Privacy notice

This Privacy Notice explains how we collect, use, store, disclose, and protect personal data when you visit our website, contact us, request a demo, use our services, or interact with us in relation to our software solutions, including but not limited to business software, e-invoicing, ERP, inventory, accounting, fleet management, mobile applications, and related technology services.

This notice is intended for website visitors, prospects, customers, users, suppliers, business contacts, and other individuals who interact with Innovage.

Innovage Ltd is a company operating in Mauritius, providing software development, cloud-based business solutions, e-invoicing solutions, fleet management systems, mobile and web applications, and related technology services.

For privacy-related questions, you may contact us at:

Depending on how you interact with us, we may collect the following categories of personal data:

Information you provide directly

This may include:

• Name
• Company name
• Job title or role
• Email address
• Phone number
• Business address
• BRN, VAT number, TAN, or other business identifiers where relevant
• Enquiry details
• Demo requests
• Support requests
• Information shared through forms, emails, calls, meetings, or onboarding documents

Information collected through our website

When you visit our website, we may collect limited technical information such as:

• IP address
• Browser type
• Device information
• Pages visited
• Date and time of visit
• Referring website or source
• Basic analytics or usage data

This information helps us understand how our website is used and how we can improve it.

Information processed through our software services

Where you use our software platforms, we may process business and operational data depending on the features used. This may include, for example:

• User account details
• Customer and supplier records
• Invoice, credit note, receipt, stock, product, accounting, fleet, GPS, or transaction-related information
• System activity logs
• Support and audit logs
• Configuration and settings data

Where we process personal data on behalf of a customer using our software, the customer is generally responsible for determining what data is entered into the system and why it is processed. In such cases, Innovage may act as a service provider or processor, processing data according to the customer’s instructions and applicable law.

We may use personal data for the following purposes:

• To respond to enquiries and demo requests
• To provide quotations, proposals, onboarding support, and customer service
• To create and manage user accounts
• To provide, maintain, secure, and improve our software services
• To configure software according to customer requirements
• To provide technical support and troubleshoot issues
• To communicate service updates, operational notices, or important information
• To issue invoices and manage billing
• To comply with legal, regulatory, accounting, tax, and administrative obligations
• To protect our systems, users, customers, and business
• To improve our website, products, services, and customer experience
• To send business communications where appropriate and lawful

We do not sell personal data.

Depending on the situation, we may process personal data based on one or more lawful grounds, including:

• Performance of a contract or steps taken before entering into a contract
• Compliance with legal or regulatory obligations
• Our legitimate business interests, such as providing and improving our services, securing our systems, and communicating with customers
• Consent, where consent is required or appropriate
• The establishment, exercise, or defence of legal claims

We may share personal data only where necessary and appropriate, including with:

• Hosting and cloud infrastructure providers
• IT support, security, backup, and monitoring providers
• Payment, accounting, invoicing, or administrative service providers
• Professional advisers such as accountants, auditors, consultants, or lawyers
• Government bodies, regulators, courts, or law enforcement authorities where required by law
• Authorised customer users or representatives
• Third parties involved in delivering services requested by the customer

We require service providers to handle personal data responsibly and only for authorised purposes.

Some of our systems, infrastructure, service providers, or backups may be located outside Mauritius. Where personal data is transferred or accessed internationally, we aim to use appropriate safeguards and take reasonable steps to ensure that personal data remains protected in accordance with applicable data protection requirements.

We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction.

These measures may include access controls, authentication, encryption in transit, system monitoring, backups, secure hosting practices, and internal controls.

However, no website, software platform, internet transmission, or storage system can be guaranteed to be completely secure. Customers and users are also responsible for maintaining the confidentiality of their login credentials and using our services securely.

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Notice, including to provide services, maintain records, comply with legal obligations, resolve disputes, enforce agreements, and protect our legitimate interests.

Retention periods may vary depending on the nature of the data, the service used, contractual requirements, legal requirements, and operational needs.

Where a customer uses our software, retention of data within the customer’s account may also depend on the customer’s settings, instructions, subscription status, contractual terms, and legal obligations.

Subject to applicable law and verification of identity, you may have rights in relation to your personal data, including the right to:

• Request access to personal data we hold about you
• Request correction of inaccurate or incomplete personal data
• Request deletion of personal data in certain circumstances
• Object to or restrict certain processing
• Withdraw consent where processing is based on consent
• Object to direct marketing
• Lodge a complaint with the relevant data protection authority

To exercise your rights, please contact us using the details provided in this notice.

We may need to verify your identity before responding to a request. Some requests may be subject to legal, contractual, security, or operational limitations.

Our website may use cookies or similar technologies to improve website functionality, analyse usage, and enhance user experience.

You may be able to disable cookies through your browser settings. However, some parts of the website may not function properly if cookies are disabled.

Our website or services may contain links to third-party websites, platforms, or services. We are not responsible for the privacy practices, content, or security of third-party websites. You should review the privacy notices of those third parties before providing personal data to them.

Our website and business services are not intended for children. We do not knowingly collect personal data from children through our website. If you believe that a child has provided us with personal data, please contact us.

We may update this Privacy Notice from time to time to reflect changes in our business, services, legal requirements, or data protection practices.

The updated version will be posted on our website with the revised “Last updated” date.

For questions about this Privacy Notice or how we handle personal data, please contact: