Privacy Policy

Last modified: 20 July 2025

  • Information
  • Data retention
  • Third party service providers
  • Cookies
  • Security
  • External links
  • Changes
  • Our contact

1. Information

This privacy policy explains what information we collect, how we use, store and protect it. We take data protection seriously and comply with applicable laws, including the European Union’s General Data Protection Regulation (GDPR).

Information we collect

When you use the Services, we may collect personal information that can be used to contact or identify you (“Personal Information”). This may include:

  1. Personal data: We may collect personal information, such as your name, email address, mailing address, telephone number, and other similar information, when you voluntarily provide it to us or when you interact with our services.
  2. Usage data: We may collect information about how you use our services, including your access times, browser types, and language preferences.
  3. Device details: We may collect information about the device you use to access our services, including hardware model, operating system and version, unique device identifiers, and mobile network information.
  4. Location information: With your consent, we may collect information about your precise location if your device settings allow it.

Legal basis

We collect and process personal data only on the following legal grounds:
 
  1. Fulfillment of a contract or taking actions prior to entering into a contract.
  2. Legal obligation (e.g. accounting rules).
  3. Our legitimate interest (e.g. IT security, fraud prevention).
  4. Your consent (e.g. direct marketing).
 

How we use your data

We use the collected data for the following purposes:

  • To provide and manage services

  • To personalize the user experience

  • For customer support and to respond to your inquiries

  • To send security updates and system notifications

  • To improve services and analyze trends

  • To send marketing and notifications (e.g. campaigns, events) if you have consented to this. If you have given your consent, you can withdraw at any time by e-mail (unsubscribe link or letter to the address info@tarkva. Com)

2. Data retention and security

  • All active processing environments are located in data centers located in the EU or on the customer’s infrastructure. Backups and logs may be stored encrypted in Google Cloud (Belgium) or Hetzner (Germany) data centers. Processing outside the EEA is only carried out on the basis of contractual mechanisms that ensure adequate protection (SCCs or the EU-US Data Protection Framework).

  • Files and requests are encrypted both at rest and in transit.

  • Each customer’s data is kept separately.

  • Access to data is limited to authorized personnel for technical support and security purposes.

According to the GDPR, you have the following rights:

  • The right to information about your data

  • Right to correct inaccurate data

  • Right to request deletion of data

  • Right to data portability

  • Right to object to certain processing operations

  • Right restrict processing

  • The right to file a complaint with the supervisory authority (Data Protection Inspectorate, Tatari 39, 10134 Tallinn, info@aki.ee).

Retention period:
  • Account details – up to 12 months after the end of the contract, unless otherwise requested by client;
  • Query logs (operational) – 30 days;
  • Security/audit logs – up to 12 months (or longer period if agreed upon in the SLA);
  • Backups – up to 12 months;
  • Accounting documents – 7 years (by law).

3. Third party service providers

We use the following trusted partners to operate the service. All of these companies have data processing agreements in accordance with GDPR art. 28 (or we implement their standard DPAs). When data is transferred outside the European Economic Area, the European Commission’s Standard Contractual Agreements (SCC) and/or the EU-US Data Protection Framework are used.

  1. Payment processing – Stripe Payments Europe, Ltd. (Ireland). Personal data is located in the EU; EEA → US transfers are protected by SCCs where applicable.
  2. Cloud servers and backup – Hetzner Online Ltd (DE) and Google Cloud Platform (europe-central2 and europe-north1 zones, EU territory). Backups are AES-256 encrypted.
  3. Sending emails – Google Workspace / Gmail (EU data center).
  4. Text analysis and response generation – OpenAI Global, LLC (USA).
    – OpenAI does not use No API query inputs or outputs for training models.
    – API logs are retained until for 30 days to detect misuse; with Zero Data Retention endpoints, no logs are retained.
    – Transmission is encrypted (TLS 1.2+); cross-border transmission is protected by SCCs and/or the EU-US Data Protection Framework.

An updated list of all sub-processors is available Terms of Use Appendix AWe will notify the Client at least once when adding a new partner or replacing an existing one. for 10 days in advance (see Terms and Conditions § 6).

4. Cookies

We use cookies and similar technologies on our website to ensure the functionality of the service and improve the user experience.

  • Cookies are small data files that are stored on your device.

  • Cookies allow us to recognize your browser and remember certain settings.

  • You can set your browser to refuse or delete cookies. However, certain features may not work properly.

  • Cookie preferences can be set in the banner that opens when you first visit the website.

We do not use tracking cookies or advertising cookies without your explicit consent.

5. Security

We use industry standard security measures to protect your data:

  • Encryption (including TLS connections)

  • Access control and authentication

  • Data separation between clients

However, please note that no transmission over the Internet or method of electronic storage is 100% secure. We are not responsible for any data stolen due to hacking or loss of passwords.

Data breach notification:

We will notify the Data Protection Inspectorate and, if necessary, you of the relevant personal data breach as soon as possible, but no later than 72 hours from becoming aware of the breach (DPA clause 3.4 specifies 24 hours), specifying the nature of the incident, possible consequences and planned mitigation measures.

6. External links

Our service may contain links to third-party websites. We are not responsible for the content or privacy policies of these sites.

We recommend that you review the privacy policies of each external site before sharing any personal information.

7. Changes

We reserve the right to update this Privacy Policy from time to time. All changes will be effective for 14 days after publication, except for changes concerning new features or spelling – these will take effect immediately (in accordance with § 15 of the Terms).

We encourage you to visit this page regularly to stay informed of the terms and conditions and any changes. Your continued use of the Service constitutes your acceptance of the new terms.

8. Our contact

If you have any questions about this privacy policy or would like to exercise your data protection rights, please contact us:

📧 info@tarkva.com
📞 +372 5555 1911