Privacy notice

Last updated: 2026-04-27. Effective: 2026-04-27.

This notice covers personal data handled by sico across all our products. Each product also has a focused notice with the specifics of its data flows: Ops Console, Growth Layer, affilut, CheckMargin, SponsorMonster, CareerFlip. See all legal documents for the full index.

1. Who we are

"sico" is the trading name of Sico Software Ltd, registered in Scotland at Suite 2/3, 2nd Floor, 48 West George Street, Glasgow G2 1BP, United Kingdom. We are registered with the UK Information Commissioner's Office under registration number ZC106029.

We are the data controller for direct customers of our standalone products. For data we process on behalf of merchants (Shopify shop owners using our apps with their shoppers' data), the merchant is the controller and sico is the processor.

2. Contact us

Privacy queries: privacy@sico.software. Data subject requests are handled within the statutory 30-day deadline; we typically respond within 7 days.

3. What data we collect

Depending on which product you use, we collect: account credentials (email, hashed password via SuperTokens), payment identifiers from Stripe (customer ID, subscription ID — not card numbers), OAuth tokens for connected services (Stripe Connect, PayPal), uploaded files (CV documents in CareerFlip), professional profile data you provide, and usage telemetry (page views, feature interactions via PostHog).

4. How we use it

To provide and improve the product you signed up for, to send transactional emails (receipt, trial-expiry, password reset), and to detect abuse. We do not sell data or use it for third-party advertising.

5. Data retention

Active accounts: retained for the lifetime of the subscription. Deleted accounts: core account records purged within 30 days; financial records (invoices, payout history) retained for 7 years per UK accounting requirements. Anonymised usage statistics are retained indefinitely.

6. Third-party processors

We share data with the following processors:

  • Stripe — payment processing and billing
  • Resend — transactional email delivery
  • Hetzner — VPS hosting (data stored in EU)
  • PostHog (EU) — product analytics
  • Anthropic — AI analysis (CareerFlip and SponsorMonster; prompts are not retained by Anthropic for training by default)

7. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, or port your data, and to object to processing. To exercise any right, email privacy@sico.software. You also have the right to lodge a complaint with the ICO at ico.org.uk.

8. Cookies

We use one first-party session cookie (SuperTokens auth) and one analytics cookie (PostHog, with IP anonymisation). No third-party advertising cookies are set.

© 2026 Sico Software Ltd · Suite 2/3, 48 West George Street, Glasgow G2 1BP · ICO ZC106029 · Contact