Privacy Policy

Last updated: March 2026

This document should be reviewed by a qualified legal professional before being relied upon.

1. Introduction

BalticLeads ("we", "us", "our"), operated via balticleads.ee, is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform and services.

We act as the data controller for the personal data we process. If you have questions about this policy, contact us at support@balticleads.ee.

2. Data We Collect

2.1 Account Information

When you register, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form only; we never store plain-text passwords)

2.2 Payment Information

Payment processing is handled by Stripe, Inc. We do not store your credit card number, CVC, or full card details on our servers. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy for details.

2.3 Business Lead Data

Our platform aggregates publicly available business information from official government registries in Estonia, Latvia, and Lithuania. This data includes company names, registration codes, registered addresses, stated business activities, and publicly listed contact details. This information is sourced from public records and is not considered private personal data under GDPR.

2.4 Usage Data

We collect information about how you use our service, including email sending history, template usage, and feature interactions, solely to provide and improve the service.

2.5 Cookies

We use essential cookies only for session management and authentication. We do not use third-party tracking cookies, advertising cookies, or analytics cookies. See Section 8 for details.

3. How We Use Your Data

We process your personal data for the following purposes:

  • Service delivery: To provide, maintain, and improve our platform (legal basis: contract performance).
  • Authentication: To manage your account and verify your identity (legal basis: contract performance).
  • Email sending: To send emails on your behalf to recipients you select using your own email credentials or connected Gmail account (legal basis: contract performance).
  • Payment processing: To process subscription payments via Stripe (legal basis: contract performance).
  • Communication: To send you service-related notifications such as account confirmations or security alerts (legal basis: legitimate interest).
  • Legal compliance: To comply with applicable laws and regulations (legal basis: legal obligation).

4. Email Sending

When you use BalticLeads to send emails:

  • Emails are sent using your own SMTP credentials or your connected Gmail account. We act as a technical intermediary.
  • We store a record of sent emails (recipient address, timestamp, template used) for your send history and quota tracking.
  • You are solely responsible for the content of emails you send and for complying with applicable anti-spam laws (including GDPR, CAN-SPAM, and local regulations).

5. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

  • Stripe, Inc. — for payment processing.
  • Google (Gmail API) — only if you choose to connect your Gmail account, and only for sending emails on your behalf.

We do not use any third-party analytics, advertising, or tracking services.

6. Data Retention

  • Account data: Retained for as long as your account is active. Upon account deletion, your data is removed within 30 days.
  • Send history: Retained for up to 12 months for your reference, then automatically purged.
  • Payment records: Retained as required by tax and accounting regulations (typically 7 years).

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access your personal data and receive a copy of it.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data ("right to be forgotten").
  • Restrict processing of your data in certain circumstances.
  • Data portability — receive your data in a structured, commonly used format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at support@balticleads.ee. We will respond within 30 days.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local supervisory authority.

8. Cookies

We use only strictly necessary cookies for:

  • Session management (keeping you logged in)
  • Security (CSRF protection)

These cookies are essential for the service to function and do not require separate consent under GDPR. We do not use any optional, analytics, or advertising cookies.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Password hashing using industry-standard algorithms
  • HTTPS encryption for all data in transit
  • Access controls and authentication for all systems
  • Regular security reviews

10. International Transfers

Your data is processed within the European Economic Area (EEA). If any data is transferred outside the EEA (e.g., via Stripe or Google), it is protected by Standard Contractual Clauses or equivalent safeguards.

11. Children

Our service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the platform. The "Last updated" date at the top of this page indicates when this policy was last revised.

13. Contact

For any questions or requests regarding this Privacy Policy or your personal data:

BalticLeads
Tallinn, Estonia
Email: support@balticleads.ee

Privacy Policy | Terms of Service | Imprint