Privacy Policy

Last updated: April 2026

1. Who We Are

CSweetly Ltd is the data controller responsible for your personal data. We are a company incorporated in Ireland with registered offices in Dublin, Ireland. Company registration number 779570.

If you have any questions about this Privacy Policy or how we handle your data, contact us at hello@csweetly.com.

2. What Data We Collect

We collect the following categories of data when you use CSweetly:

  • Account data — your email address and password when you register
  • Company data — company name, CRO number, VAT number, business address, industry, county
  • Usage data — tasks, documents, compliance obligations and notes you create within the platform
  • Accountant data — the email address of any accountant you connect to your account
  • Payment data — billing information processed by Stripe on our behalf. CSweetly does not store card details directly.
  • Communication data — emails sent to you via the service including daily digests and task notifications

3. How We Use Your Data

We use your data for the following purposes:

  • To provide and operate the CSweetly service
  • To send you compliance reminders and task notifications by email
  • To process your subscription payments
  • To maintain records of your compliance obligations and documents
  • To analyse signups and service usage at an aggregated level to improve the product
  • To contact you about material changes to the service or these policies

Our legal basis for processing your data is the performance of a contract — namely, providing you with the CSweetly service you have signed up for. Where we send you service communications, this is on the basis of our legitimate interests in operating and improving the service.

4. Data Processors We Use

We use the following third-party services to operate CSweetly. Each acts as a data processor on our behalf and is bound by appropriate data processing agreements:

  • Supabase — our database and authentication provider. Your account data, company data and all content you create is stored in Supabase with EU data residency. Supabase is GDPR compliant.
  • Resend — our transactional email provider. Used to send compliance digests, task notifications and system emails. Email content may include your name, company name and task details.
  • Zoho CRM — used internally by CSweetly to manage our customer relationships. When you sign up, basic account information including your email, company name, industry and county is sent to Zoho for our internal use only. This data is never shared with third parties.
  • Stripe — our payment processor. Stripe handles all payment card data directly. CSweetly does not store or process card details. Stripe is PCI DSS compliant.
  • Vercel — our hosting provider. The CSweetly application is hosted on Vercel's infrastructure.

5. Cookies

CSweetly uses only essential cookies required to operate the service, including authentication session cookies. We do not use advertising, tracking or analytics cookies.

You can control cookies through your browser settings, but disabling essential cookies may prevent you from logging in to CSweetly.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory reasons.

Aggregated and anonymised data that cannot identify you may be retained indefinitely for service improvement purposes.

7. Data Sharing

CSweetly does not sell your personal data to any third party. We do not share your data with advertisers or marketing platforms.

Your data may be shared with the data processors listed in Section 4 solely for the purpose of operating the service. It may also be disclosed if required by Irish law, court order or regulatory authority.

Where you connect an accountant to your account, that accountant will be able to view your company name, compliance status, submitted documents and any requests they have created. You control which accountant has access to your account.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access — you can request a copy of the personal data we hold about you
  • Right to rectification — you can correct inaccurate data directly in your account settings or by contacting us
  • Right to erasure — you can request deletion of your personal data
  • Right to restriction — you can request that we limit how we process your data in certain circumstances
  • Right to data portability — you can request a copy of your data in a machine-readable format
  • Right to object — you can object to processing based on legitimate interests

To exercise any of these rights, contact us at hello@csweetly.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Data Protection Commission, Ireland's supervisory authority, at dataprotection.ie.

9. Data Security

CSweetly takes reasonable technical and organisational measures to protect your data against unauthorised access, loss or disclosure. All data is encrypted in transit using TLS and encrypted at rest within Supabase's EU infrastructure.

No system is completely secure. If you become aware of any security issue relating to your CSweetly account, please contact us immediately at hello@csweetly.com.

10. Children

CSweetly is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or via an in-app notice. The date at the top of this page reflects when the policy was last updated.

12. Contact

For any privacy-related queries or to exercise your data rights, contact us at:

CSweetly Ltd
Dublin, Ireland
hello@csweetly.com