wïva
Sign in

Privacy Policy

Last updated: 10 March 2026

1. Introduction

17South Ltd ("we", "us", "our"), a company registered in England and Wales, operates the wïva platform and associated services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection legislation.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Data Controller

17South Ltd is the data controller responsible for your personal data. If you have questions about this Privacy Policy or our data practices, contact us at:

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, and location when you create an account.
  • Business Data: Invoice data, purchase receipts, sales records, product and inventory information, customer and supplier details that you enter into the Service.
  • Communications: Any correspondence you send to us, including support requests and feedback.
  • Payment Information: Billing details processed through our third-party payment providers.

3.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, frequency and duration of activities, timestamps, and interaction patterns.
  • Device Information: Device type, operating system, browser type and version, unique device identifiers, IP address, and mobile network information.
  • Location Data: Approximate location derived from your IP address and, where you grant permission, precise location data from your device.
  • Log Data: Server logs including access times, pages viewed, referring URLs, and system activity.
  • Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies. See Section 10 for details.

3.3 Information From Third Parties

  • Authentication Providers: If you sign in using a third-party service, we receive your profile information from that provider.
  • Analytics Providers: We receive aggregated and individual usage data from our analytics partners.

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Performance of a Contract (Art. 6(1)(b)): Processing necessary to provide the Service you have requested, including account management and invoice processing.
  • Legitimate Interests (Art. 6(1)(f)): Processing for our legitimate business interests, including improving the Service, generating anonymised insights, fraud prevention, and security. We balance these interests against your rights and freedoms.
  • Consent (Art. 6(1)(a)): Where we rely on your consent, such as for marketing communications or non-essential cookies. You may withdraw consent at any time.
  • Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws, regulations, or legal proceedings.

5. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Service
  • To process transactions and manage your account
  • To personalise and improve your experience
  • To communicate with you about the Service, including updates and support
  • To send marketing and promotional communications (with your consent)
  • To generate anonymised and aggregated insights, analytics, and reports
  • To detect, prevent, and address fraud, abuse, and security issues
  • To comply with legal obligations and enforce our terms
  • To conduct research and analysis to improve the Service
  • To develop new products, services, and features

6. Anonymised Insights and Data Analytics

We create anonymised, aggregated datasets derived from the information we collect. This data is stripped of all personally identifiable information and cannot be used to identify any individual user.

We may sell, license, or otherwise commercially share these anonymised insights with third parties, including but not limited to:

  • Market trend reports and industry benchmarks
  • Aggregated usage statistics and behavioural analytics
  • Regional and sector-based business intelligence
  • Economic and commercial activity summaries

We do not sell your personal data. Only fully anonymised and aggregated data, from which no individual can be identified, is shared commercially. This anonymised data does not constitute personal data under applicable data protection law.

7. How We Share Your Information

We may share your personal data with the following categories of recipients:

  • Service Providers: Third-party companies that perform services on our behalf, including cloud hosting (Cloudflare), database services (Supabase), payment processing, email delivery, and analytics. These providers are contractually obligated to protect your data.
  • Business Transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, your data may be transferred as part of that transaction.
  • Legal Requirements: We may disclose your data where required by law, regulation, legal process, or governmental request.
  • Protection of Rights: Where necessary to protect our rights, privacy, safety, or property, or that of our users or the public.
  • With Your Consent: We may share your data with other third parties when you have given explicit consent.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the United Kingdom. Where we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • UK adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the ICO
  • Other legally recognised transfer mechanisms

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. We also retain data as necessary to comply with legal obligations, resolve disputes, enforce agreements, and for legitimate business purposes.

When personal data is no longer required, we will securely delete or anonymise it. Anonymised data may be retained indefinitely for analytics and research purposes.

10. Cookies and Tracking Technologies

We use the following types of cookies:

  • Strictly Necessary Cookies: Required for the Service to function, including authentication and security cookies. These cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the Service. These are placed with your consent.
  • Functional Cookies: Remember your preferences and settings to enhance your experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Service functionality.

11. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing (Art. 18): Request that we limit how we use your data.
  • Right to Data Portability (Art. 20): Request your data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests, including processing for anonymised insights generation.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact us at privacy@wiiva.net. We will respond within one month of receiving your request.

You do not need to delete your account to exercise these rights. We provide granular controls allowing you to manage your data and privacy preferences without losing access to the Service.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, access controls, regular security assessments, and secure development practices. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

13. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, contact us at: