Privacy Policy

Last updated: June 10, 2026

1. Introduction and Scope

This Privacy Policy explains how YCELLO LTD ("we," "the Company," "SVNGU," or "us") collects, uses, stores, shares, and protects personal data when you access or use our websites, applications, tools, and services.

This Privacy Policy applies to SVNGU and all current or future products and services operated under the SVNGU brand, including but not limited to AI-assisted compliance tools, label generation tools, product research tools, listing optimization tools, batch processing functions, OCR/manual parsing, translation assistance, and other related online technical services.

For the purposes of this Privacy Policy, "SVNGU Services" means all websites, applications, tools, products, features, and online technical services operated under the SVNGU brand.

By accessing our website, creating an account, purchasing a plan, uploading content, using any paid or free feature, or otherwise using the SVNGU Services, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy should be read together with our Terms of Service, Cookie Policy, Generated Output Disclaimer, Billing and Credits Policy, and any other supplemental terms, policies, notices, or guidelines made available by YCELLO LTD.

Company name: YCELLO LTD

Jurisdiction: United Kingdom

Website: https://www.svngu.com

Email: support@svngu.com

SVNGU is the commercial brand used for the services described in this Privacy Policy. Unless otherwise stated, all rights and obligations relating to SVNGU Services are held by YCELLO LTD.

YCELLO LTD has filed a European Union Trade Mark application for the SVNGU brand under EUTM Application No. 019364470. The SVNGU name, logo, visual identity, product names, interface elements, and brand materials may not be used, copied, modified, reproduced, or distributed without our prior written permission.

For certain personal data, YCELLO LTD acts as the data controller, meaning that we determine the purposes and means of processing such personal data. This may include account data, billing records, security logs, support communications, service administration data, and certain analytics or operational data.

Where the General Data Protection Regulation (GDPR) applies and we process personal data included in Uploaded Content on behalf of a user, SVNGU may act as a data processor, as further explained in Section 4 of this Privacy Policy.

2. Key Definitions

For the purposes of this Privacy Policy:

"User," "you," or "your" means any individual, company, organization, seller, trader, manufacturer, compliance operator, or other legal entity that accesses or uses the SVNGU Services.

"Personal data" means any information that identifies, relates to, describes, or could reasonably be linked to an identified or identifiable natural person.

"Uploaded Content" means any product information, images, documents, manuals, business materials, listing data, company information, compliance materials, or other information submitted, uploaded, imported, or entered by you into the SVNGU Services.

"Generated Output" means any content, result, suggestion, label text, compliance statement, risk notice, classification suggestion, translated content, analysis, report, document, QR-linked content, or other output generated through the SVNGU Services.

"Third-Party Services" means payment providers, cloud infrastructure providers, AI model providers, analytics providers, hosting services, email services, customer support services, OCR tools, APIs, or other external services used to support SVNGU Services.

3. Personal Data We Collect

We collect only the data that is necessary for account operation, service delivery, billing, security, legal compliance, product improvement, and customer support.

Depending on how you use the SVNGU Services, we may collect the following categories of data.

(1) Account and Identification Data

This may include:

  • email address;
  • name or contact name;
  • login credentials or authentication information;
  • account ID;
  • account status;
  • user role or permission level;
  • company or organization name, where applicable.

This data is used to create and manage your account, authenticate access, maintain account security, and provide the SVNGU Services.

(2) Business and Company Data

This may include:

  • company name;
  • billing information;
  • business contact details;
  • tax or invoice-related information, where applicable;
  • team or enterprise account information;
  • member account information and permission settings.

This data is used for billing, account management, enterprise access control, invoicing, customer support, and service administration.

(3) Payment and Billing Data

Payments may be processed by third-party payment providers, including but not limited to Lemon Squeezy or other payment service providers.

We may receive and store limited billing-related records, such as:

  • order ID;
  • subscription status;
  • plan type;
  • payment status;
  • invoice or receipt information;
  • billing email;
  • transaction reference;
  • refund or cancellation status.

We do not directly store full payment card details. Payment card information is processed by the relevant payment provider according to its own security and privacy standards, including payment card industry security standards such as PCI-DSS where applicable.

(4) Uploaded Content and Business Data

When you use SVNGU Services, you may submit, upload, import, or enter content such as:

  • product names;
  • product descriptions;
  • product images;
  • product manuals;
  • PDF files;
  • technical documents;
  • product materials;
  • warning text;
  • manufacturer information;
  • responsible person or representative information;
  • listing content;
  • marketplace-related product information;
  • cost, price, or profitability assumptions;
  • other business information required to generate outputs.

Uploaded Content is processed only for the purpose of providing the relevant SVNGU Services, such as parsing, OCR processing, translation, label generation, compliance reference generation, product analysis, listing optimization, exporting, storing, or displaying service results.

SVNGU does not claim ownership over your Uploaded Content.

(5) Generated Output and Usage Records

We may store Generated Output and related usage records, including:

  • generated labels;
  • compliance reference results;
  • declaration drafts;
  • listing suggestions;
  • product research outputs;
  • profitability or marketplace analysis outputs;
  • translation results;
  • export records;
  • generation history;
  • credit consumption records;
  • task status and processing logs.

This data is used to provide service history, allow users to access previous results, support billing and credit calculation, troubleshoot errors, prevent abuse, and improve service reliability.

(6) Technical, Device, and Log Data

When you access or use the SVNGU Services, we may automatically collect technical data, including:

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • pages visited;
  • referring URLs;
  • access time and date;
  • session identifiers;
  • error logs;
  • security logs;
  • performance data;
  • API request logs;
  • approximate location derived from technical data.

This data is used for security, fraud prevention, system diagnostics, abuse prevention, performance monitoring, service improvement, and legal compliance.

(7) Cookies and Similar Technologies

We may use cookies, local storage, session storage, pixels, tags, scripts, and similar technologies to support login sessions, account security, preferences, analytics, checkout flows, and service functionality.

For more details, please refer to our Cookie Policy.

(8) Customer Support and Communications Data

If you contact us for support, complaints, feedback, billing questions, technical issues, or business inquiries, we may process:

  • your name or contact name;
  • email address;
  • message content;
  • screenshots or files you provide;
  • support history;
  • issue status;
  • communication records.

This data is used to respond to your request, provide technical assistance, resolve disputes, improve our services, and maintain support records.

4. GDPR Roles: Controller and Processor

Where the General Data Protection Regulation (GDPR) applies, the role of SVNGU depends on the type of data and the context of processing.

(1) User as Data Controller

The user will generally act as the data controller for personal data included in Uploaded Content, product materials, business documents, manuals, images, listing information, or other data submitted by the user.

This is because the user determines what data is uploaded, why it is uploaded, and how the Generated Output will be used in the user's business.

If you upload or submit personal data relating to another person, company representative, manufacturer contact, responsible person, employee, customer, supplier, or third party, you are responsible for ensuring that you have a lawful basis and necessary authorization to provide such data to SVNGU.

(2) SVNGU as Data Processor

SVNGU will generally act as a data processor when it processes personal data included in Uploaded Content on behalf of the user solely to provide the SVNGU Services.

This may include parsing, OCR processing, generating, translating, analysing, storing, exporting, displaying, or deleting service outputs.

(3) SVNGU as Data Controller

SVNGU may act as an independent data controller for certain data, including:

  • account registration data;
  • billing and payment records;
  • customer support communications;
  • security logs;
  • fraud prevention records;
  • service administration data;
  • product analytics;
  • legal compliance records;
  • website traffic and technical data.

(4) Data Processing Agreement

If a Data Processing Agreement (DPA) is required for business or enterprise use, users may contact us at support@svngu.com.

5. Legal Bases for Processing

Where GDPR, UK GDPR, or similar data protection laws apply, we rely on one or more of the following legal bases for processing personal data.

(1) Performance of a Contract

We process personal data to provide the SVNGU Services, manage accounts, process subscriptions, generate outputs, maintain service access, provide support, and perform our contractual obligations.

This legal basis may apply to account data, authentication data, Uploaded Content, Generated Output, task history, credit consumption records, and service usage records where such processing is necessary to provide the requested service.

(2) Legitimate Interests

We may process personal data based on our legitimate interests, including:

  • maintaining service security;
  • preventing fraud and abuse;
  • improving service reliability;
  • monitoring system performance;
  • troubleshooting technical issues;
  • protecting our legal rights;
  • enforcing our Terms of Service;
  • understanding how users interact with our services.

This legal basis may apply to technical logs, security logs, fraud prevention records, service diagnostics, aggregated usage statistics, and limited product improvement data.

(3) Consent

We may rely on consent for:

  • non-essential cookies;
  • marketing emails;
  • newsletters;
  • certain optional analytics;
  • optional product communications;
  • other processing activities where consent is required by law.

You may withdraw consent where applicable.

(4) Legal Obligation

We may process and retain personal data where necessary to comply with legal, regulatory, tax, accounting, audit, security, or law enforcement obligations.

This legal basis may apply to billing records, invoices, tax records, transaction records, compliance records, dispute records, and legally required retention of business documents.

6. How We Use Your Data

We may use personal data for the following purposes.

(1) Providing and Maintaining the Services

We use data to:

  • create and manage accounts;
  • authenticate users;
  • provide access to paid and free features;
  • process Uploaded Content;
  • generate and store Generated Output;
  • support OCR, parsing, translation, analysis, label generation, and listing optimization;
  • maintain task history and export records;
  • provide product functionality.

(2) Billing, Credits, and Subscription Management

We use data to:

  • manage subscriptions;
  • record plan status;
  • calculate usage and credit consumption;
  • process payments through payment providers;
  • handle refunds, cancellations, and invoices;
  • prevent payment abuse or fraud;
  • provide billing support.

(3) Security, Abuse Prevention, and Risk Control

We use data to:

  • verify account access;
  • detect suspicious login behavior;
  • prevent fraud, scraping, automated abuse, attacks, and unauthorized access;
  • monitor system activity;
  • protect users and SVNGU Services;
  • investigate violations of our Terms of Service.

(4) Product Improvement and Service Optimization

We may use technical logs, error reports, usage statistics, and aggregated or de-identified data to:

  • improve service performance;
  • identify common errors;
  • improve user experience;
  • evaluate feature usage;
  • maintain service stability;
  • improve internal rules, workflows, and system reliability.

Where possible, we use aggregated, anonymized, or de-identified data for product improvement.

(5) Customer Support and Communications

We use data to:

  • respond to support requests;
  • resolve technical issues;
  • provide service updates;
  • send administrative notifications;
  • respond to complaints or feedback;
  • notify users of important changes to our services or policies.

(6) Legal Compliance

We may use data to:

  • comply with applicable laws;
  • respond to lawful requests from public authorities;
  • maintain tax, accounting, or business records;
  • protect legal rights;
  • handle disputes, investigations, or enforcement actions.

7. AI Processing and Automated Tools

Some SVNGU Services may use artificial intelligence, automation, OCR, translation systems, rule-based processing, data analysis, calculation models, or other technical tools to generate outputs.

When you submit Uploaded Content to such features, the relevant data may be processed by SVNGU systems and, where necessary, by selected Third-Party Services that support AI, OCR, translation, hosting, processing, or infrastructure functions.

We use such processing to provide the requested service, generate outputs, improve reliability, detect errors, and maintain system functionality.

We do not use your Uploaded Content to claim ownership over your business materials.

Where we use third-party AI or infrastructure providers, we take reasonable steps to ensure that data is processed only for service delivery, security, reliability, or other purposes described in this Privacy Policy.

8. Sharing Data with Third Parties

We do not sell your personal data.

We may share personal data only where necessary for service delivery, legal compliance, security, payment processing, or business operations.

Third parties may include the following categories.

(1) Payment Providers

Payment providers such as Lemon Squeezy or similar services may process payment, subscription, tax, fraud prevention, checkout, invoice, and refund-related data.

Payment data is processed by the relevant payment provider according to its own privacy, security, and payment processing standards, including PCI-DSS where applicable. SVNGU does not directly store full payment card details.

(2) Hosting, Database, Object Storage, and Infrastructure Providers

We use hosting, database, object storage, serverless, CDN, security, monitoring, and infrastructure providers to operate the SVNGU Services.

Our website and application may be hosted through providers such as Vercel. Our primary database is currently hosted in the Central EU region in Frankfurt, Germany through Supabase. Our primary object storage is currently hosted in Frankfurt, Germany within the European Union through Alibaba Cloud Object Storage Service (OSS).

We have entered into appropriate data processing arrangements with our infrastructure providers where required, including contractual safeguards such as Standard Contractual Clauses or equivalent transfer mechanisms where applicable.

Additional supporting services may process data in other locations as described in this Privacy Policy.

(3) AI, OCR, Translation, and Processing Providers

Where necessary to provide requested features, we may use selected AI model providers, OCR providers, translation providers, or technical processing providers.

(4) Analytics and Performance Providers

Where enabled, we may use analytics providers to understand website traffic, feature usage, service performance, errors, and user experience.

(5) Email, Support, and Communication Providers

We may use email, notification, support, or customer communication providers to send account notices, service messages, support replies, and administrative communications.

(6) Legal, Compliance, and Public Authorities

We may disclose data where required by law, court order, regulator, tax authority, law enforcement agency, payment provider, or other competent authority.

(7) Business Transfers

If SVNGU or YCELLO LTD is involved in a merger, acquisition, financing, restructuring, asset sale, or similar transaction, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

9. International Data Transfers

YCELLO LTD is established in the United Kingdom. Our primary infrastructure providers and storage locations are described in Section 9.2.

Depending on the service feature, payment flow, hosting provider, database provider, object storage provider, AI processing provider, analytics provider, customer support provider, email provider, or other Third-Party Services used, personal data may be processed in the United Kingdom, the European Economic Area, the United States, or other jurisdictions.

Where personal data is transferred outside the United Kingdom or the European Economic Area, we will take reasonable steps to ensure that appropriate safeguards are in place, such as adequacy decisions, Standard Contractual Clauses, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms where applicable.

10. Data Storage and Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law, tax, accounting, security, fraud prevention, dispute resolution, compliance, or legitimate business purposes.

Our general retention approach is as follows:

  • Account data: retained while your account remains active.
  • Ordinary Uploaded Content and Generated Output: generally retained for up to 365 days, unless you delete it earlier or a longer retention period is required or permitted.
  • Compliance-related records: EU declaration content, QR-linked compliance pages, product label records, Generated Output used for compliance preparation, and related product safety or marketplace submission records may be retained for at least 3 years where necessary to support user access, regulatory reference, platform review, audit trail, or compliance documentation needs. If you have used Singulabel to generate compliance declarations, product labels, or related compliance preparation materials, those records are likely to fall within this compliance-related category and may therefore be retained for up to 3 years rather than the standard 365-day period.
  • Billing, payment, tax, accounting, invoice, refund, and transaction records: retained for the period required by applicable law.
  • Technical logs: retained for as long as necessary for security, diagnostics, abuse prevention, fraud prevention, service reliability, or legal enforcement.
  • Support communications: retained for as long as necessary to resolve support requests, maintain service records, handle disputes, or improve support quality.

If you close your account or submit a verified deletion request by contacting us at support@svngu.com, we will delete or anonymize applicable personal data within 30 days, unless retention is required or permitted for legal, tax, accounting, security, fraud prevention, dispute resolution, compliance, or legitimate business purposes.

Where deletion is not immediately possible because of backup systems, legal obligations, or technical limitations, we will restrict further active processing where reasonably practicable and complete deletion or anonymization according to our backup and retention procedures.

11. Data Security

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction.

These measures may include:

  • access control;
  • authentication mechanisms;
  • encryption in transit;
  • security monitoring;
  • logging and audit controls;
  • backup and recovery measures;
  • internal access restrictions;
  • abuse prevention and risk control.

However, no internet-based service or information system can be guaranteed to be completely secure. You are responsible for maintaining the confidentiality of your account credentials and promptly notifying us if you suspect unauthorized access.

12. Your Data Protection Rights

Depending on your location and applicable law, you may have certain rights regarding your personal data.

These may include:

  • the right to access your personal data;
  • the right to request correction of inaccurate or incomplete data;
  • the right to request deletion of personal data;
  • the right to restrict processing;
  • the right to object to processing;
  • the right to data portability;
  • the right to withdraw consent where processing is based on consent;
  • the right to object to direct marketing;
  • the right to lodge a complaint with a data protection authority.

To exercise your rights, please contact us at support@svngu.com.

You may request account closure or deletion of personal data by contacting us at support@svngu.com. After verifying your request, we will delete or anonymize applicable personal data within 30 days, unless retention is required or permitted by law or for legitimate purposes described in this Privacy Policy.

We may need to verify your identity before processing your request. We will respond within the period required by applicable law.

13. Marketing Communications

We may send you administrative service messages, account notices, billing notices, security alerts, and important product updates. These communications are necessary for service operation and may not always be optional.

We will send marketing emails, newsletters, or promotional communications only where we have a lawful basis to do so, such as your consent or another basis permitted by applicable law.

You may opt out of marketing communications at any time by using the unsubscribe link in the email or contacting us.

14. Cookies and Similar Technologies

SVNGU may use cookies and similar technologies to support account login, session management, security, payment flows, preferences, analytics, performance, and service functionality.

Non-essential cookies may require your consent depending on your location and applicable law.

For more information, please refer to our Cookie Policy. The Cookie Policy is maintained as a separate document and is effective as of its own "Last updated" date. If the Cookie Policy is updated, the updated version will be published on our website and will apply from its stated effective date.

15. Enterprise and Team Account Data

If you use SVNGU Services through an enterprise, team, agency, partner, or organization account, the account owner or administrator may be able to access, manage, export, or delete data associated with that account, including member activity, Uploaded Content, Generated Output, billing records, and usage records.

The enterprise or organization is responsible for managing member permissions, removing access for former members, and ensuring that its users are authorized to upload, process, or access data.

SVNGU is not responsible for internal permission disputes, employee misconduct, contractor misuse, delayed access removal, or unauthorized actions within an enterprise or team account, except where required by applicable law.

16. Children and Minors

SVNGU Services are intended for business and professional users.

We do not knowingly collect personal data from children under the age required by applicable law. If you believe that a child has provided personal data to us without appropriate authorization, please contact us and we will take reasonable steps to delete such data.

If you are under the age of legal majority in your jurisdiction, you may use the SVNGU Services only under the supervision and responsibility of a parent, guardian, or authorized representative.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technologies, data processing practices, third-party providers, legal requirements, or business operations.

The updated version will be published on our website with a revised "Last updated" date at the top of this page.

Where a change materially affects your rights or our data processing practices — including changes to our infrastructure providers, primary storage regions, or the legal basis on which we process your data — we will provide reasonable advance notice through website announcements, in-app notices, email, or other appropriate methods, and where required by applicable law we may request consent. For changes that do not materially affect your rights or our data processing practices, the updated Privacy Policy becomes effective on the date of publication.

Your continued use of the SVNGU Services after the updated Privacy Policy becomes effective means that you acknowledge the updated policy.

18. Contact and Complaints

If you have any questions, complaints, or requests regarding this Privacy Policy or our handling of personal data, you may contact us at:

YCELLO LTD

United Kingdom

Email: support@svngu.com

Website: https://www.svngu.com

If you are located in the United Kingdom, you may have the right to lodge a complaint with the UK Information Commissioner's Office.

If you are located in the European Economic Area, you may have the right to lodge a complaint with your local data protection authority.