Privacy Policy

1. Introduction

Vahvista ("we", "us", "our") provides Celebration Management as a Service to care homes, supported living providers, charities, schools and healthcare organisations. This Privacy Policy describes how we handle personal data when you visit our website, create an account, or use our platform.

If you use Vahvista on behalf of an organisation, you are typically the data controller for resident, service user and staff information you enter. Vahvista acts as a data processor for that information under your instructions.

2. Data we collect

Account holders

• Name, email address and password (stored as a secure hash)
• Organisation name and contact details you provide
• Usage data such as login times and feature interactions

People you add to Vahvista

• Name, date of birth, email, phone and relationship
• Optional notes you choose to store (e.g. preferences, dietary needs)

Website visitors & enquiries

• Information submitted via our contact form (name, email, organisation, message)
• Technical data: IP address, browser type, device and pages visited

3. How we use your data

We use personal data to:

• Provide and maintain the Vahvista platform and celebration calendar
• Send birthday reminders and notifications you configure
• Respond to demo requests, support enquiries and account questions
• Improve our product, fix bugs and monitor service performance
• Comply with legal obligations and enforce our Terms

We do not use resident or service user data for advertising, and we do not profile individuals for marketing purposes.

4. Legal basis (UK GDPR)

Depending on the context, we rely on:

• Contract — to deliver the service you signed up for
• Legitimate interests — to improve security, prevent abuse and support customers
• Consent — where you opt in (e.g. marketing emails or contact form consent)
• Legal obligation — where required by law

Where Vahvista processes data on your organisation's behalf, your organisation determines the lawful basis for that processing.

5. Sharing & processors

We do not sell personal data. We may share data with trusted subprocessors who help us operate Vahvista — for example cloud hosting, email delivery and analytics — under strict data processing agreements.

We may also disclose data if required by law, court order, or to protect the rights and safety of users.

6. Retention

We keep account data for as long as your account is active. If you delete your account, we remove associated people and celebration records within a reasonable period, except where we must retain data for legal, security or backup purposes.

Contact form submissions are retained for up to 24 months unless you ask us to delete them sooner.

7. Security

We use industry-standard measures including encryption in transit (HTTPS), hashed passwords, access controls and regular backups. No method of transmission over the internet is 100% secure, but we work continuously to protect your data.

8. Your rights

Under UK GDPR you may have the right to:

• Access, correct or delete your personal data
• Restrict or object to certain processing
• Data portability (where applicable)
• Withdraw consent at any time
• Lodge a complaint with the ICO (ico.org.uk)

To exercise your rights, contact us at info@vahvista.com.

9. Cookies

We use essential cookies to keep you signed in (httpOnly session cookie). We do not use third-party advertising cookies. You can control cookies through your browser settings, though disabling essential cookies may affect login.

10. Contact us

Questions about this policy? Email info@vahvista.com or write to:

Vahvista
Data Protection
London, United Kingdom

See also our Terms & Conditions.