Privacy Policy

Company: HIGHWEB EUROPE OPERATIONS OÜ (“Highweb”, “we”, “us”)

Effective date: 22 January 2026

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our websites, applications, and related services (collectively, the “Services”). We process personal data in accordance with the EU General Data Protection Regulation (“GDPR”) and applicable Estonian and EU data protection laws.

1. Who we are (Controller)

The controller of personal data is:

HIGHWEB EUROPE OPERATIONS OÜ

Registry code: 16319293

Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Pärnu mnt 105, 11312, Estonia

Contact email: develop@highwebeo.com

If we appoint a Data Protection Officer (DPO), we will publish the DPO contact details here.

2. Scope

This Policy applies to:

  • Visitors of highwebeo.com and any subdomains (the “Website”);
  • Users of our mobile applications published under our developer account (the “Apps”);
  • Business clients and partners who contact us or use our Services.

The Services may link to third‑party sites and platforms (e.g., app stores). Their privacy practices are governed by their own policies.

3. Personal data we collect

We may collect the following categories of personal data depending on how you use the Services:

3.1 Data you provide to us

  • Contact information (name, email, phone);
  • Account data (username, login credentials—if applicable);
  • Support and communications (messages, requests, attachments);
  • Billing and invoicing information (company name, VAT ID, billing address—primarily for B2B services);
  • Any other information you choose to provide.

3.2 Data collected automatically

  • Device and technical data: IP address, device identifiers, OS and browser type, app version;
  • Usage data: pages/screens viewed, clicks, session duration, crash logs, diagnostics;
  • Approximate location derived from IP (country/city level);
  • Cookies and similar technologies (see Cookies Policy).

3.3 Data from third parties

  • App store and platform data (e.g., Google Play/Apple App Store receipts and subscription status);
  • Analytics and attribution data from service providers (if used);
  • Business contact details from public sources or partners (for B2B relations).

4. How we use personal data (Purposes)

We use personal data to:

  • Provide, operate, and maintain the Services;
  • Create and manage accounts (if applicable);
  • Process payments and administer subscriptions (where relevant);
  • Provide customer support and respond to requests;
  • Improve and secure the Services, prevent fraud and abuse;
  • Measure performance and understand usage trends (analytics);
  • Comply with legal obligations (accounting, tax, regulatory requests);
  • Communicate service updates, security notices, and administrative messages;
  • Send marketing communications only where permitted and with opt‑out options.

5. Legal bases (GDPR)

We rely on the following legal bases, as applicable:

  • Contract (Art. 6(1)(b)) – to provide the Services you request;
  • Legitimate interests (Art. 6(1)(f)) – to secure, improve, and administer our Services and business;
  • Consent (Art. 6(1)(a)) – for certain cookies/trackers and marketing where required;
  • Legal obligation (Art. 6(1)(c)) – for compliance with accounting, tax, and lawful requests;
  • Vital interests / public task (rare) where applicable.

You may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

6. Sharing and disclosure

We may share personal data with:

  • Service providers (processors) who help us operate the Services (hosting, cloud storage, analytics, customer support, email delivery, security);
  • Payment and app distribution platforms (e.g., Google Play / Apple App Store) for purchases and subscription management;
  • Professional advisors (accountants, auditors, lawyers) under confidentiality obligations;
  • Authorities when required by law or to protect rights and safety;
  • Business transfers (merger, acquisition, asset sale), subject to appropriate safeguards.

We do not sell personal data.

7. International data transfers

Our company is established in Estonia. Some of our service providers and platforms may process personal data outside the European Economic Area (“EEA”). Where such transfers occur, we use appropriate safeguards as required by GDPR, such as:

  • EU Standard Contractual Clauses (SCCs); and/or
  • Other lawful transfer mechanisms recognized under applicable law.

We do not rely on the former “EU‑US Privacy Shield” framework.

8. Retention

We retain personal data only as long as necessary for the purposes described above, including:

  • For the duration of your relationship with us and as needed to provide the Services;
  • As required by law (e.g., accounting and tax record retention);
  • As needed to resolve disputes and enforce agreements.

Retention periods vary depending on data type and legal requirements. You may request more detail via the contact email above.

9. Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission or storage is completely secure.

10. Your rights (EEA/UK)

Depending on your location, you may have the right to:

  • Access your personal data;
  • Rectify inaccurate or incomplete data;
  • Erase data (where applicable);
  • Restrict processing;
  • Object to processing based on legitimate interests;
  • Data portability;
  • Withdraw consent (where processing is based on consent);
  • Lodge a complaint with a supervisory authority (in Estonia: the Estonian Data Protection Inspectorate).

To exercise your rights, contact us at develop@highwebeo.com. We may need to verify your identity.

11. Children

Our Services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate steps.

12. Marketing communications

If we send marketing emails, you can opt out at any time using the unsubscribe link or by contacting us. Service/administrative messages are not marketing and may still be sent as necessary.

13. Cookies and similar technologies

We use cookies and similar technologies on the Website. See our Cookies Policy for details on categories, purposes, and how to manage preferences.

14. Changes to this Policy

We may update this Policy from time to time. We will post the updated version on our Website and update the Effective date. Material changes may be communicated via the Services where appropriate.

15. Contact

Questions or requests regarding this Policy or personal data processing should be sent to:

develop@highwebeo.com