Privacy Policy

Last updated 6 June 2026

This policy explains what personal data Viltrum collects when you use the service, why we process it, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR).

1. Who we are

Viltrum is operated by AISIDE OÜ(“Viltrum”, “we”, “us”), a private limited company registered in Estonia. We are the data controller for the personal data described in this policy.

For any privacy question, or to exercise the rights set out in section 9, contact us at raian@aiside.ee.

2. Scope

This policy covers personal data we process about you, the user of the Viltrum web application at viltrum.ee. It does not govern the company-register information that Viltrum retrieves and displays in answers — that data originates from official public registers and is addressed separately in section 6.

3. What data we collect

We collect only what we need to run the service:

  • Account data — your email address. Your password is set and verified through our authentication provider (Supabase) and is stored only as a salted hash; we never see or store it in plain text.
  • Usage data — the number of questions you ask, daily and lifetime counters, your plan, and related timestamps. We use these to enforce the free-tier daily limit and to operate billing.
  • Conversation content — the questions you type and the answers Viltrum generates, stored as your conversation history so you can return to past chats.
  • Billing data — if you subscribe, our payment processor (Stripe) handles your card details directly; we never receive or store full card numbers. We store a Stripe customer identifier, your subscription status, and the current billing-period end date.
  • Technical data — standard server and request logs (IP address, browser/device type, timestamps) generated by our hosting providers for security, abuse prevention, and reliability.

4. Why we process it, and our legal basis

PurposeLegal basis (GDPR Art. 6)
Providing the service, your account, and conversation historyPerformance of a contract (Art. 6(1)(b))
Processing subscription payments and issuing invoicesContract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c))
Enforcing usage limits, securing the service, preventing abuse, and improving reliabilityLegitimate interests (Art. 6(1)(f))
Keeping accounting and tax recordsLegal obligation (Art. 6(1)(c))

We do not use your conversation content to send you marketing, and we do not sell your personal data to anyone.

5. Who we share it with (sub-processors)

We rely on a small number of trusted providers to operate Viltrum. Each processes personal data only on our instructions and under a data-processing agreement:

ProviderWhat they handleLocation
SupabaseAuthentication and account databaseEU
StripePayment processing and invoicingEU / USA
Google (Gemini API)Generates answers — your question and the registry data needed to answer it are sent to the modelEU / USA
VercelWeb application hosting and edge deliveryEU / USA
ContaboApplication server and conversation-history databaseGermany
Backblaze (B2)Storage of public source filings shown in answersEU / USA

We may also disclose data where required by law, to enforce our Terms, or to protect the rights and safety of our users or others.

6. Company-register data shown in answers

Viltrum answers questions using data from official public sources — the Estonian e-Business Register (RIK) and the U.S. SEC EDGAR system. Some of this register data, such as the names and roles of company officers and beneficial owners, is personal data about third parties. We process it to provide the service's core function, relying on our legitimate interest in offering access to public registers and the public interest in transparency of company information.

If you are an individual named in this register data and wish to object to its processing, contact us at raian@aiside.ee. Note that the underlying records remain published by the official registers themselves, which are the primary controllers of that source data.

7. International transfers

Some providers in section 5 process data outside the European Economic Area (notably in the United States). Where that happens, the transfer is protected by appropriate safeguards — typically the European Commission's Standard Contractual Clauses or an applicable adequacy decision.

8. How long we keep it

  • Account and conversation data — for as long as your account is active. You can delete individual conversations at any time; when you close your account we delete or anonymise your personal data within a reasonable period, except where we must retain it by law.
  • Billing and accounting records — retained for seven years, as required by Estonian accounting law.
  • Technical logs — retained for a short period for security and debugging, then rotated out.

9. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased (“right to be forgotten”);
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw any consent you have given, at any time.

To exercise any of these, email raian@aiside.ee. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee).

10. Security

We protect your data with encryption in transit (HTTPS), access controls, and reputable infrastructure providers. Passwords are hashed, payment card data never touches our servers, and database access is restricted to the application's server-side code. No system is perfectly secure, but we take reasonable, industry-standard measures to keep your data safe.

11. Cookies and analytics

Viltrum uses only essential cookies needed to keep you signed in and to operate the service securely. We do not use advertising cookies or third-party tracking that profiles you across other sites.

We use Vercel Web Analytics to understand aggregate traffic — page views, referrers, and visitor counts. It is privacy-friendly and cookieless: it does not set cookies, does not store personal identifiers, and does not track you across other websites.

12. Children

Viltrum is a professional research tool and is not directed at children. We do not knowingly collect personal data from anyone under 18.

13. Changes to this policy

We may update this policy as the service evolves. When we make material changes we will update the “Last updated” date above and, where appropriate, notify you.

14. Contact

Questions about this policy or your data? Email raian@aiside.ee. AISIDE OÜ.