Privacy policy
Last Updated: October 7, 2025
This Privacy Policy explains how Zyphor Ltd (“ZYPHOR”, “we”, “us”, “our”) collects and processes your personal data when you visit zyphor.io or our other sites/pages that link to this policy (the “Site”), purchase our products, interact with our services, or otherwise communicate with us (together, the “Services”).
We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU GDPR (where applicable), and the Privacy and Electronic Communications Regulations (PECR).
We are the data controller for processing described in this policy unless stated otherwise.
Who we are how to contact us
- Zyphor Ltd (Company No. 15918377)
- Email: contact@zyphor.io
- Address: 128 City Road, London, ENG, EC1V 2NX, United Kingdom
1. Changes to This Privacy Policy
We collect data you provide and data generated by your use of the Services:
- Identity & Contact Data: name, email, phone, billing and shipping addresses.
- Account Data: login credentials and settings.
- Order & Transaction Data: products purchased, order history, payment confirmation (we do not store full card details; these are processed by our payment providers).
- Communications & Support: messages, enquiries, reviews, and records of your interactions with us.
- Usage & Technical Data: IP address, device identifiers, browser type, pages viewed, links clicked, time zone, approximate location derived from IP, and interactions with our emails and ads.
- Marketing Preferences: your consents and opt-out choices.
- Sizing / Fit Data: measurements, foot geometry or scans you choose to provide so we can recommend sizes or customise products. We do not use these data to identify you and we do not create biometric templates for identification.
- Social / UGC / Affiliate Data: handle, content you submit, ambassador/affiliate application data.
- Job Applicant Data: CV, cover letter, interview notes.
We may receive data from third parties, such as payment and fraud-prevention providers, analytics and advertising partners, fulfilment and logistics partners, and social platforms when you connect with or interact with our accounts.
2. Purposes and legal bases
We process personal data for the purposes below, under these legal bases:
| Purpose | Examples | Legal basis |
| Provide the Services & fulfil orders | Create/manage accounts; process and deliver orders; returns/warranty | Contract |
| Customer support & communications | Respond to enquiries; service messages; updates about your orders | Contract / Legitimate interests |
| Payments & fraud prevention | Verify payments; prevent abuse, spam, and fraudulent activity | Legitimate interests / Legal obligation |
| Analytics & service improvement | Monitor performance; debug; develop new features; A/B testing | Legitimate interests (we minimise and aggregate) |
| Personalisation | Remember preferences; recommend sizes or products | Legitimate interests / Consent (where required) |
| Direct marketing | Email/SMS/WhatsApp/app notifications about our products | Consent; or Legitimate interests for soft opt-in to existing UK/EU customers (PECR) |
| Advertising | Measurement, optimisation, and retargeting with partners | Consent (for non-essential cookies/trackers) |
| Legal & compliance | Tax/audit, record-keeping, responding to authorities | Legal obligation |
| Recruitment | Process applications and manage hiring | Legitimate interests / Contract (pre-contractual steps) |
Legitimate interests. Where we rely on legitimate interests, we balance them against your rights and expectations and maintain a Legitimate Interests Assessment (LIA). You may object at any time (see Section 9).
Special category data. We do not seek to collect special category data. If sizing/scan data could be considered particularly sensitive in your country, we process it strictly for the stated purpose and never for identification; where local law requires, we will obtain explicit consent.
3. Cookies and similar technologies
We use cookies, SDKs, pixels, and similar technologies to operate the Site, measure performance, and (with your consent) run analytics and advertising.
- Strictly necessary cookies run on the basis of our legitimate interests.
- Analytics and advertising cookies run only with your consent in the UK/EEA.
- You can manage preferences at any time via our Cookie Settings tool.
- For more detail (names, lifespans, purposes)., see our Cookie Policy.
4. How we share data
We share personal data with trusted service providers acting on our instructions, including: hosting and cloud infrastructure, payment processors, fraud-prevention and security, order fulfilment and logistics, communications (email/SMS/WhatsApp), analytics, advertising and social platforms (with your consent), customer support tools, and professional advisers (legal, tax, audit).
We may share data:
- Within our corporate group (if applicable) for the purposes in this policy.
- For legal reasons (to comply with law, enforce our terms, protect our rights/users).
- Business transfers (restructuring, merger, acquisition) where your data remains protected.
We require processors to provide appropriate safeguards and to process data only per our instructions.
5. International transfers
Where data are transferred outside the UK/EEA, we use appropriate safeguards, such as:
- EU Standard Contractual Clauses (SCCs);
- UK International Data Transfer Agreement (IDTA) or the UK Addendum to the SCCs; and
- Transfer risk assessments and additional technical/organisational measures where necessary.
You may ask for a copy of the relevant transfer safeguards (redacted where necessary to protect confidentiality).
6. Data retention
We keep data only as long as necessary for the stated purposes or to comply with legal obligations. Typical periods are:
| Data category | Retention |
| Orders & invoices | 6 years (tax/accounting) |
| Account data | While the account is active + 24 months of inactivity |
| Customer support records | 24 months from last interaction |
| Sizing / scan / measurements | 3 years or until you delete them in your account (whichever is earlier) |
| Marketing contact data | Until you opt out; suppression list entries kept indefinitely to honour opt-outs |
| Technical logs | 12months |
| Recruitment data | 12 months after process ends (unless you consent to a longer talent-pool period) |
7. Security
We implement appropriate technical and organisational measures (access controls, encryption in transit and at rest where appropriate, staff training, vendor due diligence, least-privilege, secure development practices, and incident response). No system is perfectly secure; if we become aware of a personal data breach, we will assess risk and notify the ICO and affected individuals where required.
8. Direct marketing
You can opt out of marketing at any time (unsubscribe link in emails, or by contacting us). Under PECR, we may send emails about similar products to existing customers who purchased from us, provided we offered an opt-out at collection and include it in every message (“soft opt-in”).
For SMS/WhatsApp/push notifications and for non-customers, we rely on consent where required.
9. Your rights
Depending on where you live, you may have the following rights: access, rectification, erasure, restriction, portability, objection (including to direct marketing and processing based on legitimate interests), and withdrawal of consent where processing relies on consent.
You also have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects, unless an exception applies and we put in place safeguards.
To exercise your rights, email contact@zyphor.io. We may need to verify your identity. We aim to respond within one month (extendable by two months for complex requests).
10. Children
Our Services are not intended for children under 13 in the UK (or under 16 in the EEA, or the lower age permitted by local law). We do not knowingly collect data from children. If you believe a child has provided data, contact us and we will delete it.
11. Automated decision-making profiling
We do not make decisions with legal or similarly significant effects based solely on automated processing. We may use profiling (e.g., segmenting audiences for marketing or recommending sizes) to improve relevance. You can object at any time and opt out of marketing profiling via Cookie Settings or by contacting us.
12. Third-party links
The Site may link to third-party websites, plug-ins, or apps. Those services have their own privacy terms, which we encourage you to read.
13. Changes to this policy
We will post any changes on this page and update the Last updated date. For material changes, we will provide additional notice (e.g., email or prominent banner) where required by law.
14. Complaints
If you are unhappy with how we handle your data, please contact us first. You can also complain to the UK Information Commissioner’s Office (ICO) at www.ico.org.uk or to your local EEA supervisory authority.
15. Contact
If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:
Zyphor Ltd
Email: contact@zyphor.io
Address: 128 City Road, London, ENG, EC1V 2NX, United Kingdom