Privacy Policy for SeadSync.com

1. Controller details

Data controller: Adriatic Holdings OÜ
Registry code: 16571644
Website: seadsync.com
Country of establishment: Estonia

For privacy-related requests, contact: krukovskiadrian@gmail.com. The GDPR requires clear information about the controller and relevant contact details in the privacy notice.

2. Scope

This Privacy Policy applies to personal data processed when a person:

• visits SeadSync.com;
• creates an account;
• submits a contact form or inquiry;
• requests a demo, quote, consultation, or support;
• subscribes to newsletters or product updates;
• uses SeadSync products or services;
• interacts with SeadSync on social media, by email, or through integrations.

3. Categories of personal data

Depending on how the service is used, SeadSync may process the following categories of personal data:

• Identity data: name, username, job title, company name.
• Contact data: email address, phone number, billing address, correspondence details.
• Account data: login credentials, password hash, account preferences, service settings.
• Transaction data: subscription plan, invoices, payment status, order history, VAT-related details.
• Technical data: IP address, browser type, device identifiers, operating system, referral URL, approximate location derived from IP, timestamps, log files.
• Usage data: page views, clickstream information, feature usage, session information, diagnostics, support interactions.
• Marketing data: consent choices, communication preferences, campaign engagement metrics.
• User-submitted content: materials, prompts, files, forms, legal or operational data uploaded or entered by users while using the service.
• Compliance data: records needed to verify identity, prevent abuse, investigate fraud, or comply with legal obligations.

SeadSync applies the principle of data minimisation and only collects data that is necessary for specified purposes. Estonian supervisory guidance also stresses lawful, fair, transparent, and minimal processing.

4. Sources of personal data

Personal data may be collected:

• directly from the user;
• automatically through the website, app, cookies, logs, and analytics tools;
• from the user's employer or organisation where an account is created for business use;
• from payment providers, identity verification providers, analytics vendors, CRM tools, or support tools;
• from publicly available sources where necessary for onboarding, fraud prevention, or business profiling.

5. Purposes and legal bases

SeadSync may process personal data for the following purposes and legal bases under Article 6 GDPR:

Where SeadSync relies on consent, consent may be withdrawn at any time without affecting prior lawful processing. Marketing emails to customers or prospects are handled in line with GDPR consent and transparency rules.

6. Sensitive and professional data

If SeadSync handles legal, business, identity, or compliance-related documents uploaded by users, users must ensure they have a lawful basis and authority to submit that data. SeadSync avoids requesting special category personal data unless strictly necessary and supported by an explicit legal basis under applicable law.

7. Cookies and similar technologies

SeadSync may use cookies, SDKs, pixels, local storage, and similar technologies for:

• essential site functionality;
• authentication and security;
• preferences and session continuity;
• analytics and performance measurement;
• marketing and campaign attribution, where permitted.

See also our Cookie notice. A separate consent banner should be used where non-essential technologies are deployed. GDPR transparency obligations require users to be informed clearly about data processing and choices.

8. Sharing of personal data

SeadSync may share personal data only where necessary with:

• hosting and cloud infrastructure providers;
• payment processors and billing providers;
• analytics and product performance vendors;
• customer support, CRM, and communications vendors;
• identity verification, security, and fraud prevention vendors;
• legal, tax, audit, and professional advisers;
• regulators, courts, law enforcement, or other public authorities when legally required;
• affiliated entities or acquirers in a merger, restructuring, financing, asset sale, or similar transaction.

Where third parties process data on SeadSync's behalf, appropriate data processing agreements are in place. See Security & DPA for procurement-facing detail.

9. International transfers

If personal data is transferred outside the EEA, SeadSync ensures an appropriate transfer mechanism (e.g. adequacy decision, Standard Contractual Clauses, or other GDPR Chapter V safeguard). The live policy will describe the transfer framework if such transfers apply to your processing.

10. Data retention

SeadSync retains personal data only for as long as necessary for the purposes for which it was collected, including to provide the service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security logs. Retention periods differ by category (e.g. account records, billing records, support records, technical logs). An operational retention schedule is maintained internally and reflected in public documentation when confirmed.

11. Data security

SeadSync implements appropriate technical and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures may include encryption in transit, access controls, role-based permissions, logging, backups, incident response procedures, and vendor due diligence. No online service can guarantee absolute security.

12. Data subject rights

Subject to applicable law, individuals may have the right to request access, rectification, erasure, restriction, objection to Article 6(1)(f) processing, data portability where applicable, and withdrawal of consent where processing is consent-based, and to lodge a complaint with a supervisory authority.

In Estonia, the supervisory authority is the Andmekaitse Inspektsioon (andmekaitse.ee). Requests: krukovskiadrian@gmail.com.

13. Children

SeadSync is not intended for children unless expressly stated otherwise. If SeadSync becomes aware that personal data has been collected from a child in violation of applicable law, it will take appropriate steps to delete that data.

14. Third-party services and links

The website or platform may contain links to third-party websites, integrations, or services. SeadSync is not responsible for the privacy practices of third parties, and users should review the relevant third-party notices before submitting personal data to them.

15. Automated decision-making

If SeadSync uses profiling, scoring, recommendation engines, or automated decision-making that produces legal or similarly significant effects, this policy will describe the logic involved, consequences, and applicable rights. This section will be revised once specific product workflows are confirmed.

16. Changes to this policy

SeadSync may update this Privacy Policy from time to time to reflect legal, technical, or business developments. The latest version is posted on seadsync.com with the revised effective date.

17. Contact and complaints

Privacy requests, complaints, and questions: krukovskiadrian@gmail.com. You may also lodge a complaint with the competent supervisory authority, including the Estonian Data Protection Inspectorate where applicable.

18. Implementation notes

Before commercial launch, SeadSync will publish and verify: the registered address of Adriatic Holdings OÜ; dedicated privacy and legal notice channels if distinct from general contact; key processors and infrastructure regions; retention periods by data set; cookie categories and consent tooling; whether a DPO or EU representative is required; and clear controller/processor roles for customer-uploaded data. Contact for current operational details.