Privacy Policy

Last updated: March 8, 2026

This Privacy Policy explains what data we collect, how we use it, and your rights.

Data Controller

The data controller responsible for your personal data is NexusBit OÜ, registered at Puiestee 43-8, 50303 Tartu, Estonia. You can contact us at info@nexusbit.ee.

Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

  • Contract performance - to provide you with our services, manage your account, and process subscription and coaching payments.
  • Legitimate interest - to maintain the security and integrity of our platform, including logging IP addresses for fraud prevention and abuse detection.
  • Consent - where you have given explicit consent, such as agreeing to our terms at sign-up.

Data We Collect

We only store the following personal data on our servers:

  • IP address - retained for up to 90 days for security and fraud prevention purposes.
  • Email address - retained for the duration of your account and deleted upon account deletion.
  • Display name - retained for the duration of your account and deleted upon account deletion.

All other personal information (such as payment details and billing address) is stored and processed by Stripe, our payment processor. We do not store this data on our servers. You can review Stripe's privacy policy at https://stripe.com/privacy.

Cookies

We use only essential cookies that are strictly necessary for the operation of our service. These include session cookies for authentication and login functionality. As these cookies are essential and do not track you for advertising or analytics purposes, no consent is required under EU law. No third-party tracking or analytics cookies are used.

Data Sharing

We do not sell, trade, or otherwise transfer your personal data to third parties. We share data only with the following service providers, who act as sub-processors and process data in accordance with their own privacy policies:

  • Stripe (payment processor) - to process your payments securely.
  • Cloudflare Turnstile (bot protection) - to verify that form submissions are made by real users. Turnstile may collect interaction data such as browser and device information.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • IP addresses: up to 90 days
  • Email and display name: for the lifetime of your account, deleted upon request or account deletion
  • Payment data: managed by Stripe according to their retention policies

Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of access - you can request a copy of the personal data we hold about you.
  • Right to rectification - you can request correction of inaccurate personal data.
  • Right to erasure - you can request deletion of your personal data.
  • Right to restriction of processing - you can request that we limit how we use your data.
  • Right to data portability - you can request your data in a machine-readable format.
  • Right to object - you can object to our processing of your personal data.

To exercise any of these rights, please contact us through our contact form:

Contact Us

Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. In Estonia, the supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), Tatari 39, 10134 Tallinn, Estonia - info@aki.ee.