Privacy Policy

Effective Date: 24.11.2025

This Privacy Policy explains how Kiowa Mayfield Darlington (FZE) (“Innovisto”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you use the Innovisto platform and website. We are committed to safeguarding your privacy and ensuring that your personal information is handled lawfully, transparently, and securely.

1. Scope and Controller

This Policy applies to all data collected through the Innovisto website and application (collectively, the “Service”).

Innovisto is a brand owned and exclusively managed by Kiowa Mayfield Darlington (FZE), a Free Zone company registered at the Sharjah Research Technology and Innovation Park, Sharjah, United Arab Emirates.

For EU and UK users, Innovisto has appointed a GDPR Article 27 representative, reachable at legal@innovisto.com.

Innovisto complies with the General Data Protection Regulation (GDPR) and UAE Federal Law No. 45 of 2021 (Personal Data Protection Law).

2. Data We Collect

We collect only the data necessary to operate and improve the Service. The types of data we process include:

Account Information

  • First name and last name
  • Date of birth and gender
  • Email address
  • Mobile phone number (for authentication via OTP)
  • Timezone
  • Password hash or social login identifier
  • Subscription status and linked Paddle customer ID
  • Records of Ideas you secure (for delivery logic and account features)

Usage Data

  • Device type, browser, and operating system
  • IP address and approximate region
  • Session timestamps and activity logs
  • In-app preferences and selected categories
  • Supabase server logs (IP address, request metadata, security logs)

Support Data

  • Communications sent via email or through contact forms
  • Any attachments or information you choose to share for troubleshooting

Payment Metadata

  • Subscription plan, status, and transaction identifiers received from Paddle
  • We do not store or process full card details

Cookies and Tracking Data

  • Consent-based cookies for authentication, preferences, analytics, and marketing
  • Non essential cookies (analytics, marketing, advertising) only load if you expressly opt in via the cookie banner

3. Sources of Data

  • Direct input by you during registration or profile updates
  • Automated collection through your use of the Service
  • Paddle, for subscription metadata and billing status updates
  • Twilio, for delivery of OTP messages
  • Supabase, for authentication and system logs

4. Purpose and Legal Basis of Processing

PurposeDescriptionLegal Basis
Account setup and authenticationTo create, verify, and maintain your account, including phone number verification and delivery of OTP codesContract performance (Art. 6(1)(b) GDPR)
Subscription and billingTo manage plans, renewals, and payments through PaddleContract performance; legal obligation for tax
Service operationTo provide access to the daily idea platform and maintain technical performanceContract performance
Secure an IdeaTo operate the Secure an Idea functionality and maintain internal delivery logicContract performance
Customer supportTo respond to inquiries and resolve issuesLegitimate interests (Art. 6(1)(f))
Security and abuse preventionTo detect fraud, prevent misuse, and protect the Service (Supabase logs, server logs, OTP verification)Legitimate interests; legal obligation
Analytics and improvementTo evaluate usage trends and improve the ServiceConsent (Art. 6(1)(a))
Marketing communicationTo send optional updates or promotional materialConsent (Art. 6(1)(a))
Legal complianceTo meet regulatory and tax obligationsLegal obligation (Art. 6(1)(c))

Where we rely on consent, you may withdraw it at any time through the cookie settings or by unsubscribing from communications.

5. Payments and Merchant of Record

All payments and billing are handled exclusively by Paddle, which acts as the Merchant of Record. Paddle is an independent controller of your payment data and is responsible for collecting, storing, and processing financial information in accordance with its own privacy policy and applicable laws.

Innovisto only receives limited metadata from Paddle (such as customer ID, plan, and payment status) necessary to maintain your subscription access.

By completing checkout, you also agree to Paddle’s own Privacy Policy, which governs their handling of billing and financial information.

6. Cookies and Tracking

We use cookies and similar technologies to ensure the secure and proper operation of the Service.

Cookie categories:

  • Essential cookies – required for login, session management, and security.
  • Preference cookies – save your language and display settings.
  • Analytics cookies – measure traffic and performance, set only after consent.
  • Marketing cookies – enable retargeting and advertising, set only after consent.

Non essential cookies do not load unless you actively provide opt in consent through the cookie banner. Until consent is given, only strictly necessary cookies required for authentication and core functionality are used.

Strict opt-in: Analytics and marketing cookies (including Google Analytics, Google Ads, and Meta pixels) are disabled by default and activated only if you provide explicit consent through the cookie banner.

You can withdraw your consent or adjust cookie preferences anytime using the “Manage Cookies” link in the footer.

We also use server-side logging (Supabase logs, rate-limiting logs) for security, fraud prevention, and operational integrity. These logs do not track users for marketing purposes.

7. Data Sharing and International Transfers

We share personal data only with trusted third parties under contractual safeguards. These include:

  • Payment processor (Paddle)
  • Supabase (authentication, hosting, database services)
  • Twilio (delivery of one time passcodes)
  • Cloud hosting and infrastructure providers (primarily in the European Union)
  • Analytics and advertising partners (subject to your consent)
  • Professional advisors or authorities where required by law

Twilio Specific Notice
Twilio delivers all OTP (one time passcode) messages. Twilio processes your phone number and message delivery metadata. Twilio operates under its own privacy policy and may process data in the EU, US, or other global regions. Innovisto is not liable for Twilio’s handling or storage of OTP-related data.

International Transfers
Supabase data is hosted in the European Union.
Paddle may process data in the UK and EU.
Twilio may process data in the US or other global regions.
Transfers occur with contractual safeguards, including Standard Contractual Clauses where required.

We do not sell, rent, or lease your personal data to any third parties.

8. Security

  • Encryption in transit and at rest
  • Role-based access and least-privilege policies
  • Secure authentication (Supabase, OTP via Twilio)
  • Monitoring and incident response procedures
  • Regular vulnerability review and updates

No system is completely immune from risk, but we actively work to minimize exposure and respond promptly to any incidents.

9. Data Retention

Data CategoryRetention PeriodReason
Account dataLife of account + 24 monthsReactivation, support, audit
Billing data5 yearsAccounting and legal compliance
Analytics data12 monthsProduct improvement
Support messages24 monthsCustomer service records
Secure an Idea dataLifetime of subscription + 24 monthsService continuity and audit

10. Your Rights

  • Access a copy of your personal data
  • Request correction of inaccurate information
  • Request deletion of your data (“right to be forgotten”)
  • Restrict or object to processing in certain cases
  • Request data portability in a structured format
  • Withdraw consent at any time (without affecting prior lawful processing)
  • Object to direct marketing communications
  • Lodge a complaint with your data protection authority

We respond to verified rights requests within 30 days. To exercise your rights, email support@innovisto.com with the subject line “Data Request.”

11. Children

The Service is intended for adults only. We do not knowingly collect or process personal data from anyone under 18 years of age. If we learn that we have collected data from a minor, we will delete it promptly.

12. Changes to this Policy

We may update this Privacy Policy to reflect changes in technology, law, or our practices. The latest version will always be available on our website. If material changes occur, we will notify users via email or prominent notice within the app. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Information

For any privacy-related questions or rights requests, contact:

Email: support@innovisto.com

For EU and UK users: EU Representative (Article 27): legal@innovisto.com

If you believe we have not addressed your concern adequately, you may lodge a complaint with your local supervisory authority.

Annex A – Overview of Processing Categories

CategoryExample DataPurposeLegal Basis
Account dataName, email, phone number, DOB, gender, timezoneAccount creation, authenticationContract
Subscription dataPlan, renewal date, Paddle IDManage billing and accessContract
AnalyticsSession data, interactionsProduct improvementConsent
AdvertisingPixel data, UTM trackingRetargeting, campaign measurementConsent
SupportEmail, attachmentsRespond to inquiriesLegitimate interest
Secure an IdeaSecured idea IDsFeature operationContract
Legal/complianceInvoices, recordsAccounting, auditsLegal obligation

Last updated: 24.11.2025

Curated Daily Business Ideas

About
OverviewFeatureFAQDownload
Legal
Terms of ServicePrivacy Policy
innovisto.com
© 2025 All Rights Reserved
A Kiowa Mayfield Darlington Brand