Privacy Policy
Datenschutzerklärung
Information about data processing in accordance with GDPR (EU) and Estonian Personal Data Protection Act
1. Data Controller / Verantwortlicher
Responsible Entity
Aaron Technologies OÜ
Sepapaja 6, 15551 Tallinn, Estonia
Registry Code: 17336129
Data Protection Contact
For all data protection inquiries and exercise of your rights under GDPR
2. Data We Process / Verarbeitete Daten
Account Data (via Supabase)
- • Email address (for authentication)
- • Username/Display name
- • Account creation timestamp
- • Authentication tokens (encrypted)
- • Login/Session logs
API Usage Data
- • API request timestamps
- • Request/Response metadata
- • Usage statistics and quotas
- • Error logs (anonymized)
- • Performance metrics
Zero PII Policy
Travel content processed through our API is automatically scanned for personally identifiable information (PII). Any detected PII is immediately anonymized or removed. We only extract and store travel intent data (destinations, dates, preferences) - never personal details like names, addresses, or payment information.
3. Legal Basis / Rechtsgrundlage (GDPR Art. 6)
Art. 6(1)(b) GDPR - Contract Performance
Processing of account data and API usage data necessary for providing our MustSeen Bridge Engine services as agreed in our Terms of Service.
Art. 6(1)(f) GDPR - Legitimate Interest
Processing of technical logs and analytics data for system security, fraud prevention, and service improvement.
Art. 6(1)(a) GDPR - Consent
Processing of optional feedback data and marketing communications (only with your explicit consent).
4. Data Retention / Speicherdauer
Account Data
Stored for the duration of your account plus 30 days after account deletion for legal and security purposes.
API Usage Logs
Retained for 12 months for debugging and billing purposes, then automatically purged.
Travel Intent Data
Processed in real-time and not permanently stored. Cached temporarily for up to 24 hours for performance optimization only.
Legal Compliance Data
Certain data may be retained longer to comply with Estonian accounting and tax law requirements (up to 7 years).
5. Your Rights / Ihre Rechte (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
Right of Access (Art. 15)
Request information about data processing
Right to Rectification (Art. 16)
Correct inaccurate personal data
Right to Erasure (Art. 17)
"Right to be forgotten" under certain conditions
Right to Data Portability (Art. 20)
Receive your data in a structured format
Right to Object (Art. 21)
Object to processing based on legitimate interest
Right to Complain
Lodge complaint with Estonian Data Protection Inspectorate
Exercise Your Rights
To exercise any of these rights, please contact us at:
We will respond to your request within 30 days as required by GDPR.
6. International Data Transfers / Internationale Übermittlungen
EU Data Residency Guarantee
All personal data is processed and stored exclusively within the European Union. We use Supabase's EU infrastructure (Frankfurt region) and do not transfer personal data to countries outside the EU/EEA.
Third-party services: We only use EU-based service providers or those providing adequate data protection guarantees under GDPR Art. 44-49.