Persevo

Privacy Policy

Last updated: 28 May 2026

This Privacy Policy explains how WIARA DAAS Ltd.(“Persevo”, “we”, “us”) handles personal data when you visit our website, contact us, or interact with us as a business contact of a current or prospective customer. It is written to align with the EU General Data Protection Regulation (GDPR) and applicable Bulgarian data protection law.

1. Who we are

The data controller responsible for personal data processed under this Policy is:

WIARA DAAS Ltd.
EIK 205417373, VAT BG205417373
Registered office: 5A Dunav Blvd, Plovdiv 4003, Bulgaria
Managing director: Stefan Diankov

For any privacy enquiry, contact us at privacy@persevo.app. We do not have a statutory obligation to appoint a Data Protection Officer; the email above reaches the team responsible for privacy at Persevo.

2. Scope

This Policy covers personal data we process in our capacity as a controller, including:

  • Visitors to persevo.app and any related landing or documentation sites.
  • People who get in touch with us through forms, email, scheduled calls or events.
  • Business contacts of current and prospective customers (administrators, billing contacts, technical contacts).
  • People who apply for a role with us through our website or recruitment channels.

This Policy does not cover personal data that Persevo processes on behalf of its customers as a processor in the course of providing the Service. That processing is governed by the Data Processing Addendum between Persevo and the relevant customer.

3. What data we collect

The categories of personal data we process include:

3.1 Identity and contact data

Name, work email address, job title, employer, work phone number where provided, country of business.

3.2 Commercial data

Information you share in sales conversations, including company size, commerce vertical, current setup, contract terms.

3.3 Account data

For customer administrators: account credentials (hashed), role, last-login timestamp, security events relating to the account.

3.4 Technical and usage data

IP address, browser and device characteristics, referrer, pages viewed, time spent, clicks, scroll depth, and similar website-usage metrics.

3.5 Communications data

The contents of emails, support tickets, scheduled-call notes, and any attachments you send us, plus delivery and open metadata where available.

3.6 Marketing-preference data

Records of your consents and unsubscribes, and the marketing topics you have chosen to hear about.

4. How we collect it

  • Directly from you — when you fill out a form, subscribe to our newsletter, request a demo, sign up for an account, contact us, or interact with our team at an event.
  • Automatically — when you browse our website, server logs and cookies (where permitted) capture technical and usage data. See our Cookie Policy for details.
  • From third parties — limited public business information from professional networks or business registries when we evaluate a prospective customer.

5. Why we use it (purposes and legal bases)

We process personal data only where we have a lawful basis under Article 6 GDPR. The principal purposes and legal bases are:

  • Operating our website and producing the Service. Legal basis: legitimate interests (running our business and a stable, secure online presence) and, where you are a customer, performance of a contract.
  • Responding to enquiries from prospects, partners or existing customers. Legal basis: legitimate interests, or steps taken at your request prior to entering into a contract.
  • Customer onboarding, billing and account management. Legal basis: performance of a contract and compliance with our legal obligations (for example, accounting and tax law).
  • Analytics — measuring how visitors use our website in aggregate, so we can improve it. Legal basis: legitimate interests, balanced against your rights, with cookie controls where consent is required under local rules.
  • Marketing communications — sending you product news, events and content we think will interest your business. Legal basis: your consent where required, or legitimate interests in marketing to business contacts who have an existing relationship with us. You can withdraw consent or object at any time.
  • Security and abuse prevention — detecting and investigating fraud, abuse, vulnerabilities and policy violations. Legal basis: legitimate interests and compliance with our legal obligations.
  • Legal obligations — meeting bookkeeping, tax and regulatory requirements. Legal basis: compliance with a legal obligation.

6. Sharing personal data

We do not sell personal data. We share it only with the following categories of recipients, and only as needed:

  • Subprocessors and service providers who help us run the website and the Service, such as cloud hosting in the EU, transactional and marketing email delivery in the EU, customer-support tooling, monitoring and observability, and analytics. We describe them by category in our Data Processing Addendum.
  • Professional advisers such as auditors, accountants and external lawyers, bound by confidentiality.
  • Authorities where we are legally required to disclose personal data, for example in response to a valid court order, a request from a supervisory authority, or to defend our legal rights.
  • Acquirers or successors in connection with a merger, acquisition, financing or sale of all or part of our business. We would notify affected individuals where required by law.

7. International transfers

By default, personal data we process stays within the European Union or the European Economic Area, hosted in EU-based data centres. Where a limited transfer outside the EU/EEA is necessary (for example, when a service provider has support staff in another country), we rely on the European Commission’s Standard Contractual Clauses and, where appropriate, supplementary measures such as encryption and access controls. We are happy to provide further information on request at privacy@persevo.app.

8. How long we keep it

We keep personal data only for as long as needed for the purposes set out above. Typical retention periods:

  • Sales and contact records: up to 7 years after the last interaction, in line with Bulgarian bookkeeping and tax rules where applicable.
  • Customer account records: for the duration of the subscription and up to 7 years thereafter for legal and accounting reasons.
  • Marketing preferences: retained until you withdraw consent or object, plus a reasonable period to honour your choice.
  • Website analytics: aggregated metrics may be kept longer; raw identifiable usage data is kept for up to 14 months.
  • Server and security logs: typically 30 days, extended only where needed to investigate a specific incident.
  • Recruitment data: up to 12 months after a decision, unless we obtain consent to keep it for future opportunities.

9. Your rights

Subject to applicable conditions and exceptions, you have the following rights under the GDPR with respect to personal data we process about you as a controller:

  • Access — to obtain confirmation of whether we process your personal data and a copy of it.
  • Rectification — to correct inaccurate or incomplete personal data.
  • Erasure — to have personal data deleted in defined circumstances.
  • Restriction — to limit how we process your personal data while a request is being resolved.
  • Portability — to receive personal data you provided in a structured, commonly used, machine-readable format.
  • Objection — to object to processing based on our legitimate interests, including direct marketing.
  • Withdraw consent — to withdraw consent at any time where consent is the legal basis, without affecting earlier processing.
  • Lodge a complaint with a supervisory authority. In Bulgaria, this is the Commission for Personal Data Protection (Комисия за защита на личните данни, КЗЛД), cpdp.bg, telephone +359 2 915 3518, email kzld@cpdp.bg. You may also lodge a complaint with the supervisory authority in the EU/EEA country where you live or work.

10. How to exercise your rights

Send a request to privacy@persevo.app. We may need to verify your identity before responding and will reply within one month, or explain if we need more time. There is normally no fee, although we may charge a reasonable fee or decline a request that is manifestly unfounded or excessive.

11. Cookies and similar technologies

We use a small number of cookies and similar technologies on our website, only as described in our Cookie Policy. Non-essential cookies are loaded only after you give consent through our cookie banner.

12. Children

Our website and the Service are intended for businesses and their adult representatives. They are not directed at children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact privacy@persevo.app so we can delete it.

13. Security

We maintain technical and organisational measures appropriate to the risk, including encryption in transit (TLS), encryption at rest for primary data stores, strict access controls, audit logging, least-privilege production access, vulnerability management, regular backups, and staff training. Our security programme is aligned with ISO/IEC 27001. Card data does not transit or rest on our systems; card processing is handled by our PCI-DSS-compliant payments partner. No system is perfectly secure, and we cannot guarantee absolute security.

14. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date at the top of the page reflects the latest revision. For material changes, we will provide reasonable advance notice, for example through the website or by email.

15. Contact

Questions about this Policy, our processing, or your rights can be sent to privacy@persevo.app or by post to WIARA DAAS Ltd., 5A Dunav Blvd, Plovdiv 4003, Bulgaria.