Privacy Policy

1. Who controls your data

Savia Marketing is the data controller for personal data processed through the Savia Marketing service. Contact: privacy@tutivsoft.com.

2. What we collect

Account data (email, display name, hashed credentials), profile content you choose to publish (display name, bio, niche, listings, payment-preference details that are only revealed inside an active deal), deal records and chat messages between Buyers and Sellers, subscription and billing metadata received from Paddle (we never receive full card numbers), usage and device data (IP address, browser, pages viewed, timestamps), and support correspondence.

3. Why we collect it and our legal bases

We process personal data on the following legal bases under the GDPR and equivalent laws:

• Performance of a contract — to create and operate your account, deliver the service, and manage your subscription.

• Legitimate interests — to secure the service, prevent fraud and abuse, debug issues, and improve the product. We balance these interests against your rights.

• Consent — for optional communications and any non-essential cookies, where applicable. You can withdraw consent at any time.

• Legal obligation — to comply with tax, accounting, and other applicable laws.

4. Payment data

Subscription payments are handled by Paddle as merchant of record. Paddle collects and stores card details under its own privacy policy; we receive only transaction metadata (plan, status, last 4 digits, billing country, etc.).

5. Sharing

We share data with: (a) infrastructure subprocessors that host the service (cloud hosting, database, email delivery, error monitoring); (b) Paddle, as merchant of record for subscription billing, tax, and invoicing; (c) professional advisers (legal, accounting) where necessary; and (d) authorities where required by law. We do not sell personal data.

6. International transfers

Data may be processed outside your country, including outside the UK/EEA. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.

7. Retention

We retain account and content data for as long as your account exists. After closure we delete or anonymise data within a reasonable period, except where we must retain transaction records to comply with tax and accounting obligations (typically up to 7 years).

8. Security

We apply appropriate technical and organisational measures to protect personal data, including TLS encryption in transit, encryption at rest for the database, least-privilege access controls, authentication via hashed credentials, audit logging, and regular review of subprocessors. No system is perfectly secure; please report any suspected vulnerability to security@tutivsoft.com.

9. Your rights

Subject to applicable law (e.g. GDPR, UK GDPR, CCPA), you may request access, correction, deletion, restriction, portability, or object to processing, and withdraw consent where processing is based on consent. To exercise these rights email privacy@tutivsoft.com; we respond within one month. You also have the right to lodge a complaint with your local data-protection supervisory authority.

10. Cookies

We use strictly necessary cookies for session and security, and minimal first-party analytics to understand usage. No non-essential promotional cookies. You can control cookies through your browser settings.

11. Children

The service is not directed to children under 16. We do not knowingly collect data from them.

12. Changes

We may update this policy; material changes will be communicated by email or in-app notice.