Milo Ventures Ltd (“Milo,” “we,” or “us”), registered in England and Wales under company number 15595372 with a registered office at No. 2, 19 Grosvenor Gardens, London, England, SW1W 0BD, is committed to respecting and protecting the privacy of individuals who visit our website, www.milo-finance.com (the “Site”), or use our related software, applications, and services (collectively, the “Services”).

This Privacy Policy (“Policy”) describes the types of personal data we collect, how we process and safeguard it, and your rights in relation to that data. By accessing our Site or using our Services, you acknowledge that you have read and understood this Policy. If you do not agree with any part of it, please discontinue use of our Site and Services.

1. Scope and Purpose of this Policy

This Policy applies to:

• Visitors to our Site;

• Users and organisations who register for or deploy our Services;

• Individuals who engage with us through any form of communication (e.g., email, support tickets, telephone enquiries).

Where you provide personal data relating to a third party (for example, data relating to an employee, customer, or supplier), you confirm that you have obtained the necessary authority to do so and have informed them of this Policy.

2. Information We Collect

2.1 Information Provided by You

1. Account Registration

   • Contact information such as name, job title, company name, email address, and phone number.

   • User credentials (e.g., username, password) where required for certain Services.

2. ERP Integrations and CSV Uploads

   • API Connections: If you choose to connect our platform with an Enterprise Resource Planning (ERP) system (e.g., Xero, Sage), we will collect information necessary to facilitate data transfer, such as invoices, contact details, and relevant financial records.

   • Manual Uploads: Where API access is not available, you may upload CSV files containing the same categories of data (e.g., invoice details, client or supplier contact information).

3. Customer Support and Communications

   • Any data you provide when contacting us directly (e.g., via email or an online form), including information about queries, support requests, or product feedback.

2.2 Information We Collect Automatically

1. Cookies and Similar Technologies

   • We may use cookies, web beacons, and similar tools to collect information about your visits to our Site, such as IP address, browser type, access times, and pages viewed. This helps us improve our Services and tailor user experiences.

   • You can manage your cookie preferences through your browser settings, although certain functions of our Site may not be available without cookies.

2. Analytical Data

   • Through third-party analytics services (e.g., Google Analytics, PostHog), we gather aggregated or pseudonymised statistics about user interactions. This data may include how often specific pages are visited, the site from which you arrived, and similar usage metrics.

2.3 Information from Third Parties

• Integration Partners: Where you have authorised the sharing of data through ERP platforms or other third-party integrations, we may receive additional information necessary for the performance of our Services.

• Other Sources: From time to time, we may receive data from reputable databases or partners that supplement or enhance the information we hold (e.g., for identity verification or fraud prevention).

3. How We Use Your Information

Milo processes personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. The purposes for which we may use your information include:

1. Service Delivery

   • Providing our financial workflow services, including displaying invoices, contacts, and financial records for easier management.

   • Administering user accounts and responding to support or technical enquiries.

2. Service Improvements and Development

   • Analysing usage patterns to improve functionality, reliability, and user experience.

   • Conducting product research and development, including testing new features and integrations relevant to enterprise customers.

3. Communications and Marketing

   • Sending operational updates, security alerts, and information related to the status of your account.

   • With your consent where necessary, sending promotional emails or event invitations that we believe may be of interest to you, from which you may unsubscribe at any time.

4. Legal and Regulatory Compliance

   • Complying with our legal obligations or responding to lawful requests from public authorities, courts, or regulators.

   • Enforcing our contractual rights and investigating potential breaches of our Terms & Conditions or other agreements.

4. Legal Bases for Processing

Under the UK GDPR, we rely on one or more of the following grounds to process your personal data:

1. Contractual Necessity: Where processing is necessary to perform our contractual obligations or to take steps at your request prior to entering into a contract.

2. Legitimate Interests: Where processing is necessary for our legitimate interests (e.g., enhancing our Services, maintaining security), provided that such interests do not override your fundamental rights and freedoms.

3. Consent: Where you have explicitly consented to certain processing (e.g., receiving promotional communications).

4. Legal Obligations: Where we are required to comply with applicable laws, regulations, or binding judicial orders.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including:

• Active Accounts: Personal data connected to your use of our Services is retained for the duration of your account being active.

• Legal and Regulatory Requirements: We may retain certain information beyond the closure of your account where required by law, or to resolve disputes, enforce contracts, or protect our legitimate interests.

Where appropriate, we will anonymise or pseudonymise data that is no longer required for identified business or legal purposes.

6. Data Sharing and Transfers

6.1 Service Providers and Business Partners

We engage reputable third-party service providers (“processors”) to assist us in delivering our Services. For example:

• Hosting and Infrastructure: Amazon Web Services (AWS) for database and server hosting.

• Site Hosting: Netlify (front-end hosting) and Framer (website design and interactive components).

• Analytics: Google Analytics and PostHog for performance and usage insights.

These providers process data solely on our instructions and are subject to contractual obligations to safeguard your information.

6.2 Business Transfers

In the event of a merger, acquisition, or asset sale, personal data held by Milo may be transferred to a third party. Should this occur, we will notify affected individuals as required by law, ensuring appropriate safeguards remain in place.

6.3 Legal or Regulatory Obligations

We may disclose personal data as required by law or when we believe disclosure is necessary to protect our rights, comply with a legal obligation, respond to legal processes, or address security or technical issues.

6.4 International Transfers

We may transfer personal data outside the UK or European Economic Area (EEA), for instance, where our processors or partners have servers located in other jurisdictions. In such cases, we ensure that appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) are in place to protect your data in line with UK and EU data protection standards.

7. Security Measures

We employ rigorous technical and organisational measures to safeguard personal data from loss, misuse, and unauthorised access. These measures include, but are not limited to:

• Encryption: We encrypt data in transit (TLS) and at rest (AES-256).

• Access Controls: We implement restricted access rights, multi-factor authentication, and role-based access control.

• Audits and Monitoring: We periodically review our systems and procedures to maintain security best practices, including regular vulnerability assessments.

While we strive to use best-in-class practices, no system can be fully secure. If you have any concerns about the security of your data, please contact us.

8. Your Data Protection Rights

In certain circumstances and subject to applicable law, you may exercise the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.

• Right to Rectification: Request corrections to any inaccurate or incomplete personal data.

• Right to Erasure: In specific circumstances, request the deletion of your personal data (“Right to be forgotten”).

• Right to Restrict Processing: Request a temporary suspension of processing under certain conditions.

• Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format, or request its transfer to another provider.

• Right to Object: Object to processing based on our legitimate interests or to direct marketing.

• Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

To exercise these rights, or if you have any questions about our handling of your personal data, please contact us at legal@milo-finance.com. We may require you to verify your identity before fulfilling certain requests.

If you have unresolved concerns, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or another competent data protection authority in your place of residence or work.

9. Updates to this Privacy Policy

We may revise this Policy periodically to reflect changes in our business operations, legal obligations, or data handling practices. When we make significant updates, we will provide notice (e.g., by email or a prominent notice on our Site) and indicate the Last Updated date at the top of this Policy. Continued use of our Site or Services following any changes indicates your acceptance of the revised Policy.

10. Contact Us

If you have any queries, concerns, or requests regarding this Policy or our data protection practices, you may contact us at:

Milo Ventures Ltd

Attn: Privacy / Legal

No. 2, 19 Grosvenor Gardens

London, England, SW1W 0BD

Email: legal@milo-finance.com

We aim to respond to all legitimate requests or enquiries in a timely and efficient manner.