Improvy OÜ logo
Improvy OÜ logo Improvy OÜ
  • About
  • Careers
    • Terms of Service
    • Refund Policy
  • Privacy
  • Contact

Privacy Policy

Improvy OÜ

Effective date: 4 October 2025

This policy explains how Improvy OÜ ("Improvy", "we", "us") handles personal data when you use our websites, products, and services (the "Services"). We wrote it to be clear and practical. If anything is confusing, please tell us at [email protected].

We do not sell personal data. We do not allow third parties to use your data for their own advertising.

Who we are (Controller)

  • Improvy OÜ, Ahtri 12, 10151 Tallinn, Estonia
  • Registry code: 16377480
  • Contact: [email protected]

What we collect (and why)

We collect as little as we reasonably can, and only for specific purposes.

Information you provide to us

  • Account and contact details: e.g., name, email, and any profile information you choose to share — to create and maintain your account, communicate with you, and provide support.
  • Content you submit: e.g., messages, files, or other data you upload to the Services — to operate features you choose to use.
  • Support requests: emails or messages you send us — to help you and improve reliability.

Information we collect automatically

  • Essential technical data: basic logs and device or browser information (e.g., IP address, timestamps, page URLs) to keep the Services secure and working.
  • Privacy-respecting analytics: high-level usage metrics that help us understand what works and what breaks — without building profiles across sites and without third-party ads. Where a consent banner is required, non-essential analytics only run after consent.

We do not use third-party advertising trackers. We honor browser-level signals such as Global Privacy Control (GPC) for non-essential tracking.

Sensitive categories

We do not seek special-category data (e.g., health, political views). If you voluntarily include such data in content you submit, we process it only to provide the feature you asked for, and we encourage you to avoid sharing sensitive information unless it is strictly necessary.

What we use data for (purposes and legal bases)

We process personal data only for the purposes below and under the GDPR legal bases indicated.

  • Provide the Services: create accounts, deliver features you select, ensure availability and security. (Art. 6(1)(b) contract; Art. 6(1)(f) legitimate interests in secure, reliable operation).
  • Communicate with you: transactional emails (e.g., security alerts, service updates) and responses to support. (Art. 6(1)(b) contract; Art. 6(1)(f) legitimate interests).
  • Improve and troubleshoot: diagnose errors, measure reliability, and understand aggregate usage to make sensible product decisions. (Art. 6(1)(f) legitimate interests — strictly limited, privacy-preserving analytics).
  • Compliance and enforcement: meet legal duties, handle lawful requests, prevent abuse and fraud. (Art. 6(1)(c) legal obligation; Art. 6(1)(f) legitimate interests).
  • Optional things with consent: non-essential analytics or cookies, beta programs, or newsletters (if you opt in). (Art. 6(1)(a) consent, which you can withdraw anytime).

We do not conduct automated decision-making that produces legal or similarly significant effects about you.

Cookies and similar tech

We use only what is necessary to run the Services securely and reliably. Non-essential cookies or SDKs (if any) are off by default and require your consent. You can revisit your choices at any time via the cookie banner or your browser settings. If you enable a non-essential tool, that tool's vendor will act as our processor under contract.

Sharing your data

We share personal data only in these cases:

  • Service providers (processors): trusted vendors that host infrastructure, provide privacy-respecting analytics, email delivery, or customer support tools — strictly under data processing agreements and only what is needed to perform their services.
  • Legal and safety: if required by law or to protect people, our Services, or our rights (after checking the request and narrowing scope where possible).
  • Business changes: if we are involved in a merger or similar transaction, we will require the new owner to honor this policy or we will notify you and offer choices (including deletion) before any change of purpose.

We do not share data with "affiliates" for their own purposes, and we do not allow third parties to use your data for their independent advertising or profiling.

Data transfers

If we transfer personal data outside the European Economic Area, we use lawful safeguards such as the EU Standard Contractual Clauses and, where needed, additional technical and organizational measures. We explain the relevant transfer mechanism on request.

How long we keep data

We keep personal data only as long as needed for the purposes above, then delete or irreversibly anonymize it. Typical examples:

  • Account data: kept while your account is active; deleted when you close it (with a short grace period for recovery if requested).
  • Support correspondence: kept for a reasonable period to resolve issues and improve service quality.
  • Security and system logs: kept briefly to investigate incidents and ensure reliability.
  • Records needed by law: retained for the period required by applicable regulations (e.g., accounting and tax).

If we must keep something for legal or security reasons, we isolate it from routine use.

Your rights

Subject to law, you can:

  • Access your personal data and get a copy.
  • Correct inaccurate or incomplete data.
  • Delete data (right to erasure).
  • Restrict or object to certain processing (especially where we rely on legitimate interests).
  • Portability: receive data you provided in a machine-readable format.
  • Withdraw consent where processing relies on consent (this will not affect past processing).

How to use your rights: email [email protected]. We will respond within one month (or explain if we need more time for complex requests). We may ask for minimal additional information to verify it is you — and only when necessary. You can also lodge a complaint with your local data protection authority or with the Estonian supervisory authority.

Security

We use appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls based on roles and need-to-know, audit and monitoring of access, and sensible logging with limited retention. No system is perfectly secure, but we work to prevent incidents and to respond quickly and transparently if they occur.

Children

Our Services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact [email protected] and we will delete it.

Changes to this policy

If we make material changes, we will notify you in a clear way (e.g., email or in-product notice) at least 14 days before they take effect. If you keep using the Services after the effective date, that means you have read the updated policy. You can always stop using the Services and request deletion if you disagree.

Contact

Questions or requests about privacy?

Improvy OÜ — Ahtri 12, 10151 Tallinn, Estonia (registry code 16377480)

[email protected]

  • Fullyst
  • InoVPN
  • Saylify