Terms of Service

Last updated: April 30, 2026 · Effective from: April 30, 2026 · FANARI OÜ (registration code 16648170)

1. Definitions

• "Platform", "Service" - the BalticLeads SaaS at balticleads.ee
• "Provider", "we", "us" - FANARI OÜ, registration code 16648170, registered in Tallinn, Estonia
• "User", "you" - the registered business entity using the Platform via an account
• "Recipient" - a third-party business that receives an email sent by you through the Platform
• "GDPR" - Regulation (EU) 2016/679
• "Personal Data", "Data Controller", "Data Processor", "Processing" - as defined in GDPR Article 4
• "Recipient Data" - business contact data of Recipients, sourced from public registries and exposed through the Platform for your selection in campaigns
• "Campaign" - a set of emails composed and triggered for sending by you through the Platform
• "DPA" - the Data Processing Addendum set out in Section 8

2. The Service

The Provider operates a B2B email outreach platform that aggregates publicly available business data from official EU government registries (Estonia - Äriregister; Latvia - Uzņēmumu reģistrs; Lithuania - Registrų centras), exposes industry classifications (NACE Rev.2 / EMTAK), and provides email campaign management tools that send via your own SMTP credentials, OAuth-connected mailbox, or other configured sender.

The Service is provided on a Software-as-a-Service basis. We do not act as a sender of your emails - emails originate from your mail server using your credentials. We act as a technical intermediary and Data Processor in respect of Recipient Data and email content.

3. Eligibility & Account

• The Service is available exclusively to registered business entities (OÜ, AS, SIA, UAB, GmbH, Ltd, sole proprietors, etc.) with a valid registration code
• You must provide accurate registration data, contact email, and registration code
• You must keep your credentials confidential and notify us immediately of any unauthorized access
• You are responsible for all activity occurring under your account
• One account per legal entity. Sub-accounts for team members are not currently supported and may not be shared with third parties
• We may suspend or terminate accounts that fail eligibility verification, register with false information, or violate these Terms

4. Subscription, Pricing & Billing

• Free plan: 20 free email credits, no payment information required, view-only after credits are exhausted
• Paid plans: monthly billing in EUR via Stripe, prices displayed at /pricing
• Minimum commitment: all paid plans contracted for a minimum of 12 (twelve) months from activation
• Subscriptions auto-renew monthly after the minimum period until cancelled in writing
• Plan monthly quota resets automatically on your billing date
• Extra credits never expire and are consumed only after your monthly plan quota is fully used
• A 3% service fee applies to all credit purchases
• VAT: invoices include Estonian VAT where applicable; reverse-charge for EU VAT-registered businesses on provision of valid VAT ID
• Late payment: services may be suspended after 14 days of non-payment; account terminated after 60 days

4.1 Right of Withdrawal

As the Service is provided to businesses, the consumer right of withdrawal under EU Directive 2011/83/EU does not apply. By starting to use the paid Service, you expressly request immediate provision and waive any cool-off period that might otherwise apply.

5. Cancellation & Early Termination

Early termination fee: if you cancel before the end of the 12-month minimum, an early termination fee equal to 2 (two) months of your current plan price is invoiced upon cancellation. This compensates for service-acquisition costs allocated against the 12-month commitment.

• Self-service cancellation is unavailable during the minimum period - contact info@balticleads.ee
• After the minimum period, cancel any time via Billing → Manage Billing
• Cancellation effective at the end of the current billing cycle
• Upon downgrade to Free: active campaigns pause automatically (not deleted), can be resumed by re-subscribing
• No refunds for partial months or unused email credits except as required by mandatory consumer law (which does not apply to B2B contracts under Section 4.1)
• We may terminate immediately for breach of Sections 3, 6, 7, or 8 without refund

6. Acceptable Use Policy

You commit to use the Service only for lawful B2B outreach. The following are strictly prohibited and constitute material breach justifying immediate termination without refund and reporting to authorities where applicable:

6.1 Prohibited recipients

• Sending to personal email addresses (e.g. firstname.lastname@gmail.com, @yahoo.com, @hotmail.com, @mail.ru, @protonmail.com) where the address is clearly that of a private individual
• Sending to addresses that have opted out via our unsubscribe mechanism - the Platform blocks this automatically; circumventing the block is forbidden
• Sending to addresses you obtained outside the Platform without verifying lawful basis (the Platform's lawful basis applies only to Platform-sourced data)
• Sending to harvested or scraped lists from social networks, leaked databases, or unauthorized sources uploaded to your SMTP outside the Platform
• Sending to children or to data subjects you reasonably know to be minors
• Sending to addresses in jurisdictions that prohibit B2B unsolicited commercial email by national law (notably Germany under UWG § 7, Austria under TKG § 174, and certain stricter ePrivacy implementations) without verified prior consent

6.2 Prohibited content

• Phishing, identity theft, or impersonation of other persons or organizations
• Malware, malicious links, or downloads
• Promotion of illegal goods or services (drugs, weapons, counterfeit, gambling without licence in recipient's jurisdiction)
• Pyramid schemes, multi-level marketing recruitment, or "get-rich-quick" promotions
• Adult content, sexually explicit material, or escort services
• Content infringing third-party intellectual property
• Misleading subject lines or sender identities - required by ePrivacy Directive Art. 13(4) and Estonian Information Society Services Act
• Content prohibited by EU sanctions regimes or applicable export control laws
• Hate speech, harassment, or content inciting violence

6.3 Prohibited technical behaviour

• Bulk-extracting data via automated tools, browser automation, or API abuse beyond your subscribed quota
• Reselling, sub-licensing, or making the Recipient Data available to third parties outside your own outreach
• Creating multiple accounts to circumvent quotas, blocks, or pricing
• Reverse-engineering, decompiling, or attempting to bypass authentication or rate limits
• Probing or attacking Platform security; load-testing without prior written permission
• Using personal Gmail / Outlook / consumer mail providers as the SMTP sender for cold outreach (Gmail's bulk-sender policy of Feb 2024 prohibits this and will block your messages; we recommend dedicated Workspace mailboxes)

6.4 Sending best-practice (mandatory)

• Sending capped at the daily limit shown in your account settings (default 450/day)
• Configure SPF, DKIM, and DMARC on your sending domain. The Platform's domain check tool helps you verify
• Personalize content meaningfully - identical templates blasted to thousands triggers spam filters
• Stop sending to a thread once you receive an explicit "do not contact" response, even before formal unsubscribe
• Maintain a spam-complaint rate below 0.1% and bounce rate below 5% - we may throttle or suspend accounts that exceed these thresholds to protect aggregate sender reputation

7. User Responsibilities & Indemnification

You acknowledge and agree that:

• You are solely responsible for the content of every email you send through the Platform
• You are solely responsible for compliance with applicable anti-spam laws (including the ePrivacy Directive, the Estonian Information Society Services Act, the Latvian Information Society Services Act, the Lithuanian Electronic Communications Act, German UWG, US CAN-SPAM Act where applicable, Canadian CASL where applicable, and equivalent national laws)
• You are the Data Controller in respect of personal data of Recipients you process through the Platform; we act as your Data Processor under the DPA in Section 8
• You will comply with the lawful basis described in Section 5 of our Privacy Policy (legitimate interest under GDPR Art. 6(1)(f)) and document your own balancing test if required
• You will respond to data subject requests received from Recipients within 30 days, with our reasonable assistance
• You will notify us immediately of any data breach affecting Recipient Data via your account, so we can assist with mandatory authority notifications

Indemnification: you agree to defend, indemnify and hold harmless the Provider and its directors, employees and agents from and against any third-party claims, damages, fines, penalties, costs and reasonable legal fees arising from: (a) your breach of these Terms or applicable law; (b) the content of emails you send through the Platform; (c) your processing of Recipient Data outside the scope of the DPA; (d) data subject claims, regulator complaints or supervisory authority enforcement actions resulting from your campaigns. This indemnification survives termination.

8. Data Processing Addendum (DPA)

This Section 8 forms a binding Data Processing Agreement under GDPR Article 28(3) between you (the "Controller") and the Provider (the "Processor") in respect of Recipient Data and email content processed by the Provider on your behalf.

8.1 Subject matter, duration, nature and purpose

• Subject matter: processing of Recipient Data and email content for the purpose of operating B2B email campaigns initiated by the Controller
• Duration: for the term of these Terms plus any retention period required by law or specified in the Privacy Policy
• Nature and purpose: ingestion of public registry data, exposure to the Controller via search and filter UI, sending of campaign emails via the Controller's mail credentials, recording of send/reply metadata for the Controller's reporting
• Type of personal data: business contact data (company name, business email, address, registration code, business activity), email message metadata (Message-ID, timestamps), short reply excerpts
• Categories of data subjects: registered business entities and their named representatives where named in public registries; recipients of campaign emails

8.2 Processor obligations (we will)

• Process personal data only on your documented instructions, including transfers outside the EEA where necessary, unless required by EU or Member State law to which we are subject
• Ensure that personnel authorized to process the data are bound by confidentiality
• Implement appropriate technical and organisational measures listed in our Privacy Policy Section 11
• Engage sub-processors only on terms providing equivalent protection and listed in Privacy Policy Section 6; notify you of material changes with at least 30 days advance notice and right to object
• Assist you, taking into account the nature of the processing, in fulfilling your obligation to respond to data subject requests under GDPR Chapter III
• Assist you in complying with Articles 32-36 (security, breach notification, impact assessment, prior consultation)
• At your choice, delete or return all personal data after termination of the Service, subject to legal retention obligations
• Make available all information necessary to demonstrate compliance with Article 28 and allow for audits, including inspections, conducted by you or another auditor mandated by you (subject to mutually agreed reasonable scope and frequency)
• Notify you without undue delay of any personal data breach affecting your data, with sufficient information to allow you to fulfil your obligations under Articles 33-34

8.3 Controller obligations (you will)

• Establish and document a lawful basis for your processing of Recipient Data; the standard basis is GDPR Art. 6(1)(f) legitimate interest as analysed in our Privacy Policy Section 5
• Provide all required transparency information to data subjects in your own communications (e.g. identifying yourself in emails, including unsubscribe and contact for data subject requests)
• Promptly handle data subject requests received directly from Recipients
• Comply with the Acceptable Use Policy in Section 6
• Not provide the Processor with special categories of personal data (Art. 9) or criminal data (Art. 10)

8.4 International transfers

Where the Processor transfers personal data outside the EEA via approved sub-processors (Stripe, Google, Microsoft when used), the Processor relies on Standard Contractual Clauses (Commission Decision (EU) 2021/914) or adequacy decisions, as applicable.

8.5 Conflict

In case of conflict between this DPA and other parts of these Terms, this DPA prevails for matters of personal data protection.

9. Intellectual Property

All Platform software, design, content, trademarks, and documentation are owned by the Provider or its licensors and protected by intellectual property law. You receive a non-exclusive, non-transferable, revocable licence to use the Platform for the duration of your subscription and within these Terms. Recipient Data is sourced from public registries under their respective open-data licences (CC BY 4.0 or equivalent) - you must respect attribution where required by the source licence.

10. Service Availability

The Service is provided on a reasonable-effort basis. We target 99% monthly uptime but do not warrant uninterrupted availability. Scheduled maintenance is announced in advance where reasonably possible. We are not liable for outages caused by your sending infrastructure (SMTP server, OAuth provider) or third-party sub-processors.

11. Warranties & Disclaimer

To the maximum extent permitted by law, the Service is provided "as is" and "as available". We disclaim all implied warranties including merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that:

• The Service will meet your specific requirements or business goals
• Recipient Data is complete, current, or error-free (it reflects what registries publish at the time of ingestion)
• Email deliverability or open rates will reach any specific level
• The Service will be free of bugs, errors or interruption

12. Limitation of Liability

To the maximum extent permitted by applicable law:

• Neither party is liable for indirect, special, incidental, consequential, or punitive damages, or for lost profits, lost revenue, lost data, or lost business opportunities
• The Provider's total aggregate liability for any claim arising under or in connection with these Terms is limited to the amount paid by you to the Provider in the 12 months preceding the event giving rise to the claim
• Nothing in this Section limits liability for fraud, gross negligence, intentional misconduct, death or personal injury caused by negligence, or liability that cannot be excluded by mandatory law

13. Force Majeure

Neither party is liable for failure or delay in performance caused by events beyond reasonable control, including acts of God, war, terrorism, pandemic, governmental action, internet or power infrastructure failure, or actions of third-party providers (sub-processors, registries, mail providers).

14. Suspension & Termination

• We may suspend or terminate your account immediately upon material breach of these Terms (notably Sections 3, 6, 7, or 8)
• We may suspend the Service for security reasons (suspected account compromise, payment fraud, abuse) pending investigation
• Upon termination: your right to use the Service ends; your data is retained or deleted per Privacy Policy Section 8
• Sections that by their nature should survive (definitions, intellectual property, indemnification, limitation of liability, dispute resolution) survive termination

15. Changes to These Terms

We may update these Terms to reflect changes in law, services, or business practice. Material changes are notified at least 30 days in advance via email and in-platform banner. Continued use after the effective date constitutes acceptance. If you object, you may terminate before the effective date subject to the early-termination provisions in Section 5.

16. Governing Law & Dispute Resolution

These Terms are governed by the laws of the Republic of Estonia, excluding its conflict-of-law provisions. The UN Convention on Contracts for the International Sale of Goods does not apply.

The parties shall first attempt to resolve any dispute through good-faith negotiation. If unresolved within 60 days, disputes shall be brought before the courts of Harju County Court (Harju Maakohus), Tallinn, Estonia, except that we may seek injunctive relief in any competent jurisdiction to protect our intellectual property or enforce the Acceptable Use Policy.

For consumer disputes (where applicable, although the Service is B2B), the European Online Dispute Resolution platform is available at ec.europa.eu/consumers/odr.

17. General

• Entire agreement: these Terms (together with the Privacy Policy and DPA) constitute the entire agreement between the parties on the subject matter
• Severability: if any provision is invalid, the remaining provisions remain in force
• No waiver: failure to enforce a right is not a waiver of that right
• Assignment: you may not assign your rights without our written consent; we may assign in connection with a corporate reorganisation, merger or acquisition
• Notices: by email to info@balticleads.ee for us; to the email associated with your account for you
• Language: the English version is the legally binding text; translations are for convenience only

18. Contact

FANARI OÜ
Registration code: 16648170
Tallinn, Estonia
Email: info@balticleads.ee
Web: balticleads.ee