PrivacyPolicy

Privacy Policy

Privacy Notice

Last updated February 2026

1. Introduction

This Privacy Notice explains how personal data is collected, used, shared and protected by Yavrio Ltd when you visit our website, use our products and services, or otherwise interact with us.

For the purposes of applicable data protection laws, Yavrio Ltd is the data controller in respect of the personal data described in this notice.

This Privacy Notice applies to:

  • the website https://www.yavr.io and associated subdomains; and
  • services provided by Yavrio Ltd.

Where services are provided by another Yavrio group company, this will be made clear in the relevant service documentation and contractual arrangements.

2. Who we are

Yavrio Ltd is a technology company providing ERP to bank connectivity and related payment and financial services functionality.

Depending on the service used, Yavrio works with regulated thirdparty providers, including:

  • Yapily (open banking and PSD regulated services),
  • Adyen N.V. (payment acceptance and platform services),
  • Sila Inc. and its partner bank(s) (US electronic fund transfers),
  • Authorised Bacs bureaux (UK payment processing

These providers may process personal data under their own regulatory obligations, as explained further below.

Depending on the service and jurisdiction, personal data may be processed by Yavrio Ltd or by a Yavrio group company identified in the relevant service documentation.

3. Personal Data

“Personal data” means information that identifies or can reasonably be linked to an identifiable individual, such as name, business contact details, login credentials, or payment related identifiers.

Where personal data includes financial or payment related information, Yavrio applies technical and organisational security measures appropriate to the sensitivity of that data.

4. How we collect personal data

We collect personal data in the following ways:

a) Information you provide directly

For example when you:

  • contact us;
  • create or administer an account;
  • use our services; or
  • communicate with customer support.

b) Information collected automatically

When you visit our website or use our services, we may collect technical and usage information such as IP address, device information, access logs, and usage data, to ensure security and service performance.

c) Information from third parties

We may receive personal data from:

  • authorised open banking providers and financial institutions (where you authorise access);
  • payment service providers;
  • identity, fraud prevention or compliance service providers.

5. How we use personal data and lawful bases

Where we collect personal data, we only process it where permitted by law. This includes processing that is:

  • necessary to perform a contract with you or your organisation;
  • necessary to comply with legal obligations (including financial crime and payment services obligations);
  • necessary for our legitimate interests, such as operating and improving our services, ensuring platform security, preventing fraud, and managing business relationships; or
  • based on consent, where required.

Further information about our legitimate interest assessments is available on request.

6. Open banking, payments and regulated partners

a) Yapily (open banking services)

Yavrio works with regulated Yapily group entities, including Yapily Connect Ltd (authorised and regulated by the UK Financial Conduct Authority) and Yapily Connect UAB (authorised and regulated by the Bank of Lithuania).

These entities act as independent data controllers in respect of their regulated activities, including Account Information Services (AIS) and Payment Initiation Services (PIS).

Personal data processed by Yapily in connection with these services is subject to Yapily’s privacy notice.

b) Adyen (payments and submerchants)

Where Yavrio enables payment acceptance, some customers may be onboarded as submerchants on Yavrio’s platform.

Submerchants are responsible for providing appropriate privacy information to their own customers in respect of their activities.

Adyen N.V. acts as an independent data controller for payment processing, transaction monitoring, and regulatory compliance (including KYC and AML checks). Personal data processed by Adyen is subject to Adyen’s privacy notice.

c) Sila Money (US electronic fund transfers)

Where US payment services are provided via Sila Inc., those services are enabled by Yavrio Inc., which contracts with Sila and acts as a data controller in respect of the use of Sila’s regulated services. Sila Inc. acts as an independent data controller for onboarding, identity verification, payment processing, and regulatory compliance.

Yavrio Ltd remains the data controller for personal data processed in connection with the operation of the Yavrio platform and software, including ERP integrations, application functionality, hosting, and support.

d) Bacs bureaux (UK payments)

Where UK payments are processed via Bacs, Yavrio works with authorised Bacs bureaux, which act as independent data controllers for their regulated processing activities.

Personal data processed by these providers is subject to their respective privacy notices, and certain data subject rights relating to data they process may need to be exercised directly with the relevant provider.

7. How we share personal data

We may share personal data with:

  • service providers acting as data processors (such as hosting, support and infrastructure providers);
  • regulated payment and banking partners acting as independent data controllers;
  • professional advisers and regulators, where required by law; and
  • third parties in connection with a corporate transaction, subject to appropriate safeguards.

All third parties are subject to appropriate contractual and security obligations.

 

8. International data transfers

Personal data may be transferred outside the UK or EEA.

For UK personal data, international transfers are safeguarded using the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms as applicable.

For EEA personal data, transfers are safeguarded using EU Standard Contractual Clauses or other lawful transfer mechanisms.

 

9. Data retention

We retain personal data only for as long as necessary for the purposes described in this notice, including compliance with legal, regulatory and contractual obligations.

 

10. Your rights

Depending on your location and applicable law, you may have rights to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion of your data;
  • restrict or object to processing;
  • receive your personal data in a structured, commonly used format (data portability);
  • withdraw consent where processing is based on consent; and
  • request human review of certain automated decisions, where applicable.

You can exercise these rights by contacting us using the details set out below.

In certain circumstances, the exercise of data‑protection rights (including the right to erasure) may be restricted where we are required to retain or otherwise process personal data to comply with legal or regulatory obligations, including obligations relating to payment services, anti‑money‑laundering, fraud prevention, or regulatory investigations.

Where personal data is processed by our regulated partners acting as independent data controllers, requests relating to that data may need to be directed to the relevant partner, in accordance with their privacy notice.

 

11. Complaints

If you have concerns about how we process personal data, you may contact us directly.

You also have the right to complain to your local supervisory authority.
In the UK, this is the Information Commissioner’s Office (ICO).

If you are located in the European Union, you may also complain to your local supervisory authority.

 

12. Anonymised data

We may use anonymised data for legitimate business purposes such as analytics and service improvement. This data does not identify individuals and is not personal data.

 

13. Cookies

We use limited first party cookies that are strictly necessary for the operation and security of our website and, where applicable, for anonymised analytics that do not identify individuals.

These cookies do not track users across websites and do not involve profiling or targeted advertising.

Where required by law, we provide appropriate controls. If our use of cookies changes, we will update this notice accordingly.

 

14. How to contact us

If you have questions about this Privacy Notice or wish to exercise your data protection rights, please contact us at hello@yavr.io.
Your enquiry will be routed to the appropriate privacy contact within Yavrio.  

EU Representative

For individuals located in the European Union, Yavrio Ltd has appointed an EU representative in accordance with Article 27 of the GDPR.

Our EU representative can be contacted at:

Email: sandra.jt@yavr.io