Privacy Policy

Effective date: 2 April 2026 · Last updated: 2 April 2026

This Privacy Policy describes how Sajdak Group Holdings WLL (CR 182901, Kingdom of Bahrain), trading as INEVARA and its affiliated brands ("we", "us", "our"), collects, uses, stores, and protects personal information when you use our websites, applications, and services (collectively, the "Services").

This policy applies to all Services operated under the INEVARA portfolio, including but not limited to: Vestbridge, Counsel, Lume, Lustre, Haven, Residara, Stratum, Settl, Voltr, Autograph, Motiq, Farabel, Hearthstone, Kinship, Wellspring, Reverie, Edvance, Vectral, Marty, Airtight, RaiseProof, Bella, Saj Link, Saj Browse, RTHM, and Safest.

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, phone number, and password when you register for an account.
• Profile information: professional title, organisation, industry, preferences, and any other information you choose to provide.
• Payment information: billing address and payment method details. Payment processing is handled by our authorised payment processor; we do not store full payment card numbers.
• Communications: messages, feedback, support requests, and any content you send to us or through the Services.
• User-generated content: documents, files, data, and other materials you upload or create within the Services.

1.2 Information Collected Automatically

• Usage data: pages visited, features used, actions taken, time spent, and interaction patterns.
• Device information: device type, operating system, browser type, screen resolution, and language settings.
• Network information: IP address, approximate location (city/country level), referring URL, and access times.
• Cookies and similar technologies: as described in Section 7 below.

1.3 Information from Third Parties

• Connected accounts: if you connect a third-party account (such as a calendar, email, or cloud storage provider), we receive information in accordance with your authorisation and that provider's policies.
• Service providers: we may receive information from identity verification, fraud prevention, and analytics providers.

2. How We Use Your Information

We use your information for the following purposes:

• Service delivery: to create and manage your account, provide the Services you request, process transactions, and deliver customer support.
• Improvement: to understand how the Services are used, identify issues, and improve functionality, performance, and user experience.
• Communication: to send service-related notifications, respond to inquiries, and, where you have opted in, send marketing communications.
• Security: to detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
• Compliance: to comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
• Matching and recommendations: certain Services connect users with providers or resources. We use the information you provide to facilitate relevant matches based on your stated preferences and requirements.

3. Legal Bases for Processing

We process personal information on the following legal bases:

• Contract performance: processing necessary to provide the Services you have requested.
• Legitimate interests: processing necessary for our legitimate business interests, such as improving Services, preventing fraud, and ensuring security, where those interests are not overridden by your rights.
• Consent: where you have given explicit consent, such as for marketing communications or optional data processing features. You may withdraw consent at any time.
• Legal obligation: processing required to comply with applicable law.

4. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

• Service providers: with trusted third-party providers who perform services on our behalf (such as payment processing, hosting, analytics, and customer support), subject to contractual obligations to protect your data.
• Within the INEVARA portfolio: between affiliated brands and services where necessary to deliver integrated features you have requested.
• With your consent: when you direct us to share information with a third party or another user of the Services.
• For legal reasons: when required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of SGH WLL, our users, or the public.
• Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

We retain personal information for as long as necessary to provide the Services, fulfil the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce agreements. When information is no longer needed, we securely delete or anonymise it.

Specific retention periods vary by data type:

• Account data: retained while your account is active and for a reasonable period thereafter to allow reactivation.
• Transaction records: retained as required by applicable tax and financial regulations (typically 5–7 years).
• Usage logs: retained for up to 12 months for security and analytics purposes.
• Communications: retained in accordance with your preferences and applicable record-keeping requirements.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and incident response procedures.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and preferences.
• Understand how you interact with the Services.
• Improve performance and functionality.

Types of cookies we use:

• Essential cookies: required for the Services to function. Cannot be disabled.
• Functional cookies: remember your preferences and settings.
• Analytics cookies: help us understand usage patterns and improve the Services.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Services.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Rectification: request correction of inaccurate or incomplete information.
• Erasure: request deletion of your personal information, subject to legal retention requirements.
• Restriction: request that we limit how we use your information.
• Portability: request a copy of your information in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent: where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at privacy@inevara.com. We will respond within 30 days (or sooner where required by applicable law).

9. International Data Transfers

Your information may be processed in countries other than your country of residence, including the Kingdom of Bahrain, Australia, and other jurisdictions where our service providers operate. When we transfer data internationally, we implement appropriate safeguards in accordance with applicable data protection laws, including standard contractual clauses and adequacy assessments where required.

10. Children's Privacy

The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@inevara.com.

11. Sensitive Information

Certain Services may process information that is considered sensitive under applicable law, including health and wellness information, financial information, or professional credentials. We process such information only where necessary to provide the specific Service you have requested, with your explicit consent, or as otherwise permitted by law. Sensitive information is subject to enhanced security measures.

12. Third-Party Links

The Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. We will notify you of material changes by posting the updated policy on our websites and, where appropriate, by email. Your continued use of the Services after changes are posted constitutes acceptance of the revised policy.

14. Jurisdiction-Specific Provisions

14.1 European Economic Area (GDPR)

If you are located in the EEA, the data controller is Sajdak Group Holdings WLL, CR 182901, Kingdom of Bahrain. You have the right to lodge a complaint with your local supervisory authority.

14.2 California (CCPA/CPRA)

If you are a California resident, you have the right to: (i) know what personal information is collected, used, and disclosed; (ii) request deletion of your personal information; (iii) opt out of the sale or sharing of personal information (we do not sell personal information); and (iv) not be discriminated against for exercising your rights.

14.3 Australia (Privacy Act 1988)

If you are located in Australia, this policy is provided in compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

14.4 Kingdom of Bahrain (PDPL)

This policy complies with the Bahrain Personal Data Protection Law (Law No. 30 of 2018). As a Bahrain-registered entity, we adhere to the requirements of the PDPL and cooperate with the Personal Data Protection Authority.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Sajdak Group Holdings WLL
Kingdom of Bahrain
CR 182901
Email: privacy@inevara.com