Privacy Policy

Silvoo is operated by DjaloVentures OU, a company registered in the Republic of Estonia (registry code: 16915498). We are committed to protecting your privacy and handling your data with transparency and care.

This Privacy Policy explains how we collect, use, store, and protect information when you use our document lifecycle management platform and related services.

For the purposes of the General Data Protection Regulation (GDPR), DjaloVentures OU is the data controller for personal data collected through our services.

This policy applies to:

• The Silvoo web application and any associated mobile applications
• Our marketing website at silvoo.io
• Communications between you and Silvoo, including support and sales interactions
• Any other services that reference this Privacy Policy

This policy does not apply to third-party websites, applications, or services that may be linked from our platform.

Account Data

When you register for Silvoo, we collect:

• Name and email address
• Organisation name and business contact details
• Billing information processed by our payment provider
• User preferences and settings

Uploaded Documents and Metadata

When you use our platform, we process:

• Documents you upload, create, or generate within the platform
• Document metadata such as file names, sizes, creation dates, and modification history
• Workflow data including approval chains, signatures, and audit trails
• Comments, annotations, and collaborative inputs

Usage and Technical Data

We automatically collect certain technical information:

• Device information such as browser type and operating system
• IP address and approximate location
• Pages visited, features used, and actions taken within the platform
• Error logs and performance data
• Authentication and session information

We use the information we collect to:

• Provide, operate, and maintain the Silvoo platform
• Process your documents and execute workflow automations
• Authenticate users and manage access permissions
• Process payments and manage subscriptions
• Send transactional communications such as account notifications and workflow alerts
• Provide customer support and respond to enquiries
• Monitor and improve platform performance and security
• Comply with legal obligations and enforce our terms
• Send product updates and announcements with your consent

Contract Performance

Processing necessary to fulfil our contractual obligations to you, including providing the platform services, processing documents, and managing your account.

Legitimate Interests

Processing necessary for our legitimate business interests, such as improving our services, ensuring security, and preventing fraud, where these interests are not overridden by your rights.

Legal Obligations

Processing necessary to comply with applicable laws, regulations, or legal processes.

Consent

For certain processing activities, such as marketing communications, we rely on your explicit consent, which you may withdraw at any time.

We take an EU-first approach to data storage. Your data is processed and stored within the European Economic Area (EEA) using reputable cloud infrastructure providers with appropriate security certifications.

Our infrastructure is designed for:

• High availability and redundancy
• Regular automated backups
• Encryption of data at rest and in transit
• Physical security controls at data centre facilities

Silvoo uses artificial intelligence features to help you manage documents more effectively. We want to be clear about how your data is used in this context:

• No training on customer documents by default: We do not use your documents or their contents to train machine learning models unless you explicitly opt in to such programmes.
• Customer data ownership: You retain full ownership of all documents and data you upload to Silvoo. We process your data solely to provide the services you have requested.
• AI processing for your benefit: When AI features analyse your documents, this processing is performed solely to deliver functionality to you.

Where we use third-party AI services, we ensure appropriate data processing agreements are in place and that your data is handled in accordance with this policy.

We share your data only in the following circumstances:

• Service providers: We work with carefully selected subprocessors who help us deliver our services. All subprocessors are bound by data processing agreements.
• At your direction: When you choose to share documents with others or integrate with third-party services.
• Legal requirements: When required by law, court order, or governmental authority.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.

We do not sell your personal data to third parties.

We retain your data for as long as necessary to provide our services and fulfil the purposes described in this policy:

• Account data: Retained while your account is active and for a reasonable period thereafter to allow for reactivation or to comply with legal obligations.
• Documents: Retained until you delete them or close your account, subject to any retention periods required by law or your subscription terms.
• Audit logs: Retained for the period specified in your service agreement or as required for compliance purposes.
• Technical logs: Generally retained for up to 90 days for operational and security purposes.

Upon account termination, we will delete or anonymise your data in accordance with our data retention schedule, unless retention is required by law.

As a data subject under GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your data in certain circumstances.
• Right to restriction: Request that we limit how we use your data.
• Right to data portability: Receive your data in a structured, commonly used format.
• Right to object: Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month, as required by GDPR.

You also have the right to lodge a complaint with your local data protection authority. In Estonia, this is the Data Protection Inspectorate (Andmekaitse Inspektsioon).

We implement appropriate technical and organisational measures to protect your data:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Employee training on data protection
• Incident response procedures

We use a minimal, essential-first approach to cookies:

• Essential cookies: Required for the platform to function, including authentication, security, and preferences.
• Analytics cookies: Help us understand how the platform is used. These are only placed with your consent.

We do not use third-party advertising cookies or tracking pixels. You can manage cookie preferences through your browser settings or our cookie consent interface.

Our primary data processing occurs within the EEA. In limited circumstances, data may be transferred outside the EEA. Where this occurs, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission for the recipient country
• Other lawful transfer mechanisms under GDPR

For questions about this Privacy Policy or to exercise your data protection rights, please contact us:

DjaloVentures OU
Harju maakond, Tallinn, Kesklinna linnaosa
Narva mnt 5, 10117, Estonia
Email: privacy@silvoo.io

We aim to respond to all enquiries within 30 days.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email or through the platform for significant changes
• Provide a summary of key changes where appropriate

We encourage you to review this policy periodically to stay informed about how we protect your data.