Skip to main content

GDPR Compliance

Last updated: December 16, 2025

Our Commitment to GDPR

Jakobsen Digital OU is committed to compliance with the General Data Protection Regulation (GDPR). As an Estonian company operating within the European Union, we take data protection seriously and have implemented comprehensive measures to protect your personal data.

Your Data Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.

Right to Rectification

You can request that we correct any inaccurate personal data or complete any incomplete data we hold about you.

Right to Erasure ("Right to be Forgotten")

You can request that we delete your personal data. We will comply unless we have a legal obligation to retain the data.

Right to Restrict Processing

You can request that we limit how we use your personal data while a complaint is being investigated or if the processing is unlawful.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer this data to another service provider.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

You can exercise your GDPR rights in several ways:

  • In-App: Access, download, or delete your data through your account settings
  • Email: Send a request to privacy@parsus.app

We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, but we will inform you of any such extension within the first 30 days.

Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: Email address
  • Subscription Data: Information about subscriptions you track (service names, costs, billing dates)
  • Technical Data: IP address, browser type, device information
  • Usage Data: Information about how you use our service
  • Transaction Data: Payment and billing information (processed by Stripe)

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Performance of Contract: To provide you with our subscription tracking service
  • Legitimate Interests: To improve our service, prevent fraud, and ensure security
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: To comply with tax and accounting requirements

Data Processors

We engage the following sub-processors to assist in providing our services. Your personal data may be processed by these parties in accordance with their respective privacy policies and our Data Processing Agreements:

  • Stripe, Inc. (Payment processing) — Processes payment transactions and billing information. Data may be transferred to the US under EU-approved Standard Contractual Clauses (SCCs).
  • Brevo (Sendinblue) (Email service provider) — Handles transactional emails, notifications, and account-related communications. Data is processed within the European Union.
  • Hetzner Online GmbH (Frontend hosting) — Hosts our web application. Server location: Finland (EU). All data remains within the European Economic Area.
  • Supabase, Inc. (Backend infrastructure) — Provides database, authentication, and backend services. Server location: Frankfurt, Germany (EU). All data remains within the European Economic Area.
  • Plausible Analytics (Website analytics) — Privacy-friendly analytics that does not use cookies and does not collect personal data. Only aggregated, anonymous data is processed. Plausible is EU-based and GDPR compliant by design.

All sub-processors have executed Data Processing Agreements (DPAs) with us and are contractually bound to process personal data in compliance with GDPR requirements.

International Data Transfers

The majority of your personal data is processed and stored within the European Economic Area (EEA), specifically in Finland and Germany. For payment processing through Stripe, data may be transferred to the United States. Such transfers are conducted under EU-approved Standard Contractual Clauses (SCCs) to ensure your data receives an adequate level of protection as required by GDPR.

Data Retention

We retain your personal data only for as long as necessary to provide our services and fulfill the purposes outlined in our Privacy Policy. When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g., for tax purposes, which may require retention for up to 7 years).

Cookie Policy

We minimize cookie usage on our website and application:

  • Essential Cookies: Required for the service to function (authentication, security)
  • Functional Cookies: Remember your preferences and settings
  • Analytics: We use Plausible Analytics which does not use cookies and does not track individual users. No consent required as no personal data is collected.

You can manage your cookie preferences at any time through your browser settings.

Data Security

We implement appropriate technical and organizational security measures, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication
  • Employee training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach (where feasible). We will also notify the relevant supervisory authority as required by GDPR.

Data Protection Officer

For any data protection inquiries, please contact us at:

Email: privacy@parsus.app
Jakobsen Digital OU
Estonia

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. The relevant supervisory authority in Estonia is:

Andmekaitse Inspektsioon (Data Protection Inspectorate)
Website: www.aki.ee
Email: info@aki.ee

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your data rights, please contact us at privacy@parsus.app.