Privacy Policy (Valenda.app)

Effective date: 1 February 2026

1. Who we are

Valenda.app (the “Service”) is operated by Dmitry Dubrovskiy (sole trader) trading as “Valenda” (“Valenda”, “we”, “us”).

Address: 3B Kaniere Place, Half Moon Bay, Auckland, New Zealand Privacy Officer / Contact: team@valenda.app

2. What this policy covers

This policy explains how we collect, use, store, and disclose personal information when you access or use the Service.

The Service is intended for business use. It is not designed for handling sensitive personal information (for example, identifiable patient health information). Do not submit unnecessary sensitive or identifiable personal information unless you have a lawful basis and it is required for your legitimate business purpose.

3. What we collect

We may collect:

• Account information (email, name if provided, role, workspace/organisation details).
• Billing and subscription information (plan, billing status, invoices/receipts, payment-related identifiers).
• Content you submit or connect for analysis (for example, marketing copy, posts, ads, landing page text, images). Depending on what you submit, Content may contain personal information.
• Limited technical and security information needed to operate and protect the Service (for example, IP address, timestamps, device/browser information, and basic operational/security logs).
• Support communications (messages and attachments you send us).

We do not use third-party marketing trackers and we do not run third-party analytics for marketing profiling.

4. How we collect it

We collect information:

• directly from you (registration, subscriptions, submissions, support);
• automatically when you use the Service (limited technical/security data);
• from third-party accounts you choose to connect (only within the permissions you authorise).

5. How we use personal information

We use personal information to:

• provide and operate the Service (including generating reports and keeping scan history);
• manage accounts, authentication, and security;
• process subscriptions and payments;
• provide support and respond to requests;
• maintain, protect, and improve the Service (including abuse prevention and troubleshooting);
• comply with legal obligations and enforce our terms.

6. Business users and your responsibilities

If you use the Service for a business (for example, a clinic or agency), you confirm you are authorised to provide information to us and to allow us to process it as described in this policy.

You are responsible for ensuring you have the right to submit Content, and for ensuring any personal information included in Content is handled lawfully.

7. Who we share information with

We may share personal information with:

• Payment processors (Stripe) for payment processing and subscription billing;
• Hosting/infrastructure providers (Amazon Web Services) to operate and store Service data;
• Professional advisers where necessary (for example, legal/accounting);
• Authorities or regulators where required by law, or to protect rights and safety.

We do not sell personal information.

8. Where data is stored and processed (cross-border)

8.1 Primary hosting and processing in Australia

The Service operates using infrastructure located in Australia. Your Content and Service data may be stored and processed in Australia, including via Amazon Web Services.

8.2 Access from New Zealand and other locations

While primary storage/processing is in Australia, Service administration and support may involve access to Service data from New Zealand and/or Australia.

8.3 Payment processing (Stripe)

Payments are processed by Stripe. We do not intend to store full payment card numbers or card security codes on our systems. Stripe may store or process certain information in multiple locations depending on its operations and your use of payment methods.

8.4 Safeguards for overseas processing

We take reasonable steps to protect personal information when it is processed or stored outside New Zealand, taking into account the nature of the information and the services provided.

9. Security

We take reasonable safeguards to protect personal information against loss, misuse, and unauthorised access, disclosure, alteration, or destruction. No method of transmission or storage is completely secure, and we do not promise absolute security.

10. Retention and deletion

We keep personal information only as long as reasonably necessary for the purposes in this policy, unless a longer period is required or permitted by law (for example, accounting/tax, disputes, security, audit).

If you close your account or request deletion, we will take reasonable steps to delete or de-identify personal information we are not required to keep. Some information may remain for a limited period in backups or logs.

11. Your rights (access and correction)

You have the right to request access to personal information we hold about you and to request correction.

Contact: team@valenda.app. We may verify your identity before responding. If we do not agree a correction is required, you may request a statement of correction where applicable.

12. Cookies

The Service may use essential cookies required for sign-in and basic functionality. You can control cookies through your browser settings, but disabling cookies may affect functionality.

13. Privacy breaches

If a privacy breach occurs that we reasonably believe has caused or is likely to cause serious harm, we will take steps required by applicable law, which may include notifying affected individuals and relevant authorities.

14. Complaints

Contact our Privacy Officer at team@valenda.app. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner (New Zealand).

15. Changes to this policy

We may update this policy from time to time. The updated version applies from its effective date. Continued use of the Service after an update means you accept the updated policy.