Privacy Policy

Kodar ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Estonian Personal Data Protection Act (IKS).

This policy applies to all personal data processed through our website kodar.ee, our quote form, project delivery pipeline, and any related communications.

The data controller responsible for your personal data is:

We collect the following categories of personal data:

• Full name and contact person name
• Email address
• Company/business name and details
• Phone number (when provided)
• Project requirements, preferences, and design choices submitted via our quote form
• Technical preferences (domain, hosting, etc.)
• Usage data via Vercel Analytics (anonymized page views, no personal identifiers)

We process your personal data under the following legal bases (GDPR Article 6):

• Consent (Art. 6(1)(a)): When you submit our quote form or contact us, you consent to the processing of your data for the stated purposes.
• Contract performance (Art. 6(1)(b)): Processing necessary to provide our web development services and fulfill our obligations.
• Legitimate interests (Art. 6(1)(f)): Improving our services, preventing fraud, and ensuring security.
• Legal obligation (Art. 6(1)(c)): Compliance with Estonian and EU legal requirements, including accounting and tax obligations.

• To provide, maintain, and improve our web development services
• To generate project quotes and cost estimates
• To communicate with you about your project, including status updates and delivery
• To analyze usage patterns and improve our website (via anonymized analytics)
• To comply with legal obligations under Estonian and EU law

We share your data only with the following service providers, who act as data processors:

• Vercel Inc. - Hosting, deployment, and web analytics (USA, EU SCCs in place)
• Neon Inc. - Database hosting for project and client data (USA, EU SCCs in place)
• Resend Inc. - Transactional email delivery (USA, EU SCCs in place)

Where data is transferred outside the EU/EEA, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place in accordance with GDPR Chapter V.

We retain your personal data only as long as necessary for the purposes outlined above:

• Project data: Retained for the duration of the project and 3 years after completion for warranty and support purposes
• Analytics data: Anonymized, retained for up to 24 months
• Legal/accounting records: Retained for 7 years as required by Estonian Accounting Act

Under the GDPR (Articles 15-22), you have the following rights regarding your personal data:

• Right of access (Art. 15): Request a copy of your personal data we hold.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten").
• Right to restriction (Art. 18): Request limitation of processing in certain circumstances.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3)): Withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@kodar.ee. We will respond within 30 days as required by GDPR.

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS/SSL), secure database storage, access controls, regular security updates, and secure authentication for administrative access.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.