Privacy Policy
Last updated: 22 June 2026 · Version: 1.0
1. Who we are
This policy explains how Sleepingmongoose.app Ltd ("Tenavo", "we", "us"), a company registered in Scotland (company no. SC893221, registered office 34 Hunter Grove, Bathgate, EH48 1NW), handles personal data for which we are the controller.
Contact for privacy matters: privacy@tenavo.co.uk.
2. Scope — what this policy does and does not cover
This policy covers personal data where Tenavo is the controller — principally the personal data of our account holders and their authorised users (the people who sign up to and administer a Tenavo account) and visitors to tenavo.co.uk.
This policy does not cover the employee and worker data that a customer uploads to or manages within the Tenavo platform. For that data, the customer (employer) is the controller and Tenavo is the processor, and our processing is governed by our Data Processing Agreement. If you are an employee whose data is held in Tenavo by your employer, please contact your employer, who is responsible for that data.
3. The personal data we collect
- Account and registration data: name, work email address, organisation name and details, role, and account settings.
- Billing data: subscription plan and billing records. Card payments are processed by Stripe; we do not store full card details.
- Usage and technical data: IP address, device/browser information, log data, and information collected through essential cookies (see section 7).
- Communications: messages you send us (for example, support requests) and related correspondence.
4. How we use your data, and our lawful bases
| Purpose | Lawful basis |
|---|---|
| Providing, operating and securing the Service; managing your account | Performance of a contract |
| Taking payment and managing subscriptions | Performance of a contract |
| Responding to support enquiries and communicating about the Service | Performance of a contract / legitimate interests |
| Improving and maintaining the Service; preventing fraud and abuse | Legitimate interests |
| Meeting our legal and regulatory obligations (e.g. accounting) | Legal obligation |
| Sending optional marketing communications | Consent (where required) |
Where we rely on legitimate interests, we have considered that those interests are not overridden by your rights. You may ask us for more detail.
5. Sharing your data
We share personal data only as needed to run the Service:
- Service providers / processors: our hosting and infrastructure providers and payment processor — currently Supabase (database, authentication, storage), Vercel (hosting), and Stripe (payments). They act on our instructions under appropriate contracts.
- Legal / regulatory: where required by law, regulation or legal process.
- Business transfers: in connection with a merger, acquisition or sale of assets, subject to appropriate protections.
We do not sell your personal data.
6. International transfers
Some of our service providers may process data outside the UK. Where they do, we rely on an appropriate safeguard — such as UK adequacy regulations or the UK International Data Transfer Agreement (or the International Data Transfer Addendum to the EU Standard Contractual Clauses) — so that your data receives an equivalent level of protection.
7. Cookies
We use essential cookies only — those necessary to sign you in and keep the Service secure. We do not currently use advertising or non-essential tracking cookies. If this changes, we will update this policy and put in place any consent mechanism required by law.
8. How long we keep your data
We keep account and billing data for as long as you have an account and for a reasonable period afterwards to meet legal, accounting and dispute-handling needs (financial records are generally kept for 6 years). We then delete or anonymise it.
9. Your rights
Subject to conditions in data protection law, you have the right to: access your data; have inaccurate data corrected; have data erased; restrict or object to processing; data portability; and withdraw consent where processing is based on consent. To exercise these rights, contact privacy@tenavo.co.uk. We will respond within the time limits set by law.
10. Security
We use appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls, and tenant isolation within the platform. No system is completely secure, but we take reasonable steps to protect your data and to respond to any breach.
11. Marketing
If you have opted in (or where otherwise permitted), we may send you information about Tenavo. You can opt out at any time using the unsubscribe link or by contacting us.
12. Changes to this policy
We may update this policy from time to time. We will post the updated version here and, where changes are significant, notify you.
13. Complaints
If you have concerns about how we handle your personal data, please contact us first at privacy@tenavo.co.uk. You also have the right to complain to the UK supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk.
Sleepingmongoose.app Ltd · Registered in Scotland, company no. SC893221 · Registered office: 34 Hunter Grove, Bathgate, EH48 1NW.