Privacy Policy

Last updated: 11 July 2026

This Privacy Policy explains how Nimbloom Ltd (“EzyCarto”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our website, mobile apps and related services (the “Service”).

Contents

1. Who We Are & How to Contact Us

Nimbloom Ltd (Company No. 16390632), 143 Green Ridges, Headington, Oxford, England, OX3 8LX, is the controller for personal data processed via the Service unless stated otherwise. Email: contact@ezycarto.com.

2. Our Role (Controller/Processor)

We act as a controller for account, billing, product usage, and marketing data about users of the Service. When our business customers use EzyCarto to process their end-customers’ data (e.g., shoppers), we typically act as a processor on their instructions. Where we act as a processor, our processing is governed by our Data Processing terms with that customer.

3. What We Collect

  • Account data (name, email, company, role), authentication logs and preferences.

  • Transactional data (orders, receipts, loyalty and inventory events). Card data is handled by payment processors; we do not store full card numbers.

  • Usage & device data (IP address, device IDs, telemetry, crash reports) for security and analytics.

  • Cookies & similar – see our Cookie Policy.

4. How We Use Your Data & Legal Bases

  • Provide and secure the Service (contract; legitimate interests in operating, preventing fraud/abuse).

  • Payments & subscriptions (contract; legal obligations for tax/audit).

  • Improve features & performance (legitimate interests in analytics and quality).

  • Communications & marketing (consent where required; you can unsubscribe anytime).

5. Cookies & Analytics

We use necessary cookies for core functionality and, with consent where required, analytics/measurement tools (e.g., Google Analytics / Tag Manager). Manage preferences via your browser or our cookie banner. See our Cookie Policy.

6. Sharing & International Transfers

We share personal data with providers that help us run the Service (hosting, email, analytics, payments such as Stripe). Where data is transferred outside the UK/EEA, we rely on safeguards such as the UK IDTA or EU Standard Contractual Clauses, with additional measures as needed.

7. Retention

We keep personal data only as long as necessary for the purposes set out here, including legal/accounting/reporting obligations. Billing records may be retained up to seven years. Limited security logs may be retained to prevent fraud/abuse.

8. Security

We implement technical and organisational measures designed to protect personal data (encryption in transit, access controls, backups). No system is 100% secure; please safeguard your credentials and devices.

9. Your Rights

Under UK/EU law you may have rights to access, rectify, erase, or port your data; to object or restrict processing; and to withdraw consent at any time. Email contact@ezycarto.com to exercise your rights. You can also request deletion yourself using our Delete account page (you’ll receive a one-time email link to confirm).

10. Children

The Service is not directed to children under 16. If you believe a child has provided personal data to us, contact us and we will act.

11. Changes

We may update this Policy from time to time. We’ll post changes with an updated “Last updated” date and, where appropriate, notify you via the Service.

12. Contact & Complaints

Questions or requests: contact@ezycarto.com. You may also contact the ICO or your local supervisory authority.


Where we act as processor for business customers, we process data on their instructions and our data processing terms apply.