Privacy Policy

Last Updated: 2025-08-15

At Adealo OU ("Adealo," "we," "us," or "our"), we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, process, and protect information when you use our customer communication platform and related services (the "Services").

This Privacy Policy applies to all users of our Services, including visitors to our website (adealo.com), customers who subscribe to our Services, and end users who interact with our customers through our platform.

1. About This Policy

1.1 Who We Are

Adealo OU is an Estonian company with registration number 16200000 and registered address at Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152, Estonia. We provide a cloud-based customer communication platform that enables businesses to interact with their customers through various communication channels.

1.2 Contact Information

Data Protection Officer: privacy@adealo.com
General Contact: Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152, Estonia
Email: support@adealo.com

1.3 Legal Basis

We process personal data in compliance with the EU General Data Protection Regulation (GDPR), Estonian Personal Data Protection Act, and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

Name, email address, company name
Billing information (payment details, billing address)
Profile information and preferences
Communications with our support team

Customer Data:
When you use our Services, you may upload, submit, or store various types of data, which may include personal data of your end users ("Customer Data"). This may include:

Contact information of your customers
Communication logs and message histories
User behavior and interaction data
Any other data you choose to process through our Services

2.2 Information We Collect Automatically

Usage Information:

How you access and use our Services
Features and functions you use
Time, frequency, and duration of your activities
Performance data and error reports

Device and Technical Information:

IP address and location data
Browser type and version
Operating system and device information
Cookies and similar tracking technologies

Log Data:

Server logs, including access times and pages viewed
System activity and performance metrics
Security and error logs

2.3 Information from Third Parties

We may receive information about you from third-party services you choose to integrate with our platform, such as CRM systems, email platforms, or other business tools.

3. How We Use Your Information

3.1 Primary Purposes

Service Provision:

Provide, operate, and maintain our Services
Process transactions and manage your account
Authenticate users and prevent unauthorized access
Provide customer support and respond to your requests

Service Improvement:

Analyze usage patterns to improve our Services
Develop new features and functionality
Conduct research and analytics
Optimize performance and user experience

Communication:

Send service-related notifications and updates
Provide technical support and customer service
Share important information about your account or our Services
Send marketing communications (with your consent)

3.2 Legal Basis for Processing (GDPR)

We process personal data based on the following legal grounds:

Contract Performance: To provide the Services you've subscribed to
Legitimate Interests: To improve our Services, ensure security, and conduct business operations
Legal Compliance: To comply with applicable laws and regulations
Consent: For marketing communications and certain optional features

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or lease your personal data to third parties for their marketing purposes.

4.2 Service Providers and Partners

We may share personal data with trusted third-party service providers who assist us in operating our Services, including:

Cloud hosting and infrastructure providers
Payment processors and billing services
Customer support and communication tools
Analytics and performance monitoring services

All service providers are contractually bound to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose personal data if required by law, legal process, or government request, including to:

Comply with legal obligations
Protect our rights and property
Investigate fraud or security issues
Protect the safety of our users or the public

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction. We will notify you of any such change in ownership or control.

5. Customer Data and Data Processing

5.1 Your Role as Data Controller

When you use our Services to process personal data of your end users (Customer Data), you act as the data controller, and we act as the data processor. You are responsible for:

Ensuring you have lawful basis to process personal data
Providing appropriate privacy notices to your end users
Obtaining necessary consents
Responding to data subject requests

5.2 Our Role as Data Processor

As a data processor, we:

Process Customer Data only according to your instructions
Implement appropriate security measures
Assist you in responding to data subject requests
Notify you of any data breaches
Delete or return data upon termination of services

5.3 Data Processing Agreement

Our data processing practices are governed by our Data Processing Agreement (DPA), which forms part of our Terms of Service.

6. International Data Transfers

6.1 Transfer Mechanisms

As an Estonian company, we primarily process data within the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Other lawful transfer mechanisms under GDPR

6.2 Service Provider Locations

Some of our service providers may be located outside the EEA. We ensure all such providers comply with GDPR requirements for international transfers.

7. Data Security

7.1 Security Measures

We implement robust technical and organizational security measures to protect personal data, including:

Encryption of data in transit and at rest
Access controls and authentication systems
Regular security assessments and monitoring
Employee training on data protection
Incident response procedures

7.2 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify relevant supervisory authorities within 72 hours
Inform affected individuals when required by law
Take immediate steps to contain and remediate the breach

8. Data Retention

8.1 Retention Periods

We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy:

Account Data: For the duration of your subscription plus 3 years for legal and tax purposes
Customer Data: According to your instructions and our Terms of Service
Usage Data: Typically 24 months for analytics and service improvement
Marketing Data: Until you withdraw consent or object to processing

8.2 Deletion and Anonymization

When retention periods expire, we securely delete or anonymize personal data unless longer retention is required by law.

9. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

9.1 Access and Portability

Right of Access: Request information about the personal data we process about you
Data Portability: Receive your data in a structured, machine-readable format

9.2 Correction and Deletion

Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data in certain circumstances

9.3 Processing Controls

Right to Restriction: Limit how we process your data in certain situations
Right to Object: Object to processing based on legitimate interests or for marketing purposes
Right to Withdraw Consent: Withdraw consent for processing that relies on your consent

9.4 Exercising Your Rights

To exercise your rights, contact us at privacy@adealo.com. We will respond within one month and may request verification of your identity.