Introduction

Your privacy is important to us at VROTEK OÜ (“Vrotek,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website and services (collectively, the “Service”). It also outlines your rights and choices regarding your personal information.

By using the Vrotek Service (including visiting our website at vrotek.com or using our content‑protection platform), you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Service. We encourage you to read this Policy carefully and contact us if you have any questions.

Scope of this Privacy Policy

This Privacy Policy applies to personal data we collect through our digital properties – including our main website (vrotek.com), any sub‑domains (like our app or dashboard sub‑domain, if applicable), and communication channels controlled by Vrotek. It does not apply to any third‑party websites or services that we link to or interact with through our platform (such as payment processors or external leak sites), which have their own privacy policies. It also does not govern data processing by you in your own use of the Service (for example, if you download a report and share it, our policy doesn’t cover what you do with that data). This policy also does not cover information collected offline, except where you provide it to us for the purpose of using our Service (e.g., if you call customer support, some data from that call may be logged under this policy’s scope).

Our Commitment to Privacy

We are committed to protecting your privacy and handling your personal data transparently and fairly. In summary, our commitments include:

• No Selling of Personal Data: We do not sell your personal information to third parties. We also do not share your personal data with third parties for their direct marketing purposes without your consent. Our business is subscription‑based, not reliant on selling data.
• Limited Advertising: We do not host third‑party ads on our application for logged‑in users. We may use analytics and have marketing on our public website, but we avoid invasive advertising practices. Any marketing emails or newsletters are opt‑in, and you can unsubscribe easily.
• Data Ownership: You maintain ownership of the content you upload or provide to our Service. We use it only to deliver and improve our Service to you, and as otherwise described in this Policy. We claim no ownership over your original content.
• Transparency: We will inform you of any significant changes to this Privacy Policy or how your data is handled. If changes are material, we will seek your attention to them (for example, via email or an in‑app notice).
• Data Minimization: We aim to collect and use only the personal data that is necessary for the purposes stated in this Policy. We strive to run our Service effectively while minimizing the personal data we process.
• Purpose Limitation: We will not use your personal data for purposes other than those we state at the time of collection or in this Privacy Policy, unless we obtain your consent or as required by law. We will not repurpose your data in unexpected ways.

With these principles in mind, below we detail what information we collect and how we use it.

Information We Collect

We collect personal data in several ways: (1) information you provide to us directly, (2) information we collect automatically when you use our Service, and (3) information from third parties (in limited cases such as payment confirmations). The types of data we collect and process include:

1. Information You Provide Directly

When you interact with Vrotek, you may provide certain personal information to us, including:

• Account Registration Data: When you sign up for our Service, we collect your full name, email address, and a password. We may also ask for a username or alias (especially if you prefer not to use your real name publicly within the app). In some cases, we might collect your city and country of residence, especially for profile information or localization purposes.
• Profile and User Details: You can (and should) provide information relevant to your content‑protection needs. This may include your online usernames or profile handles on platforms where you have content (e.g., your social‑media or content‑subscription platform usernames, so we know what content to protect). We might ask for an “avatar” or profile picture, but that’s optional.
• Payment Information: For subscription purchases, we rely on third‑party payment processors. You provide your payment details directly to the processor. Vrotek receives limited transaction info (e.g., transaction ID, amount, card type, last four digits, or PayPal email) plus subscription plan details. We store no full card numbers.
• Communications with Us: If you contact us for support or inquiries, we collect whatever information you choose to provide in that correspondence and log the interaction.
• Content and Documentation Uploads: To help us protect your materials you may upload reference content, takedown documentation, IDs, model releases, or DMCA consents. All such uploads are stored securely and used only to provide the Service.
• Optional Information: Additional profile fields, newsletter sign‑ups, SMS alert phone numbers, etc.
• Surveys and Feedback: Opinions, ratings, or suggestions you provide in voluntary surveys or beta tests.

2. Information We Collect Automatically

When you visit our website or use our app, certain data are collected automatically:

• Device and Usage Data: IP address, device type, operating system, browser type/version, device IDs, app version, pages viewed, time stamps, error logs.
• Analytics Data: On the public site we use Google Analytics (with IP anonymization) to gather aggregate statistics. Logged‑in dashboards do not use Google Analytics.
• Cookies and Similar Technologies: Essential cookies (session), preference cookies, analytics cookies (public site only). You can control cookies via your browser.
• Newsletter and Email Interactions: We may track email open rates and link clicks to evaluate communication effectiveness.
• Do Not Track: Our site currently does not respond to DNT signals; you may control tracking via browser settings.

3. Information from Third Parties

• Payment Processors: Provide us with payment confirmations and limited transaction details.
• Authentication Providers: If we add OAuth log‑ins, we would receive basic profile info (not currently implemented).
• Referrals or Invites: We may receive your email from someone who refers you.
• Public Sources & Legal Compliance: Limited research to confirm identity/rights or to comply with investigations.

We do not purchase marketing lists or demographic data from brokers, nor knowingly collect information from third parties about you without your knowledge.

Special Note on Children’s Data

No Use by Minors: Our Service is not intended for individuals under 18 years of age, and we do not knowingly collect personal data from anyone under 18 without verifiable parental consent. If we learn that we have inadvertently collected personal information from someone under 18, we will promptly delete that information. Contact us if you believe a minor’s data is in our system.

How We Use Your Information

We process personal data for various purposes and rely on specific legal bases. Below we outline the purposes and legal bases:

1. To Provide and Operate the Service

• Account Provisioning (legal basis: performance of contract).
• Content Scanning and Takedown Execution (performance of contract & legitimate interests).
• Dashboard and User Interface (performance of contract).
• Service‑related Communications (performance of contract / legitimate interests).
• Customer Support (performance of contract / legitimate interests).
• Service Quality and Performance (legitimate interests).

2. To Process Payments and Manage Subscriptions

• Payment processing and subscription management.
• Fraud prevention and compliance with accounting/tax laws.

3. To Communicate Updates, Marketing and News

Newsletter/marketing emails (consent or legitimate interests), product surveys, policy updates.

4. To Improve and Develop the Service

Usage analytics, debugging, machine‑learning improvements, anonymised statistics.

5. To Protect Rights, Prevent Fraud and Ensure Security

Security monitoring, abuse prevention, legal compliance, defense of rights, corporate transactions.

Legal Bases for Processing (EEA/UK etc.)

Performance of contract, legitimate interests, consent, legal obligation, and (rare) vital/public interest are the bases we rely on.

How We Share Your Information

We do not sell or rent your data. We share it only in the circumstances below and only as necessary:

1. With Service Providers (Processors)

• Payment processors
• Cloud hosting and IT infrastructure
• Email/communication tools
• Analytics providers (public site)
• Support/CRM systems
• Consultants and contractors bound by confidentiality

2. With Other Users or the Public

Generally none, except voluntary testimonials or referral disclosures with your consent.

3. In Takedown Notices to Third‑Party Hosts

We include your name and contact details as required for valid DMCA or similar notices.

4. With Authorities or When Required by Law

Compliance with court orders, subpoenas, legal obligations, or to protect rights and safety.

5. During Business Transfers

Data may transfer as part of a merger, acquisition, or similar transaction; new owners must honour this Policy.

6. With Your Consent

Any other sharing only happens with your explicit permission.

International Data Transfers

We are based in Estonia (EEA). Transfers outside the EEA use approved safeguards such as EU Standard Contractual Clauses. By using the Service you acknowledge such transfers.

Data Retention

We keep personal data only as long as necessary or required by law (e.g., 7‑year accounting retention). Detailed retention rules are outlined for account info, transactions, takedown correspondence, logs, content, backups, and legal holds.

Data Security

Measures include TLS encryption, encryption at rest, access controls, employee training, intrusion detection, secure development, and incident‑response procedures. No method is 100 % secure, but we strive to minimise risk and will notify you of breaches as required.

Your Rights and Choices

You may exercise rights of access, rectification, erasure, restriction, objection, data portability, withdrawal of consent, and the right not to be subject to automated decision‑making. We respond within statutory timeframes and do not discriminate for exercising rights.

You may lodge complaints with the Estonian Data Protection Inspectorate or your local DPA, but we encourage you to contact us first.

International Users

We serve users worldwide. We comply with GDPR (EEA), UK GDPR, and honour similar rights elsewhere (e.g., CCPA in spirit). Your data may be processed in Estonia or other countries as explained.

Updates to This Privacy Policy

We may update this Policy periodically. We post revisions with a new “Last Updated” date and, for material changes, provide prominent notice and obtain consent where required.

Contact Us

If you have questions, concerns, or requests, contact:

VROTEK OÜ
Lõõtsa 2b, 11415 Tallinn, Estonia
Email: info@vrotek.com
Phone: +372 5556 7450

Thank you for trusting Vrotek with your content‑protection needs. We value your privacy and work hard to keep your personal information secure and used only in ways that benefit you.