Privacy Policy

← Back to Home

1. Data Controller

The data controller for personal data processed through the MatjarUK platform is:

• MatjarUK Technologies, Inc.
• 2614 Westheimer Rd, Suite 210, Houston, TX 77098, United States
• Privacy Officer: privacy@matjaruk.com
• Phone: +1 (713) 482-7190

Where we process personal data on behalf of our business clients (e.g., their customers' delivery addresses), we act as a Data Processor. Our clients remain the Data Controller for that data.

2. Data We Collect

We collect the following categories of personal data:

2.1 Account Data

• Full name, business email address, phone number, job title
• Company name, registration number, billing address
• Password (hashed, never stored in plaintext)

2.2 Usage Data

• Feature interactions, dashboard views, search queries
• Order routing decisions, inventory queries, supplier actions
• Login timestamps, session duration, pages visited

2.3 Technical Data

• IP address, browser type and version, operating system
• Device identifiers, screen resolution
• Referral source and navigation paths

2.4 Client-Uploaded Data

• Product catalogues, supplier contact details, order records
• Customer shipping addresses and order histories (processed on behalf of our clients)

3. How We Use Data

We process personal data for the following purposes:

• Service Delivery — operating the platform, synchronising inventory, routing orders, coordinating with suppliers
• Transactional Notifications — sending order confirmations, inventory alerts, delivery updates, and security notices
• Billing & Invoicing — processing subscription fees, generating receipts, managing payment records
• Security & Fraud Prevention — monitoring for unauthorised access, enforcing rate limits, detecting anomalies
• Legal Compliance — fulfilling regulatory obligations, responding to lawful requests from authorities
• Platform Improvement — analysing usage patterns to improve features, fix defects, and optimise performance (using aggregated, de-identified data)

4. Legal Bases for Processing (GDPR)

Under the General Data Protection Regulation, we process personal data on the following legal bases:

• Performance of Contract (Article 6(1)(b)) — processing necessary to deliver the Service you have subscribed to
• Legitimate Interest (Article 6(1)(f)) — security monitoring, fraud prevention, platform analytics (balanced against your rights)
• Legal Obligation (Article 6(1)(c)) — tax record-keeping, regulatory disclosures, law enforcement cooperation
• Consent (Article 6(1)(a)) — where explicitly requested, such as optional usage analytics; consent can be withdrawn at any time

5. We Do Not Sell Personal Data

MatjarUK does not sell, rent, trade, or otherwise disclose personal data to third parties for their own commercial purposes. This commitment applies to all categories of personal data we collect, under both GDPR and CCPA definitions of "sale."

6. Sub-Processors

We share personal data with the following categories of sub-processors, strictly for the purposes described:

• Amazon Web Services (AWS) — cloud infrastructure hosting (eu-west-2 London region). AWS Privacy
• Mailgun (Sinch) — transactional email delivery. Mailgun Privacy
• Stripe — payment processing and subscription billing. Stripe Privacy

Each sub-processor is bound by a Data Processing Agreement that limits processing to the purposes specified by MatjarUK and requires equivalent security standards.

7. International Data Transfers

As a US-based company serving UK and EU clients, we transfer personal data internationally. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) — EU-approved clauses incorporated into our agreements with sub-processors
• EU-US Data Privacy Framework — we adhere to the principles of the framework where applicable
• UK International Data Transfer Agreement (IDTA) — supplementary provisions for UK transfers

8. Data Retention

We retain personal data only as long as necessary for the purposes described:

• Account data — retained for the duration of your subscription, plus 90 days for data export
• Usage data — retained for 24 months, then aggregated and anonymised
• Technical / server logs — retained for 12 months
• Email delivery logs — retained for 90 days
• Billing records — retained for 7 years (tax compliance)
• Consent records — retained for 36 months after last activity
• Client-uploaded data — deleted within 30 days of account termination, unless export is requested

9. Your Rights — GDPR

If you are located in the European Economic Area or United Kingdom, you have the following rights:

• Right of Access — request a copy of the personal data we hold about you
• Right to Rectification — correct inaccurate or incomplete data
• Right to Erasure — request deletion of your data ("right to be forgotten")
• Right to Restriction — limit processing in certain circumstances
• Right to Data Portability — receive your data in a structured, machine-readable format
• Right to Object — object to processing based on legitimate interest
• Right to Withdraw Consent — where processing is based on consent, withdraw at any time without affecting lawfulness of prior processing

We respond to all data subject requests within 30 days. To exercise your rights, email privacy@matjaruk.com.

You also have the right to lodge a complaint with a supervisory authority, such as the UK Information Commissioner's Office (ICO) at ico.org.uk.

10. Your Rights — CCPA

If you are a California resident, the California Consumer Privacy Act grants you the following rights:

• Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete — request deletion of personal information we have collected
• Right to Opt-Out of Sale — we do not sell personal information; therefore, there is no sale from which to opt out
• Right to Non-Discrimination — we will not discriminate against you for exercising any CCPA rights

To submit a CCPA request, email privacy@matjaruk.com with the subject line "CCPA Request."

11. Cookies

MatjarUK uses strictly necessary cookies only:

• Session cookie — maintains your authenticated session while using the platform
• CSRF token — prevents cross-site request forgery attacks

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No personal data is shared with advertising networks.

12. Data Security

We implement technical and organisational measures to protect your data:

• Encryption in transit — TLS 1.3 for all connections
• Encryption at rest — AES-256 for stored data
• Access controls — role-based access (RBAC) with principle of least privilege
• Multi-factor authentication — enforced for all internal systems and encouraged for client accounts
• Vulnerability management — regular dependency scanning and penetration testing
• Incident detection — real-time monitoring for anomalous access patterns

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We will provide at least 30 days' advance notice via email and in-app notification
• The "Last Updated" date at the top of this page will be revised
• Continued use of the Service after the effective date constitutes acceptance of the updated policy

14. Contact

For privacy-related enquiries, data subject requests, or complaints:

• Privacy Officer — MatjarUK Technologies, Inc.
• 2614 Westheimer Rd, Suite 210, Houston, TX 77098
• Email: privacy@matjaruk.com
• Phone: +1 (713) 482-7190