Nordimaxum logoNordimaxum
Legal

Privacy Policy

How we collect, process and protect personal data across the Nordimaxum AI suite.

Effective 12 May 2026 · NORDIMAXUM OÜ

1. Who we are

NORDIMAXUM OÜ (registry code 17209709), registered at Tuukri 19-315, 10120 Tallinn, Estonia, is the data controller for personal data processed via nordimaxum.pro and the Nordimaxum platform. You can reach our privacy team at [email protected].

2. Data we collect

  • Account data: name, work email, company, role and authentication metadata.
  • Billing data: billing address, VAT number and payment confirmations (card data is handled by our PCI‑DSS payment processors).
  • Tenant content: prompts, knowledge bases, integration credentials and conversation logs you choose to store inside your workspace.
  • Usage telemetry: credit consumption, module activations, error events and high‑level performance metrics.
  • Cookies & device data: see our Cookie Policy for the full list.

3. Why we process it

  • To deliver, secure and operate the AI agents you have subscribed to.
  • To bill credits, prevent fraud and comply with EU tax obligations.
  • To improve product quality through aggregated, de‑identified analytics.
  • To send service notices and, with consent, occasional product updates.

4. Legal bases (GDPR Art. 6)

We rely on contract performance for account and platform delivery, legal obligation for accounting and tax records, legitimate interest for security and product improvement, and consent for marketing communications and non‑essential cookies.

5. Data sharing

We share data only with vetted sub‑processors that support the platform: cloud hosting, AI model providers, payment processing, email delivery and customer analytics. A current list is available on request. We never sell personal data.

6. International transfers

Production data is hosted in the European Union. Where transfers outside the EEA are necessary (for example to a model provider), we rely on Standard Contractual Clauses and additional technical safeguards.

7. Retention

Account data is retained while your workspace is active and for up to 24 months after closure. Tenant content is deleted within 30 days of subscription termination unless you request earlier erasure. Invoices are retained for 7 years to meet Estonian accounting law.

8. Your rights

You can request access, rectification, erasure, restriction, portability or to object to processing of your personal data. Email [email protected]. You may also lodge a complaint with the Estonian Data Protection Inspectorate (AKI).

9. Security

We apply encryption in transit and at rest, row‑level multi‑tenant isolation, least‑ privilege access, audit logging and regular penetration testing. Sub‑processors are contractually required to maintain comparable controls.

10. Changes

We will notify you by email and in‑app at least 14 days before any material change to this policy.

Questions? Write to [email protected] or post to Tuukri 19-315, 10120 Tallinn, Estonia.