Privacy policy

Data controller

Silvestri Consulting Ltd controls how and why personal data is processed for Ichimai.

Personal data we process

• Identity and contact data: name (optional) and email address when you submit the early access form.
• Account and organisation data: login identifiers, account role, and organisation-level profile details when access is granted.
• Operational data: content you upload or create in Ichimai, such as knowledgebase files, quote drafts, and related workflow records.
• Integration data: connection metadata and provider tokens required to connect tools such as OneDrive, Google Drive, Notion, and Xero.
• Security and technical data: IP address, user agent, request metadata, and reCAPTCHA verification signals used to prevent abuse.

How we use personal data

• To provide and operate Ichimai features, including onboarding, collaboration, and workflow automation.
• To process early access requests and send confirmation emails.
• To secure the platform, detect misuse, and protect accounts and infrastructure.
• To maintain service quality, troubleshoot issues, and improve product performance.
• To meet legal, accounting, and compliance obligations where required.

Lawful bases

• Contractual necessity and pre-contract steps when we provide access and respond to onboarding requests.
• Legitimate interests for service security, fraud prevention, and product operations.
• Consent where explicitly requested, including specific communications where applicable.
• Legal obligation where processing is required by applicable law.

Processors and third parties

We use specialist providers to run the service, including infrastructure, authentication, email delivery, and anti-abuse controls.

• Vercel for hosting and delivery.
• Supabase for authentication, storage, and application data services.
• Resend for transactional email delivery.
• Google reCAPTCHA for bot and abuse protection.
• Connected integration providers (for example Microsoft, Google, Notion, and Xero) when you choose to connect them.

International transfers

Some providers may process data outside the United Kingdom. Where this happens, we rely on appropriate safeguards under UK data protection law.

Retention

We keep personal data only for as long as needed for the purposes listed in this policy, including legal and operational requirements.

• Early access records are retained while we manage access rollout and related communications.
• Account, profile, and operational workspace records are retained while an account remains active.
• Integration connection details are retained until disconnected or no longer required for service delivery.

Your rights

• You can request access, correction, erasure, restriction, objection, or portability of your personal data.
• You can withdraw consent at any time where processing relies on consent.
• You can lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data rights have been infringed.

Policy updates

We may update this policy as the platform evolves. Material changes will be reflected on this page with an updated effective date.