Privacy notice
This notice covers personal data handled by sico across all our products. Each product also has a focused notice with the specifics of its data flows: Ops Console, Growth Layer, affilut, CheckMargin, SponsorMonster, CareerFlip. See all legal documents for the full index.
1. Who we are
"sico" is the trading name of Sico Software Ltd, registered in Scotland at Suite
2/3, 2nd Floor, 48 West George Street, Glasgow G2 1BP, United Kingdom. We are registered with the
UK Information Commissioner's Office under registration number ZC106029.
We are the data controller for direct customers of our standalone products. For data we process on behalf of merchants (Shopify shop owners using our apps with their shoppers' data), the merchant is the controller and sico is the processor.
2. Contact us
Privacy queries: privacy@sico.software. Data subject requests are handled within the statutory 30-day deadline; we typically respond within 7 days.
3. What data we collect
Depending on which product you use, we collect: account credentials (email, hashed password via SuperTokens), payment identifiers from Stripe (customer ID, subscription ID — not card numbers), OAuth tokens for connected services (Stripe Connect, PayPal), uploaded files (CV documents in CareerFlip), professional profile data you provide, and usage telemetry (page views, feature interactions via PostHog).
4. How we use it
To provide and improve the product you signed up for, to send transactional emails (receipt, trial-expiry, password reset), and to detect abuse. We do not sell data or use it for third-party advertising.
5. Data retention
Active accounts: retained for the lifetime of the subscription. Deleted accounts: core account records purged within 30 days; financial records (invoices, payout history) retained for 7 years per UK accounting requirements. Anonymised usage statistics are retained indefinitely.
6. Third-party processors
We share data with the following processors:
- Stripe — payment processing and billing
- Resend — transactional email delivery
- Hetzner — VPS hosting (data stored in EU)
- PostHog (EU) — product analytics
- Anthropic — AI analysis (CareerFlip and SponsorMonster; prompts are not retained by Anthropic for training by default)
7. Your rights
Under UK GDPR you have the right to access, rectify, erase, restrict, or port your data, and to object to processing. To exercise any right, email privacy@sico.software. You also have the right to lodge a complaint with the ICO at ico.org.uk.
8. Cookies
We use one first-party session cookie (SuperTokens auth) and one analytics cookie (PostHog, with IP anonymisation). No third-party advertising cookies are set.