VYERA

Operated by Linvex Solutions Ltd

Effective Date: 04 May 2026

Version: 1.0

0. Privacy Policy

This Privacy Policy explains how Linvex Solutions Ltd ("we", "us", or "the Provider") collects, uses, shares, and protects personal data in connection with the Vyera service and the website at www.vyera.com.

We are committed to protecting personal data and to processing it in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable Data Protection Laws.

1. Who We Are

Linvex Solutions Ltd is the controller of the personal data described in this Privacy Policy, except where personal data is processed on behalf of a Customer of the Vyera service, in which case we act as a processor for that Customer and the Customer is the controller.

Our registered office is in England and Wales. Our day-to-day operations are conducted from our office in Bahria Town, Lahore, Pakistan. Contact details, including our company number and registered address, are set out in section 20 of this Privacy Policy.

2. Scope of This Policy

This Privacy Policy applies to personal data we process as a controller, including:

personal data of individuals who visit our website or interact with our public-facing communications;
personal data of individuals who hold an Account on the Vyera service, including employees, contractors, and agents of our Customers;
personal data of individuals who contact us in connection with sales, support, or partnership enquiries;
personal data of prospective candidates and applicants who apply for roles at our company.

Where we process personal data on behalf of a Customer in the course of providing the Vyera service, we do so as a processor under the terms of a data processing agreement with that Customer. The Customer's own privacy policy governs the relationship between the Customer and any individual whose personal data the Customer uploads or generates through the Vyera service.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Account and Identity Data

name, business email address, job title, and company name provided during Account registration;
authentication credentials, such as a password (stored in hashed form by our identity provider) or single sign-on tokens;
profile information optionally provided by the user.

3.2 Billing Data

billing contact name and address;
billing email address;
payment method tokens generated by our payment processor (we do not store full card details);
invoice and transaction history.

3.3 Usage and Technical Data

internet protocol (IP) address, device identifier, browser type and version, operating system, language preferences, and similar technical metadata;
pages visited, features used, queries submitted, and other product usage data;
log data, including timestamps, error reports, and diagnostic information.

3.4 Communications Data

the contents of any messages sent to us through email, in-app messaging, contact forms, or support channels;
records of telephone or video calls where lawfully recorded;
records of marketing preferences and engagement, where applicable.

3.5 Customer Workspace Data

Where personal data is contained within data uploaded to or generated within a Customer's workspace on the Vyera service (for example, contact details of an individual identified during a competitive analysis), we process such personal data as a processor on behalf of the Customer.

Customers are responsible for ensuring they have a lawful basis to process such personal data and for issuing any required notices to the individuals concerned.

4. How We Collect Personal Data

Directly from the user, when an Account is created, when forms are completed, when communications are sent to us, or when payment details are provided;
Automatically, when a user interacts with our website or the Vyera service, through cookies, server logs, and similar technologies;
From third parties, including identity providers, payment processors, sales intelligence providers (where used to enrich a business contact in a lawful way), and publicly available sources.

5. Lawful Bases for Processing

Under the UK GDPR, we must have a lawful basis to process personal data. The lawful bases on which we rely are:

5.1 Performance of a Contract

We process personal data where it is necessary to perform our contract with the Customer or with the individual user, including to register and administer Accounts, to provide the Vyera service, to bill for the service, and to provide customer support.

5.2 Legitimate Interests

We process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by the rights and interests of the individual. Our legitimate interests include:

operating, securing, monitoring, and improving the Vyera service;
detecting and preventing fraud, abuse, and security incidents;
conducting business-to-business marketing to professional contacts where this is reasonably expected and not unduly intrusive;
responding to enquiries and managing our business relationships;
understanding usage patterns to inform our product roadmap and commercial strategy.

5.3 Legal Obligation

We process personal data where required to comply with a legal obligation, including obligations under tax, accounting, anti-money laundering, and other regulatory regimes.

5.4 Consent

Where required by law, we rely on consent - for example, in respect of certain marketing communications and the use of non-essential cookies. Where we rely on consent, the individual has the right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

6. How We Use Personal Data

We use personal data for the following purposes:

to register and administer Accounts on the Vyera service;
to provide, operate, secure, and improve the Vyera service and our website;
to authenticate users and protect the security of the service;
to bill Customers and process payments;
to communicate with users about service updates, security notices, and other operational matters;
to respond to enquiries and provide customer support;
to send marketing communications to professional contacts in accordance with applicable law and the user's preferences;
to analyse usage patterns and improve the design and performance of the service;
to detect, investigate, and prevent fraud, abuse, security incidents, and breaches of our Terms;
to comply with our legal and regulatory obligations;
to establish, exercise, or defend legal claims.

7. Disclosures to Third Parties

We disclose personal data only as set out in this Privacy Policy. We do not sell personal data.

We disclose personal data to the following categories of recipient:

Sub-processors and service providers - see section 8 below;
Professional advisers, including legal, accounting, and audit advisers, who are bound by duties of confidence;
Acquirers, in the event of a sale, merger, restructuring, or insolvency of the Provider, where the personal data forms part of the assets being transferred;
Law enforcement, regulators, and other public authorities, where we are required to do so by law or in response to a valid legal process, or where we believe in good faith that such disclosure is necessary to protect our rights, the safety of others, or the integrity of the service;
With the user's consent, in any other case.

8. Sub-Processors

We engage trusted third-party sub-processors to deliver the Vyera service. The categories of sub-processor we currently use include:

Cloud infrastructure and hosting (data hosted within the United Kingdom or European Economic Area where reasonably possible);
Identity, authentication, and access management;
Payment processing and billing;
Search engine results and structured data providers;
Web crawling and content collection services;
Large language model and machine learning providers;
Email delivery, customer messaging, and support tooling;
Analytics, monitoring, observability, and error reporting;
Customer relationship management and sales tooling.

A current list of named sub-processors is maintained in our Documentation and is available to Customers on request. We require each sub-processor to enter into a written agreement that imposes data protection obligations equivalent to those set out in this Privacy Policy and the Data Protection Laws.

9. International Data Transfers

Some of our sub-processors are located outside the United Kingdom, including in the United States. Our operational team is based in Pakistan. Where personal data is transferred outside the United Kingdom, we put in place safeguards required by the UK GDPR to protect that personal data, which may include:

transfers to countries that the United Kingdom has determined provide an adequate level of protection;
the International Data Transfer Agreement issued by the Information Commissioner's Office, or the UK Addendum to the European Commission's Standard Contractual Clauses;
any other safeguard recognised under the UK GDPR.

Where personal data is accessed by our staff in Pakistan, such access is limited to authorised personnel for the purposes of operating, maintaining, and supporting the Vyera service, and is governed by appropriate confidentiality and data protection obligations.

Customers may request further information about the safeguards we use in respect of any specific transfer by contacting us at the details in section 20.

10. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, in accordance with the following retention principles:

Account and identity data - retained for the duration of the Subscription and for a reasonable period thereafter to handle post-termination enquiries, disputes, and audits;
Billing and tax records - retained for the period required by tax and accounting laws (typically six years);
Usage and technical logs - retained for a limited operational and security review period, after which they are aggregated or deleted;
Customer Workspace Data - retained for thirty (30) days following termination of the Customer's Subscription, after which it is deleted from production systems, subject to backup and disaster-recovery cycles;
Marketing data - retained until the recipient unsubscribes or otherwise withdraws consent, or until the data is no longer required.

Where personal data is no longer required, we either delete it securely or, where appropriate, anonymise it so that it can no longer be associated with an identifiable individual.

11. Cookies and Similar Technologies

We use cookies and similar technologies on our website and within the Vyera service for the following purposes:

Strictly necessary cookies, which are required for the website and service to function and which do not require consent;
Functional cookies, which remember user preferences and enhance the user experience;
Analytics cookies, which help us understand how users interact with our website and service;
Marketing cookies, used in limited circumstances to measure the effectiveness of our marketing activities.

Where required by law, we obtain consent for the use of non-essential cookies through a cookie banner. Users can manage their cookie preferences at any time through the cookie settings on our website or through their browser settings. A separate Cookie Notice may be published on our website with further detail.

12. Rights of Data Subjects

Subject to the conditions and exemptions set out in the Data Protection Laws, individuals have the following rights in relation to their personal data:

the right to be informed about the processing of personal data;
the right of access to personal data we hold;
the right to rectification of inaccurate or incomplete personal data;
the right to erasure of personal data in certain circumstances;
the right to restrict processing in certain circumstances;
the right to data portability in certain circumstances;
the right to object to processing based on our legitimate interests, including the right to object to direct marketing at any time;
the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects, except as permitted by law;
the right to withdraw consent at any time, where we rely on consent to process personal data.

Where we process personal data as a processor on behalf of a Customer, requests from data subjects should be directed to the Customer in the first instance. We will assist the Customer in responding to such requests in accordance with our data processing agreement.

13. How to Exercise Rights

Individuals can exercise their rights by contacting us at the details set out in section 20. We may need to verify the identity of the requester before responding.

We will respond to valid requests within one calendar month of receipt. Where a request is complex or where we have received a number of requests from the same individual, we may extend this period by up to two further months and will inform the individual of the extension and the reasons for it.

We do not charge a fee to respond to most requests. Where a request is manifestly unfounded or excessive, we may charge a reasonable administrative fee or refuse to act on the request, in accordance with the Data Protection Laws.

14. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include:

encryption of personal data in transit and at rest where appropriate;
access controls, including role-based access, multi-factor authentication for staff, and the principle of least privilege;
network and infrastructure security controls, including firewalls and intrusion detection;
regular review and testing of security controls;
secure software development practices and code review;
staff training in data protection and information security;
incident response procedures, including timely notification to affected parties and supervisory authorities where required.

No security measure is perfect. While we take security seriously, we cannot guarantee the absolute security of personal data.

15. Children's Data

The Vyera service is intended for business users and is not directed to children. We do not knowingly collect personal data from children under the age of 16. If we become aware that we have collected personal data from a child, we will take reasonable steps to delete that personal data.

16. Marketing Communications

We send marketing communications only where this is permitted by law. We rely on the soft opt-in for existing business contacts where the law permits, and on consent where required.

Every marketing email we send includes an unsubscribe link. Recipients can opt out of marketing at any time by using that link or by contacting us at the details in section 20. Opting out of marketing does not affect operational and service-related communications, which we may continue to send for the duration of the Subscription.

17. Automated Decision-Making and Artificial Intelligence Processing

The Vyera service uses artificial intelligence and machine learning models to generate analytical outputs from data collected from public sources. These models do not produce decisions about individuals that have legal or similarly significant effects on those individuals. The outputs are intended to support business decisions made by Customers, not to make decisions about individual people.

Customers must not use the Vyera service to make solely automated decisions that produce legal or similarly significant effects on individuals, except where permitted by the Data Protection Laws.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, the Vyera service, or applicable law. The version in force from time to time is published at www.vyera.com (or any successor domain) and the version date is shown at the top of this document. Where changes are material, we will notify Account holders by email or through an in-product notification.

19. Complaints and Supervisory Authority

If an individual has a concern about how we process personal data, we encourage them to contact us first at the details in section 20 so that we can address the concern.

Individuals also have the right to lodge a complaint with the United Kingdom's supervisory authority, the Information Commissioner's Office:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Helpline: 0303 123 1113
Website: ico.org.uk

20. Contact Us

Questions, comments, and requests in relation to this Privacy Policy should be sent to:

Linvex Solutions Ltd

Privacy Enquiries

[Insert UK registered office address as recorded at Companies House]

Email: [Insert privacy contact email, e.g. privacy@vyera.com]

If we appoint a Data Protection Officer or a UK Representative, we will publish their contact details in this section.

Publication Checklist