Privacy Policy

This privacy policy applies to website.eldris.ai and is operated by EldrisAi OÜ, an Estonian company registered under number 3162734 with its registered office at Ruunaoja tn 3, Tallinn, 11415, Estonia. We are the data controller for any personal information you submit through this site or any of its forms. The named contact for any privacy question is the founder, reachable at hello@website.eldris.ai. We are EU-established, EU VAT registered, and we treat the GDPR as the floor of our practice rather than the ceiling.

We collect only what we need to quote, deliver and support your website translation engagement. From the contact form we take your name, work email, current website URL, target markets, rough product count and your free-text message. We do not store IP addresses against form submissions, we do not run third-party advertising trackers, and we do not use any analytics product that pixels individual visitors back to you. Our only network-edge layer is Cloudflare, which inspects request metadata briefly for security and abuse-prevention purposes and does not retain it for marketing.

We use your information to respond to quote requests, deliver the migration and translation work you have engaged us for, send operational updates while your site is being built, and bill you accurately during your monthly engagement. We do not send marketing emails to anyone who has not explicitly opted in. The named processors we share data with are Cloudflare (edge security and DNS), Supabase (our database, hosted in EU regions), and Resend (transactional email delivery). All three sit under written processor agreements with EU-standard data protection terms. We do not pass your data to any other party for any purpose.

This site uses a minimal cookie banner that loads on first visit. Functional cookies needed to make the site work — session, language, security — are set without consent because they are strictly necessary under GDPR Article 6. We do not run any third-party advertising trackers, no Meta Pixel, no TikTok pixel, no LinkedIn Insight Tag. Optional analytics, when enabled, run on a privacy-respecting product (Plausible or self-hosted Umami) that does not set persistent identifiers and does not share data outside our infrastructure. You can decline optional analytics and the site behaves identically.

You have the full set of GDPR rights over any data we hold on you. The right of access — ask us what we hold and we will send it. The right of rectification — tell us what is wrong and we will correct it. The right of erasure — ask us to delete your record and we will, subject only to bookkeeping retention obligations. The right to restrict processing, the right to data portability, and the right to object to any specific processing activity. To exercise any of these rights, email hello@website.eldris.ai with subject line GDPR request and the right you are exercising. We respond inside 30 calendar days. We do not charge a fee for any standard request.

Quote requests where we did not win the business are deleted automatically 12 months after submission. Active client records are retained for the full duration of your engagement plus seven years afterwards, because UK and Estonian bookkeeping law requires invoice and contract records to be kept for that period for tax and audit purposes. Backups roll on a 90-day window, which means a deletion request takes up to 90 days to fully clear from backup snapshots. After seven years, archived client records are purged in their entirety. None of this data ever leaves our processor stack.

All your data is stored and processed inside the European Union. Our database (Supabase) runs in the EU-Frankfurt region. Cloudflare edge security operates globally but does not retain personal data at non-EU edges. Transactional email delivery (Resend) processes inside EU and US regions, covered by EU Standard Contractual Clauses for the US leg. We are an Estonian-registered operator, not a US or UK entity, which means your data falls under direct EU jurisdiction without an adequacy bridge. We do not transfer personal data to any country outside the EU/UK without an SCC in place and a documented lawful basis.

We update this policy when our processing genuinely changes — a new processor, a new data category, a new retention window — and we update the last-updated date at the top of this page every time. Material changes that affect active clients are notified by email at least 14 days before they take effect, so you can object or close your account if you disagree. We do not use vague catch-all clauses about updates from time to time. Every revision has a date, a reason, and a record. Old versions are available on request via hello@website.eldris.ai.

Privacy questions go directly to hello@website.eldris.ai. The founder reads this inbox and responds inside 30 calendar days, sooner in most cases. If you are unhappy with the resolution, you have the right to escalate to the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee) as our supervisory authority, or to your own national data protection authority if you are an EU resident outside Estonia. We would always rather resolve a concern directly first.