Privacy Policy

Last updated: February 15, 2026

1. Applicability

This Privacy Policy ("Policy") applies to the website istary.io (the "Site"), owned and operated by Istary OÜ ("Istary", "we", "us", or "our"), a company registered in Estonia. This Policy describes how we collect, use, and share information about you when you access or use our Site, products, and services.

By accessing or using the Site, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with this Policy, please do not use the Site.

2. Data Collected

We collect two types of information from users of our Site:

  • Personal Identifiable Information (PII) — information that can be used to identify you individually, such as your name, email address, company name, and any other information you voluntarily provide to us.
  • Non-Personal Identifiable Information (Non-PII) — information that cannot be used to identify you individually, such as browser type, operating system, referring URLs, and aggregated usage data.

3. Personal Identifiable Information

We may collect PII when you:

  • Submit a contact form or inquiry through the Site
  • Subscribe to our newsletter or mailing list
  • Register for an account or request access to our services
  • Communicate with us via email or other channels

The types of PII we may collect include your name, email address, phone number, company name, job title, and any other information you choose to provide.

4. Data Collected by Third Parties

Our Site may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

Third parties may use cookies, web beacons, or similar technologies to collect information about your online activities over time and across different websites when you use our Site.

5. Use of Third-Party Data Providers

We may use third-party analytics services, such as Google Analytics, to help us understand how visitors use the Site. These services may collect information about your use of the Site, including your IP address, browser type, pages visited, and the time spent on each page. This information is used to analyze trends, administer the Site, and gather demographic information about our user base as a whole.

6. Usage and Sharing of Collected Information

We may use the information we collect for the following purposes:

  • To provide, maintain, and improve the Site and our services
  • To respond to your inquiries, requests, and communications
  • To send you updates, newsletters, and marketing communications (with your consent where required)
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations and enforce our terms

We may share your information with third parties in the following circumstances:

  • Service Providers — We may share information with vendors and service providers who perform services on our behalf, such as hosting, analytics, and email delivery.
  • Legal Compliance — We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers — In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
  • With Your Consent — We may share information with your consent or at your direction.

7. Access to Information

You have the right to access, correct, update, or request deletion of your personal information at any time. To exercise these rights, please contact us at contact@istary.io. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

9. Users in the European Economic Area (EEA)

If you are located in the European Economic Area, the following additional information applies to you.

Legal Basis for Processing

We process your personal data under the General Data Protection Regulation (GDPR) on the following legal bases:

  • Consent — Where you have given us explicit consent to process your data for a specific purpose.
  • Contractual Necessity — Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legitimate Interests — Where processing is necessary for our legitimate interests (such as improving our services and ensuring security), provided those interests are not overridden by your rights and freedoms.
  • Legal Obligation — Where processing is necessary to comply with a legal obligation.

Your Rights Under the GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access — You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification — You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure — You have the right to request deletion of your personal data, subject to certain conditions.
  • Right to Restriction of Processing — You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability — You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object — You have the right to object to the processing of your personal data based on our legitimate interests.
  • Right to Withdraw Consent — Where processing is based on consent, you have the right to withdraw your consent at any time.

To exercise any of these rights, please contact us at contact@istary.io. You also have the right to lodge a complaint with your local data protection authority.

Data Transfers

Istary OÜ is based in Estonia, a member state of the European Union and the EEA. Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data in accordance with the GDPR.

10. Children's Privacy

Our Site and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe that a child under 18 has provided us with personal information, please contact us at contact@istary.io.

11. International Storage

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction. By using the Site, you consent to such transfer. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.

12. Law and Jurisdiction

This Policy shall be governed by and construed in accordance with the laws of the Republic of Estonia, without regard to its conflict of law provisions. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Tallinn, Estonia.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Istary OÜ
Sepapaja tn 6, Tallinn 15551, Estonia
contact@istary.io