Winora

Legal

Privacy Policy

Effective date: 1 June 2025

1. Who We Are

Winnoventures("Winora", "we", "us", "our") operates the Winora platform at winora.io. We are the data controller for personal data collected through our website and services. For questions, contact privacy@winora.io.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: name, work email address, company name, and password (hashed) when you create an account.
  • Usage data: pages visited, features used, and actions taken within the platform, collected via server-side logs.
  • Customer data: data you import or generate within the Service (conversations, contacts, etc.) — you remain the controller of this data.
  • Communications: emails you send to our support team.

3. How We Use Your Data

  • To provide, maintain, and improve the Service
  • To send transactional emails (account verification, password reset, access notifications)
  • To respond to support requests
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

We do not sell your personal data. We do not use your data for advertising.

4. Legal Basis (GDPR)

Where GDPR applies, we process personal data under the following bases:

  • Contract: to perform our agreement with you
  • Legitimate interests: to improve the Service and ensure security
  • Legal obligation: to comply with applicable law
  • Consent: for marketing communications (where obtained)

5. Data Sharing

We share personal data only with:

  • Infrastructure providers (hosting, database) under data processing agreements
  • Professional advisers (lawyers, accountants) bound by confidentiality
  • Authorities when required by law or to protect our legal rights

6. Data Retention

We retain account data for as long as your account is active and for 30 days after deletion, after which it is securely purged. Server logs are retained for up to 90 days.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, email privacy@winora.io. We will respond within 30 days.

8. Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, and access controls. We notify affected users within 72 hours of becoming aware of a personal data breach.

9. International Transfers

Our infrastructure is hosted in data centres that may be outside your country. Where data is transferred outside the EEA or UK, we rely on Standard Contractual Clauses or equivalent safeguards.

10. Cookies

We use strictly necessary and functional cookies. See our Cookie Policy for details.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or an in-product notice at least 14 days before they take effect.

12. Contact

For privacy enquiries: privacy@winora.io