Privacy notice

Published: July 10, 2025

Effective: July 24, 2025

Effective: July 24, 2025

1.

INTRODUCTION

This Privacy Notice ("Notice") sets forth the policies and procedures of Apliteni OÜ ("we," "our," or "us") regarding the collection, use, and disclosure of personal data in connection with your use of our Website, https://keitaro.io (the “Website”) as well as our products and services, including self-hosted software installed on customers’ servers (“Products”). This Notice is designed to inform you of our data practices and your rights concerning your personal information. For any questions or concerns regarding this Notice or our data practices, please contact us at support@keitaro.io.

2.

MODIFICATIONS TO THIS NOTICE

We reserve the right to amend this Notice at any time. Any modifications will be effective immediately upon posting on the Website. It is your responsibility to review the most current version of this Notice periodically.

4.

DATA COLLECTION

4.1
Direct Collection

Data you provide directly (forms, account registration, support requests, payment info).

4.2
Automatic Collection

Data collected automatically when you interact with Website or Products (IP, cookies, program’s domain, license details, logs).

The complete list of data categories we collect and process, the purposes for which we use them, the lawful basis, and retention periods are described in Section 5 below.

5.

DATA PROCESSING ACTIVITIES

We act as a data controller for the following processing activities:

Purpose

Data

Legal ground

Storage period

Providing website functionality via strictly necessary cookies

Session ID, language, IP address, region

Legitimate interest in making our website available and usable

Up to 31 days

Analysing users’ actions

Session ID, IP address, region, type of device, users’ actions, program's domain

Consent

Up to 1 year

Maintaining account on the website

Name, email, country, region, company name, tax ID, preferences

Contract

As long as you use your account and for 1 year after you delete it

Technical support

Name, email, user ID, location, other information provided by user

Contract

2 years

Billing

Name, user ID, invoice amount, location

Contract

As long as you use your account and for 2 years after you delete it

Fraud prevention

User ID, IP address, suspicious activity

Legitimate interest in protecting our billing

3 years after suspicious activity detected

Payment method verification and storage for future payments

Payment token, masked card number (last 4 digits), expiration date, card brand, issuing country

Contract (Art. 6(1)(b) GDPR) and Legitimate interest (fraud prevention, Art. 6(1)(f) GDPR). Explicit consent for storing card for future use (Art. 6(1)(a) GDPR)

Until user deletes the card in the Account, or up to 3 years after account deactivation

Please be advised that the Keitaro software is designed to be installed and used on your own servers. We do not have access to any personal data belonging to your end users or customers. Any data processed by the Keitaro software in connection with your campaigns or traffic remains solely under your control.

6.

OPERATIONAL TELEMETRY

In connection with the User's installation, activation, and use of the Program, the Company automatically collects Operational Telemetry from the User's instance. Operational Telemetry is limited to technical data relating to the Program's installation and operation; it does not include the content of advertising campaigns, traffic data, creative assets, targeting parameters, or any end-user data processed by the Program. The Company processes Operational Telemetry for the following purposes and on the following legal bases under Article 6(1) of Regulation (EU) 2016/679 (GDPR):

 

(a) License verification and activation (Article 6(1)(b) — performance of contract): to authenticate the License Key, prevent unauthorized use, and ensure the Program operates in accordance with the applicable service plan;

 

(b) Security, fraud prevention, and abuse detection (Article 6(1)(f) — legitimate interests): to detect fraudulent registrations, unauthorized access, policy violations, and to maintain the integrity and security of the Program and its infrastructure. The Company's legitimate interest consists in protecting the Program and its user base from misuse, fraud, and unauthorized activity;

 

(c) Sanctions and regulatory compliance (Article 6(1)(c) — compliance with legal obligation): to perform screening against applicable sanctions lists and to fulfil obligations under EU and Estonian law, including Council Regulation (EU) No 833/2014 and the Estonian International Sanctions Act (RSanS).

 

Operational Telemetry is pseudonymized and linked to the User's specific installation. It may be correlated with data from other installations for the purposes of detecting policy violations and sanctions circumvention. Operational Telemetry is retained for no longer than 2 years from the date of collection. Where data relates to a suspected policy violation, fraud investigation, sanctions matter, or other legitimate enforcement proceeding, the retention period may be extended to no longer than 3 years from the date of collection, or for such longer period as may be required by applicable law. Further information about the processing of Operational Telemetry, including data subject rights, is available in the Company's Privacy Notice at https://keitaro.io/en/privacy-policy-eu.

7.

DATA SHARING

We share your personal information with the following categories of third parties:

a) Analytics Providers. We use analytics services to understand how you use our website. This helps us improve our website and tailor it to your preferences.

b) Hosting Providers. Our website is hosted on secure servers managed by a hosting provider. They have access to data essential for maintaining the website's functionality and security.

c) Payment Provider. We use Stripe Payments Europe, Ltd. (“Stripe”) as our payment processor. We do not store your full payment card details. All card data are processed and stored by Stripe, which is PCI DSS certified. When you opt to save your payment method for future use, Stripe issues a secure payment token which we store and reference in your Account.

8.

INTERNATIONAL DATA TRANSFERS

Some of our service providers are located in the United States. We implement appropriate safeguards, such as standard contractual clauses adopted by the European Commission, to ensure the proper protection of your data during these transfers.

When using Stripe, your data may be transferred to the United States. We rely on the European Commission’s Standard Contractual Clauses (SCCs) as appropriate safeguards under Article 46 GDPR.

9.

COOKIES

9.1
Definition

Cookies are small data files that are placed on your device when you visit a website. Website owners use cookies to make their websites work, or work more efficiently, as well as to provide reporting information.

Cookies are an essential tool for improving your user experience. They allow you to navigate between pages efficiently, remember your preferences, and generally enhance your experience on any website you visit. They also ensure that the advertisements you see online are relevant to you and your interests.

The cookies set by the website owner are called "first party cookies". The cookies set by other parties other than the website owner are called "third party cookies". Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognise your computer or mobile device both when it visits the websites in question and also when it visits certain other websites.

9.2
Types of Cookies We Use

a) Strictly necessary cookies

These cookies are essential for the website to function and cannot be disabled via the cookie banner. They are only set to provide website services properly. If you block or alert your browser about these cookies, it will affect how the Website works. We also record and keep your language and region preferences and privacy choices once you have made them.

b) Analytics cookies

These cookies allow us to count visits and track traffic sources, enabling us to measure and optimise the performance of our Website. They allow us to identify which pages are the most and least popular, and to see how visitors navigate the website. If you disable these cookies, we will be unable to monitor the performance of the Website.

9.3
Cookie Control

You have the right to accept or reject specific types of cookies (except strictly necessary cookies) through our cookie banner. You may also set or amend your web browser controls to accept or refuse cookies. If you reject cookies, you can still use our website, but you may have restricted access to some functionality and areas.

10.

AUTOMATED DECISION-MAKING

We do not engage in automated decision-making or automated profiling using your personal data.