject line.

11.3 For Australia Residents

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988. Your rights include accessing and correcting your personal information.

To Exercise Your Rights: Email hello@vastyn.com.

11.4 For Canada Residents

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access and correct your personal information.

To Exercise Your Rights: Email hello@vastyn.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • Material changes: We will notify you by email or prominent notice on our website
  • Minor changes: Updated policy will be posted on this page

The "Last Updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@vastyn.com

Post:
Versatile Commerce Ltd
Maritime House, Discovery Quay
Falmouth, Cornwall
TR11 3XA
United Kingdom

Data Protection Queries: hello@vastyn.com

We aim to respond to all enquiries within 5 business days.

14. Document Information

Field Value
Document:Privacy Policy
Controller:Versatile Commerce Ltd
Company Number:10984996
ICO Registration:00019463104
Effective Date:January 2026
Last Updated:January 2026
Review Frequency:Annual or upon material changes

Terms of Service

Read Terms →

Cookie Policy

Read Cookie Policy →

Security

Learn about Security →