Privacy Policy

Effective Date: 24.11.2025

This Privacy Policy explains how Kiowa Mayfield Darlington (FZE) (“Innovisto”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you use the Innovisto platform and website. We are committed to safeguarding your privacy and ensuring that your personal information is handled lawfully, transparently, and securely.

1. Scope and Controller

This Policy applies to all data collected through the Innovisto website and application (collectively, the “Service”).

Innovisto is a brand owned and exclusively managed by Kiowa Mayfield Darlington (FZE), a Free Zone company registered at the Sharjah Research Technology and Innovation Park, Sharjah, United Arab Emirates.

For EU and UK users, Innovisto has appointed a GDPR Article 27 representative, reachable at legal@innovisto.com.

Innovisto complies with the General Data Protection Regulation (GDPR) and UAE Federal Law No. 45 of 2021 (Personal Data Protection Law).

2. Data We Collect

We collect only the data necessary to operate and improve the Service. The types of data we process include:

Account Information

  • First name and last name
  • Date of birth and gender
  • Email address
  • Mobile phone number (for authentication via OTP)
  • Timezone
  • Password hash or social login identifier
  • Subscription status and linked Paddle customer ID
  • Records of Ideas you secure (for delivery logic and account features)

Usage Data

  • Device type, browser, and operating system
  • IP address and approximate region
  • Session timestamps and activity logs
  • In-app preferences and selected categories
  • Supabase server logs (IP address, request metadata, security logs)

Support Data

  • Communications sent via email or through contact forms
  • Any attachments or information you choose to share for troubleshooting

Payment Metadata

  • Subscription plan, status, and transaction identifiers received from Paddle
  • We do not store or process full card details

Cookies and Tracking Data

  • Consent-based cookies for authentication, preferences, analytics, and marketing
  • Non essential cookies (analytics, marketing, advertising) only load if you expressly opt in via the cookie banner

3. Sources of Data

  • Direct input by you during registration or profile updates
  • Automated collection through your use of the Service
  • Paddle, for subscription metadata and billing status updates
  • Twilio, for delivery of OTP messages
  • Supabase, for authentication and system logs

4. Purpose and Legal Basis of Processing

Purpose Description Legal Basis
Account setup and authentication To create, verify, and maintain your account, including phone number verification and delivery of OTP codes Contract performance (Art. 6(1)(b) GDPR)
Subscription and billing To manage plans, renewals, and payments through Paddle Contract performance; legal obligation for tax
Service operation To provide access to the daily idea platform and maintain technical performance Contract performance
Secure an Idea To operate the Secure an Idea functionality and maintain internal delivery logic Contract performance
Customer support To respond to inquiries and resolve issues Legitimate interests (Art. 6(1)(f))
Security and abuse prevention To detect fraud, prevent misuse, and protect the Service (Supabase logs, server logs, OTP verification) Legitimate interests; legal obligation
Analytics and improvement To evaluate usage trends and improve the Service Consent (Art. 6(1)(a))
Marketing communication To send optional updates or promotional material Consent (Art. 6(1)(a))
Legal compliance To meet regulatory and tax obligations Legal obligation (Art. 6(1)(c))

Where we rely on consent, you may withdraw it at any time through the cookie settings or by unsubscribing from communications.

5. Payments and Merchant of Record

All payments and billing are handled exclusively by Paddle, which acts as the Merchant of Record. Paddle is an independent controller of your payment data and is responsible for collecting, storing, and processing financial information in accordance with its own privacy policy and applicable laws.

Innovisto only receives limited metadata from Paddle (such as customer ID, plan, and payment status) necessary to maintain your subscription access.

By completing checkout, you also agree to Paddle’s own Privacy Policy, which governs their handling of billing and financial information.

6. Cookies and Tracking

We use cookies and similar technologies to ensure the secure and proper operation of the Service.

Cookie categories:

  • Essential cookies – required for login, session management, and security.
  • Preference cookies – save your language and display settings.
  • Analytics cookies – measure traffic and performance, set only after consent.
  • Marketing cookies – enable retargeting and advertising, set only after consent.

Non essential cookies do not load unless you actively provide opt in consent through the cookie banner. Until consent is given, only strictly necessary cookies required for authentication and core functionality are used.

Strict opt-in: Analytics and marketing cookies (including Google Analytics, Google Ads, and Meta pixels) are disabled by default and activated only if you provide explicit consent through the cookie banner.

You can withdraw your consent or adjust cookie preferences anytime using the “Manage Cookies” link in the footer or in the settings of the Innovisto app.

Your consent applies to all https://innovisto.com and https://app.innovisto.com domains, subdomains and pages.

We also use server-side logging (Supabase logs, rate-limiting logs) for security, fraud prevention, and operational integrity. These logs do not track users for marketing purposes.

7. Data Sharing and International Transfers

We share personal data only with trusted third parties under contractual safeguards. These include:

  • Payment processor (Paddle)
  • Supabase (authentication, hosting, database services)
  • Twilio (delivery of one time passcodes)
  • Cloud hosting and infrastructure providers (primarily in the European Union)
  • Analytics and advertising partners (subject to your consent)
  • Professional advisors or authorities where required by law

Twilio Specific Notice
Twilio delivers all OTP (one time passcode) messages. Twilio processes your phone number and message delivery metadata. Twilio operates under its own privacy policy and may process data in the EU, US, or other global regions. Innovisto is not liable for Twilio’s handling or storage of OTP-related data.

International Transfers
Supabase data is hosted in the European Union.
Paddle may process data in the UK and EU.
Twilio may process data in the US or other global regions.
Transfers occur with contractual safeguards, including Standard Contractual Clauses where required.

We do not sell, rent, or lease your personal data to any third parties.

8. Security

  • Encryption in transit and at rest
  • Role-based access and least-privilege policies
  • Secure authentication (Supabase, OTP via Twilio)
  • Monitoring and incident response procedures
  • Regular vulnerability review and updates

No system is completely immune from risk, but we actively work to minimize exposure and respond promptly to any incidents.

9. Data Retention

Data Category Retention Period Reason
Account data Life of account + 24 months Reactivation, support, audit
Billing data 5 years Accounting and legal compliance
Analytics data 12 months Product improvement
Support messages 24 months Customer service records
Secure an Idea data Lifetime of subscription + 24 months Service continuity and audit

10. Your Rights

  • Access a copy of your personal data
  • Request correction of inaccurate information
  • Request deletion of your data (“right to be forgotten”)
  • Restrict or object to processing in certain cases
  • Request data portability in a structured format
  • Withdraw consent at any time (without affecting prior lawful processing)
  • Object to direct marketing communications
  • Lodge a complaint with your data protection authority

We respond to verified rights requests within 30 days. To exercise your rights, email support@innovisto.com with the subject line “Data Request.”

11. Children

The Service is intended for adults only. We do not knowingly collect or process personal data from anyone under 18 years of age. If we learn that we have collected data from a minor, we will delete it promptly.

12. Changes to this Policy

We may update this Privacy Policy to reflect changes in technology, law, or our practices. The latest version will always be available on our website. If material changes occur, we will notify users via email or prominent notice within the app. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Information

For any privacy-related questions or rights requests, contact:

Email: support@innovisto.com

For EU and UK users: EU Representative (Article 27): legal@innovisto.com

If you believe we have not addressed your concern adequately, you may lodge a complaint with your local supervisory authority.

Annex A – Overview of Processing Categories

Category Example Data Purpose Legal Basis
Account data Name, email, phone number, DOB, gender, timezone Account creation, authentication Contract
Subscription data Plan, renewal date, Paddle ID Manage billing and access Contract
Analytics Session data, interactions Product improvement Consent
Advertising Pixel data, UTM tracking Retargeting, campaign measurement Consent
Support Email, attachments Respond to inquiries Legitimate interest
Secure an Idea Secured idea IDs Feature operation Contract
Legal/compliance Invoices, records Accounting, audits Legal obligation

Last updated: 24.11.2025

Daily Business Ideas Subscription

About
How it WorksCategoriesFeaturesFAQContact Us
Legal
Terms of ServicePrivacy Policy
A Kiowa Mayfield Darlington Brand
© 2025 All Rights Reserved