Privacy Policy

Updated January 30, 2026

1) Controller and contact details

Controller: Undetect OÜ Company ID: 16395130 Registered address: Sepise 1, 11415 Tallinn, Estonia Email: [contact@undetect.io] General contact: [contact@undetect.io]

2) Scope

This Privacy Policy applies to:

  • visitors to the Site
  • individuals who submit a contact form, request a proof of concept, download gated materials, or otherwise communicate with us
  • business contacts at prospective, current, or former customers and partners (to the extent they interact with the Site or our sales/marketing process)

Customer service data: If we process personal data on behalf of customers as part of delivering our services, that processing is governed by a separate Data Processing Agreement (DPA) and the applicable service contract.

3) Personal data we collect

We may collect the following categories of personal data:

A) Data you provide

  • Contact details: name, work email, phone number (optional), company name, job title/role
  • Inquiry content: message content, attachments you submit, and any details you provide about your use case
  • Scheduling data: preferred meeting times and any details you submit during booking
  • Gated content requests: details required to access reports/whitepapers (typically name, email, company)

B) Data collected automatically

  • Device and usage data: IP address, device type, browser type, pages viewed, referral source, approximate location (derived from IP), timestamps
  • Cookies and similar technologies: identifiers and preference signals (see Section 8)

C) Business relationship data

  • communications history (emails, calls, meeting notes)
  • procurement and contracting contact details (business contact information)

We do not intentionally collect special category data (e.g., health data) via the Site. Please do not submit sensitive personal data unless we explicitly request it and provide a secure channel.

4) How and why we use personal data (purposes)

We process personal data for the following purposes:

  1. Responding to inquiries and requests

    • handling contact requests, proof-of-concept requests, and technical questions
    • providing requested information and follow-ups

  2. Sales and relationship management (B2B)

    • managing pre-sales communications, demos, and evaluations
    • maintaining records of our interactions with your organization

  3. Marketing and updates (where permitted)

    • sending product updates, research notices, and relevant communications (with appropriate consent or opt-out mechanisms)

  4. Operating and securing the Site

    • ensuring availability, performance, and security
    • preventing fraud, abuse, and unauthorized access attempts

  5. Compliance and legal protection

    • meeting legal obligations (e.g., accounting, recordkeeping)
    • establishing, exercising, or defending legal claims

Where the GDPR applies, we rely on one or more of the following legal bases:

  • Contract / steps prior to contract (Art. 6(1)(b)): to respond to requests and take steps at your request prior to entering a contract (e.g., proof-of-concept discussions).
  • Legitimate interests (Art. 6(1)(f)): to operate our business, respond to B2B inquiries, secure the Site, prevent abuse, and improve our communications—balanced against your rights and expectations.
  • Consent (Art. 6(1)(a)): for optional cookies and certain marketing communications where required by law.
  • Legal obligation (Art. 6(1)(c)): to comply with applicable laws and regulatory requirements.

You can object to certain processing based on legitimate interests (see Section 10). Information on GDPR rights is available from EU institutions.

6) How we share personal data

We may share personal data with:

  • Service providers (processors) that help us operate the Site and business (e.g., hosting, email delivery, CRM, analytics, scheduling, customer support tools). They are permitted to process data only on our instructions.
  • Professional advisors (lawyers, accountants, auditors) where necessary.
  • Authorities where required by law or to protect rights and safety.
  • Business transfers: if we are involved in a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction (subject to appropriate safeguards).

A current list of key service providers/sub-processors can be made available on request: * *[contact@undetect.io]**.

7) International transfers

We may transfer personal data outside the European Economic Area (EEA) when using service providers or teams located in other jurisdictions. Where such transfers occur, we use appropriate safeguards, such as:

  • adequacy decisions (where applicable), or
  • Standard Contractual Clauses (SCCs) and supplementary measures.

8) Cookies and similar technologies

We use cookies and similar technologies for:

  • Strictly necessary functions (Site operation, security, load balancing)
  • Preferences (e.g., remembering choices)
  • Analytics (under consent where required)
  • Marketing (under consent where required)

Where required by law, we present a cookie banner and obtain consent before placing non-essential cookies. You can change your cookie preferences at any time via **[Cookie Preferences link/location] **.

9) Data retention

We retain personal data only as long as necessary for the purposes described above, including for legal and security requirements. Typical retention periods (adjust to reality):

  • Contact inquiries / sales communications: up to [24 months] from last interaction
  • Marketing lists: until you unsubscribe, or [24 months] after last engagement
  • Security logs: typically [6–12 months]
  • Contracting records: as required by applicable law and internal policy

If you request deletion, we will honor it unless we need to retain certain data to comply with legal obligations or establish/defend legal claims.

10) Your rights (GDPR)

Subject to applicable law, you may have the right to:

  • access your personal data
  • rectify inaccurate data
  • erase data (“right to be forgotten”)
  • restrict processing
  • data portability
  • object to processing (including certain marketing)
  • withdraw consent at any time (where processing is based on consent)

To exercise your rights, email [contact@undetect.io].

You also have the right to lodge a complaint with your supervisory authority. If you are in Estonia, the supervisory authority is the **Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) **.

11) Security

We implement technical and organizational measures designed to protect personal data, including access controls, encryption in transit, and operational security practices. No method of transmission or storage is completely secure; however, we maintain safeguards appropriate to the risk and nature of the data processed.

The Site may link to third-party websites or services. We are not responsible for their privacy practices. Please review their privacy policies.

13) Children

The Site is not directed to children, and we do not knowingly collect personal data from children.

14) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on the Site and revise the “Last updated” date above.

15) Contact

For privacy questions or requests: [contact@undetect.io]