Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. Data We Collect

We collect the following categories of personal data:

• Account data: name, email address, password (hashed), organization details
• Billing data: subscription plan, payment history, invoicing details (processed via Stripe — we do not store credit card numbers)
• Usage data: pages visited, features used, actions performed within the Service
• Technical data: IP address, browser type, device information, operating system

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6(1):

• Consent (Art. 6(1)(a)): analytics cookies and optional communications
• Contract performance (Art. 6(1)(b)): account management, billing, and service delivery
• Legitimate interest (Art. 6(1)(f)): security monitoring, fraud prevention, and service improvement

4. Cookies and Tracking

We use the following types of cookies and similar technologies:

5. How We Use Your Data

We use your personal data to:

• Provide and maintain the Service
• Manage your account and process payments
• Respond to your inquiries and provide customer support
• Ensure the security and integrity of the Service
• Analyze usage patterns to improve the Service (aggregated, anonymized data)
• Comply with legal obligations

6. Sub-processors

We share your data with the following third-party service providers who process data on our behalf:

7. Data Retention

We retain your personal data for the following periods:

• Account data: for the duration of your account plus 30 days after deletion
• Billing records: 7 years (as required by Estonian accounting legislation)
• Analytics data: 26 months
• Server logs: 90 days

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): obtain a copy of your personal data
• Right to rectification (Art. 16): correct inaccurate personal data
• Right to erasure (Art. 17): request deletion of your personal data
• Right to restriction (Art. 18): restrict processing in certain circumstances
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interest
• Right to withdraw consent: withdraw your consent at any time for consent-based processing
• Right to lodge a complaint: file a complaint with a supervisory authority

To exercise any of these rights, please contact us at info@onpolar.com. We will respond to your request within 30 days.

9. International Data Transfers

Some of our sub-processors are located outside the European Economic Area (EEA). For all transfers of personal data to countries outside the EEA, we rely on EU Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of data protection.

10. Children’s Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. The date of the most recent revision is indicated at the top of this page.

12. Supervisory Authority

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate:

13. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at: