Privacy Policy

1. Data Controller

Olfyne Ltd is the data controller for personal data processed through the Service. Contact: privacy@olfyne.io.

2. Data We Collect

Account data: Email address, name, and authentication credentials.

Formula data: Formulas, ingredients, compliance results, and version history you create.

Usage data: Feature usage, session duration, and performance metrics (anonymised).

Payment data: Processed by Stripe; we do not store card details.

3. Legal Basis (GDPR)

We process data under: (a) Contract performance — to provide the Service; (b) Legitimate interests — to improve the Service; (c) Consent — for marketing communications.

4. Data Sharing

We share data only with:

• ScentShield — CAS numbers and concentrations for compliance checking (no personal data)
• Supabase — Database hosting (EU region)
• Vercel — Application hosting
• Stripe — Payment processing

We never sell personal data to third parties.

5. Your Rights (GDPR)

You have the right to: access, rectify, erase, restrict processing, data portability, and object to processing. Exercise these via Settings > Data or by emailing privacy@olfyne.io.

6. Data Retention

Account data is retained while your account is active. Formula data is deleted within 30 days of account deletion. Anonymised analytics data may be retained indefinitely.

7. Security

We use encryption in transit (TLS) and at rest. Access to production data is restricted and audited. We conduct regular security reviews.

8. Cookies

We use essential cookies for authentication. No third-party tracking cookies are used. Analytics are privacy-respecting and do not require consent.

9. International Transfers

Data may be processed in the EU and US (Vercel edge network). Transfers are covered by Standard Contractual Clauses.

10. Contact

Data Protection Officer: privacy@olfyne.io. You may also lodge a complaint with the UK Information Commissioner's Office (ICO).