Skip to main content

Privacy Policy

Last updated: March 7, 2026

1. Data Controller

This privacy policy applies to the processing of personal data by Acticly OÜ ("Acticly", "we", "us", or "our").

Acticly OÜ

Business ID: 17410015

Tallinn, Estonia

Email: privacy@acticly.com

2. Introduction

Acticly is committed to protecting your privacy and ensuring the security of your personal data. This privacy policy explains how we collect, use, store, and protect your personal information when you use our engineering workflow optimization platform and related services.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy describes your data protection rights, including the right to object to some of the processing activities we carry out.

3. Personal Data We Process

3.1 Customer Data

When you register for and use our services, we collect and process:

  • Identity Data: First name, last name, username, job title
  • Contact Data: Email address, company name, phone number (if provided)
  • Account Data: Password (encrypted), account preferences, subscription information
  • Billing Data: Payment information, billing address, company tax information
  • Engineering Data: Code repository metrics, team productivity data, DORA metrics, developer activity patterns (processed in aggregate form)

3.2 Prospect Data

When you express interest in our services (e.g., through demo requests, waitlist signups, or contact forms), we collect:

  • Contact Information: Name, email address, company name
  • Professional Information: Company size, use case, role/title
  • Communication Data: Messages, inquiries, and additional notes you provide

3.3 Technical Data

When you visit our website or use our services, we automatically collect:

  • Device Data: IP address, browser type and version, operating system, device type
  • Usage Data: Pages visited, time spent on pages, navigation patterns, feature usage statistics
  • Performance Data: Application performance metrics, error logs, system diagnostics
  • Cookie Data: Cookies and similar tracking technologies (see our Cookie Policy for details)

4. Purpose and Legal Basis for Processing

We process your personal data for the following purposes and legal bases:

Service Provision (Contractual Necessity)

To create and manage your account, provide access to our platform, process payments, and deliver the services you have subscribed to.

Customer Support (Contractual Necessity & Legitimate Interest)

To respond to your inquiries, provide technical support, troubleshoot issues, and improve service quality.

Service Improvement (Legitimate Interest)

To analyze usage patterns, develop new features, optimize platform performance, and enhance user experience.

Marketing and Communications (Consent & Legitimate Interest)

To send you product updates, newsletters, promotional materials, and relevant information about our services (with your consent where required).

Security and Fraud Prevention (Legitimate Interest & Legal Obligation)

To protect our services from unauthorized access, detect and prevent fraud, ensure platform security, and comply with legal requirements.

Legal Compliance (Legal Obligation)

To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.

5. Disclosure to Third-Party Service Providers

We engage trusted third-party service providers to help us operate our business and deliver our services. These providers process personal data on our behalf and are contractually obligated to protect your data and use it only for the purposes we specify.

Amazon Web Services (AWS)

Purpose: Cloud infrastructure and hosting services

Data Shared: All application data, customer content, technical logs

Location: EU region (Frankfurt, Germany)

Stripe

Purpose: Payment processing and subscription management

Data Shared: Payment information, billing details, transaction data

Location: EU and USA (Stripe is GDPR compliant and provides adequate safeguards)

Resend

Purpose: Transactional email delivery and communication services

Data Shared: Email addresses, names, email content

Location: USA (operates under standard contractual clauses)

PostHog

Purpose: Product analytics and user behavior tracking

Data Shared: Usage data, feature interactions, anonymized user identifiers

Location: EU cloud infrastructure option available

Sentry

Purpose: Error monitoring and application performance tracking

Data Shared: Error logs, stack traces, performance metrics, IP addresses

Location: USA (GDPR compliant with data processing agreement)

We regularly review our service providers to ensure they maintain appropriate technical and organizational measures to protect your personal data.

6. International Data Transfers

Acticly is based in Estonia (EU/EEA). We primarily store and process data within the European Economic Area (EEA). However, some of our service providers are located outside the EU/EEA, particularly in the United States.

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs): We use European Commission-approved standard contractual clauses with our service providers.
  • Adequacy Decisions: We transfer data to countries that have been deemed by the European Commission to provide an adequate level of data protection.
  • Data Processing Agreements: We maintain comprehensive data processing agreements with all third-party processors that handle EU personal data.
  • Technical Safeguards: All data transfers are encrypted in transit using industry-standard protocols (TLS 1.3).

For specific information about international data transfers to a particular service provider, please contact us at privacy@acticly.com.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Customer Account Data

Retained for the duration of your active subscription plus 12 months after account closure for legal and accounting purposes.

Engineering and Usage Data

Retained for the duration of your active subscription. Aggregated and anonymized data may be retained indefinitely for analytics purposes.

Prospect and Marketing Data

Retained until you request deletion or withdraw consent, or for 24 months of inactivity, whichever comes first.

Technical Logs and Error Data

Retained for 90 days for security and troubleshooting purposes, unless required for longer by legal obligations.

Financial Records

Retained for 7 years to comply with tax and accounting regulations.

After the retention period expires, we securely delete or anonymize your personal data. You may request earlier deletion by contacting us, subject to our legal obligations.

8. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent.

Right to Restriction of Processing

You can request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes at any time.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data properly.

To exercise any of these rights, please contact us at: privacy@acticly.com

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two additional months, and we will inform you accordingly.

9. Security Measures

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Technical Security Measures

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
  • Access Controls: Role-based access control (RBAC) with multi-factor authentication (MFA) for administrative access
  • Network Security: Firewalls, intrusion detection systems, and regular security monitoring
  • Secure Development: Security code reviews, vulnerability scanning, and penetration testing
  • Data Isolation: Customer data is logically isolated and segregated in our database architecture

Organizational Security Measures

  • Employee Training: Regular security awareness and data protection training for all employees
  • Access Limitations: Access to personal data is limited to employees who need it to perform their job duties
  • Confidentiality Agreements: All employees and contractors sign confidentiality agreements
  • Incident Response: Documented incident response procedures and breach notification protocols
  • Regular Audits: Periodic security audits and compliance assessments

While we implement robust security measures, please note that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal data.

If you become aware of any security breach or unauthorized access to your account, please notify us immediately at: privacy@acticly.com

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and platform. For detailed information about the cookies we use and how you can manage them, please refer to our Cookie Policy.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new "Last updated" date
  • Sending an email notification to your registered email address for significant changes
  • Displaying a prominent notice on our platform or website

We encourage you to review this privacy policy periodically to stay informed about how we protect your personal data. Your continued use of our services after any changes to this policy constitutes your acceptance of the updated terms.

Previous versions of this privacy policy are available upon request.

13. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data processing practices, please contact us:

Acticly OÜ - Data Protection Contact

Email: privacy@acticly.com

Address: Tallinn, Estonia

Business ID: 17410015

We will respond to all legitimate requests within one month. In some cases, it may take us longer if your request is particularly complex or you have made multiple requests. In such cases, we will notify you and keep you updated.

This privacy policy is effective as of March 7, 2026, and applies to all personal data processed by Acticly OÜ.