Last updated: February 6, 2026
1. Introduction
Qorinx OÜ ("Qorinx," "we," "us," or "our"), registry code 17422930, is a software development company registered in Estonia, European Union. We are committed to protecting the privacy and personal data of our website visitors, clients, and prospective clients.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at qorinx.com, use our services, or interact with us. As an EU-based company, we are fully subject to and compliant with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679).
By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our website or provide us with your personal data.
2. Information We Collect
We collect personal data that you voluntarily provide to us and data that is automatically collected when you visit our website.
2.1 Information You Provide Directly
Contact form submissions: When you fill out our contact form, we collect your name, email address, company name (if provided), and the content of your message.
Consultation bookings: When you book a strategy call through our booking system, we receive your name, email address, and any additional information you choose to share during the booking process. A Google Calendar event is created and an invitation is sent to your email.
Client communications: If you become a client, we may collect additional information necessary to deliver our services, including billing details, project requirements, and technical specifications.
2.2 Information Collected Automatically
When you visit our website, we may automatically collect certain technical data, including your IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, and other diagnostic data. This information is collected through cookies and similar tracking technologies (see Section 9).
3. How We Use Your Information
We use the personal data we collect for the following purposes:
To respond to your inquiries and contact form submissions. To schedule and conduct consultation calls. To deliver our software development services (MVP development, AI integration, backend rescue, and development retainers). To send you project updates and relevant communications related to our engagement. To process payments and manage billing. To improve our website, services, and user experience. To comply with legal obligations and protect our legitimate interests. To send you marketing communications, but only with your explicit consent and with the ability to opt out at any time.
4. Legal Basis for Processing (GDPR Article 6)
Under the GDPR, we process your personal data based on one or more of the following legal grounds:
Consent (Article 6(1)(a)): Where you have given us explicit consent to process your data for a specific purpose, such as subscribing to marketing communications or accepting non-essential cookies.
Contract (Article 6(1)(b)): Where processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request, such as responding to your inquiry about our services or delivering a project.
Legitimate interest (Article 6(1)(f)): Where processing is necessary for our legitimate business interests, such as improving our website, preventing fraud, or ensuring network security, provided these interests are not overridden by your rights and freedoms.
Legal obligation (Article 6(1)(c)): Where processing is required to comply with a legal obligation, such as tax reporting, accounting requirements, or responding to lawful requests from public authorities.
5. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of service providers who assist us in operating our business:
Hosting and infrastructure providers: Our website and application infrastructure may be hosted on cloud platforms within the EU or in jurisdictions with adequate data protection levels.
Analytics providers: We may use analytics tools (such as Google Analytics) to understand how visitors use our website. These tools collect anonymized or pseudonymized data and are configured to respect your privacy preferences.
Scheduling tools: We use Google Calendar for scheduling consultation calls. When you book a call, a calendar event is created and an invitation is sent to your email via Google Calendar.
Payment processors: If you engage our services, payment processing is handled by third-party payment providers. We do not store your full credit card or bank account details on our servers.
Email service providers: We may use third-party email services to send transactional or marketing emails. These providers process your email address and name on our behalf.
All third-party service providers are contractually obligated to process your data only on our instructions and in compliance with the GDPR. We ensure appropriate data processing agreements are in place with each provider.
6. International Data Transfers
As an EU-based company, we primarily store and process your data within the European Economic Area (EEA). However, some of our third-party service providers may process data outside the EEA.
Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with the GDPR, including but not limited to: adequacy decisions by the European Commission (Article 45), Standard Contractual Clauses approved by the European Commission (Article 46(2)(c)), or the EU-U.S. Data Privacy Framework where applicable.
You may request information about the specific safeguards applied to any international transfer of your data by contacting us at [email protected].
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The specific retention periods depend on the type of data and the purpose of processing:
Contact form submissions: Retained for up to 12 months after the last interaction, unless a business relationship is established.
Client project data: Retained for the duration of the business relationship and up to 7 years thereafter for accounting and legal compliance purposes under Estonian law.
Billing and financial records: Retained for 7 years as required by Estonian accounting legislation.
Website analytics data: Retained in anonymized or aggregated form for up to 26 months.
When personal data is no longer required, we securely delete or anonymize it in accordance with our data retention procedures.
8. Your Rights Under the GDPR
As a data subject, you have the following rights under the GDPR. You may exercise any of these rights by contacting us at [email protected].
Right of access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is being processed.
Right to rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data we hold about you.
Right to erasure (Article 17): You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing. This right is not absolute and may be subject to legal obligations that require us to retain certain data.
Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to its processing.
Right to data portability (Article 20): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to object (Article 21): You have the right to object to the processing of your personal data where we rely on legitimate interest as our legal basis, or where data is processed for direct marketing purposes.
Right to withdraw consent (Article 7(3)): Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Right to lodge a complaint: If you believe that we have violated your data protection rights, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at aki.ee, or with the supervisory authority in the EU Member State of your habitual residence or place of work.
We will respond to all legitimate requests within 30 days. In exceptional circumstances, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for it.
9. Cookies
Our website uses cookies and similar tracking technologies to enhance your browsing experience and to analyze website traffic.
Essential cookies: These cookies are strictly necessary for the operation of our website and cannot be disabled. They include session cookies, security tokens, and cookies that remember your privacy preferences.
Analytics cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. They are only placed with your explicit consent.
Functional cookies: These cookies enable enhanced functionality and personalization, such as remembering your language preference or theme setting (dark/light mode).
You can manage your cookie preferences at any time through our cookie consent banner or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
10. Security Measures
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption of data in transit using TLS/SSL protocols. Encryption of sensitive data at rest. Access controls and authentication mechanisms to limit access to personal data to authorized personnel only. Regular security assessments and updates of our systems and software. Secure development practices in accordance with industry standards. Incident response procedures to promptly address any data breaches.
While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining the highest practicable standards.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. For material changes that significantly affect how we process your personal data, we will make reasonable efforts to notify you in advance, such as by posting a prominent notice on our website.
12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:
Data Controller
Qorinx OÜ
Registry Code: 17422930
Sepapaja tn 6, Lasnamäe linnaosa, Tallinn, Harju maakond, 15551, Estonia
Email: [email protected]
As Qorinx OÜ does not meet the thresholds requiring the appointment of a dedicated Data Protection Officer under the GDPR, data protection matters are handled directly by our management team. You may direct any data protection inquiries to the email address above.