Privacy Policy

1. Data controller

Neiron Technology OÜ (registry 17122902, VAT EE102900668), J. Koorti tn 2-33, 13623 Tallinn, Estonia, is the data controller of personal data collected via this website. Contact for data protection matters: neiron.technology@gmail.com.

2. What data we collect

We collect data only when you actively provide it via our contact form or initiate communication:

• Contact form data: name, email address, optionally phone number, company name, service of interest, and the content of your message.
• Email correspondence: any data contained in emails you send us.
• Aggregate analytics (Cloudflare Web Analytics): anonymised, cookieless page visit counts, referring website, country (country-level only), browser type. No IP addresses are stored beyond aggregation. No cross-site tracking. No fingerprinting.

3. Lawful basis for processing

• Contact form / email: Article 6(1)(b) GDPR (steps prior to entering a contract at your request) and 6(1)(a) (your consent, indicated by the consent checkbox on the form).
• Analytics: Article 6(1)(f) GDPR (legitimate interest in understanding website usage to improve content). Our analytics provider does not set cookies or store personal data, so no consent banner is required.

4. Purposes

• Responding to your enquiry and preparing a commercial proposal.
• Following up on the business relationship if it leads to a contract.
• Understanding which website content is useful to visitors (aggregate analytics only).

5. Recipients and third-party processors

We share your data only with the following processors, each bound by appropriate data-processing agreements:

• Formspree (Formspree Inc., USA) — processes contact form submissions and forwards them to our email. Formspree is GDPR-compliant and EU data is transferred under Standard Contractual Clauses (SCCs). Privacy Policy: formspree.io/legal/privacy-policy.
• Cloudflare, Inc. (USA) — provides Web Analytics. Cookieless, no PII collected. EU data transfers under SCCs. Privacy Policy: cloudflare.com/privacypolicy.
• Zone Media OÜ (Estonia) — website hosting. EU-based, GDPR-compliant.

We do not sell, rent, or trade personal data. We do not use behavioural advertising, retargeting, or social media tracking pixels.

6. International data transfers

When data is transferred outside the European Economic Area (EEA) — currently only to Formspree and Cloudflare in the USA — we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission, in compliance with Schrems II requirements.

7. How long we keep your data

• Contact form enquiries: retained for 24 months after last contact, then deleted, unless the enquiry has led to an active contract — in which case data is retained for the duration of the contract plus 7 years (Estonian Accounting Act).
• Analytics: aggregated metrics retained 6 months. No individual visit data retained.

8. Your rights under GDPR

As a data subject, you have the right to:

• Access your personal data we hold (Article 15)
• Rectification of inaccurate data (Article 16)
• Erasure ("right to be forgotten", Article 17)
• Restriction of processing (Article 18)
• Data portability (Article 20)
• Object to processing (Article 21)
• Withdraw consent at any time, without affecting prior processing (Article 7(3))

To exercise any of these rights, contact us at neiron.technology@gmail.com. We respond within 30 days as required by GDPR.

9. Right to lodge a complaint

If you believe your data protection rights have been violated, you may lodge a complaint with the supervisory authority in your country of residence. The Estonian supervisory authority is:

Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
Tatari 39, 10134 Tallinn, Estonia
Email: info@aki.ee
Web: aki.ee/en

10. Cookies

This website does not set tracking cookies. We use only one functional language-preference cookie (nlang) when you actively switch language — this is a strictly necessary cookie exempt from consent under ePrivacy Directive Article 5(3). Cloudflare Web Analytics is cookieless by design.

11. Security

We use HTTPS encryption (HSTS enforced), Content Security Policy, and other modern security headers. All data processors above provide their own technical and organisational security measures consistent with GDPR Article 32.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "Last updated" date at the bottom of this page. For significant changes affecting your rights, we will provide reasonable advance notice.