Privacy Policy

1. Purpose

This Privacy Policy governs the processing of personal data that Nexora Virex OÜ collects through the website igemail.ai and its associated services. Its purpose is to inform you transparently about what data we collect, why we collect it, how long we retain it, and what rights you have.

2. Data Controller

• Company name: Nexora Virex OÜ
• Registry code: 17501769
• Registered address: Tartu mnt 67/1-13b, 10115 Tallinn, Estonia
• Legal contact: support@igemail.ai
• Website: https://igemail.ai

3. Data We Collect

We may collect the following categories of personal data:

• Identification data: first and last name.
• Contact data: email address.
• Usage data: pages visited, features used, usage frequency, and account settings.
• Technical data: IP address, browser type, operating system, device identifiers, and log data.
• Payment data: handled exclusively by our payment provider; Nexora Virex OÜ does not store card details.

4. Purposes of Processing

• Managing your account registration, access, and maintenance.
• Providing the services contracted through the igemail.ai platform.
• Processing payments and managing billing.
• Sending service communications, updates, and relevant announcements.
• Improving the platform through aggregated analysis of usage behaviour.
• Complying with applicable legal obligations.

5. Legal Basis for Processing

• Performance of a contract (Art. 6(1)(b) GDPR): processing necessary to provide the contracted services.
• Consent (Art. 6(1)(a) GDPR): for sending commercial communications or using non-essential cookies.
• Legitimate interest (Art. 6(1)(f) GDPR): for platform security, fraud prevention, and service improvement.
• Legal obligation (Art. 6(1)(c) GDPR): where processing is necessary to comply with applicable law.

6. Recipients of Your Data

Your personal data may be shared with the following data processors, with whom Nexora Virex OÜ has entered into the appropriate data processing agreements:

• Infrastructure and hosting providers (servers within the EU or with adequate safeguards).
• Payment processors (Stripe or another PCI-DSS certified processor).
• Analytics and monitoring tools for service performance analysis.
• Email communication providers for transactional email delivery.

We do not sell or transfer your data to third parties for their own commercial purposes.

7. Data Retention

We will retain your personal data for as long as you maintain an active account on igemail.ai and for as long as necessary to comply with applicable legal obligations (generally 5 years for tax and contractual records). Once the contractual relationship ends and the applicable retention periods expire, data will be securely deleted or anonymised.

8. Your Rights

You may exercise the following rights at any time by contacting us at support@igemail.ai:

• Access: find out what data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of your data ("right to be forgotten").
• Objection: object to processing in certain circumstances.
• Restriction: request that we suspend processing in specific cases.
• Portability: receive your data in a structured, machine-readable format.
• Withdrawal of consent: without affecting the lawfulness of processing carried out before withdrawal.

You also have the right to lodge a complaint with the competent supervisory authority in your country of residence. In the EU, you may contact your national data protection authority or the Spanish Data Protection Agency (AEPD) at www.aepd.es.

9. Cookies

igemail.ai uses first-party and third-party cookies to ensure the proper functioning of the platform, analyse usage, and personalise your experience. You can manage your cookie preferences through the cookie banner displayed on your first visit or in your browser settings. Strictly necessary cookies cannot be disabled as they are essential for the service to function. For full details, please see our Cookie Policy.

10. Security

Nexora Virex OÜ implements appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include encryption in transit (TLS/HTTPS), access controls, and periodic security reviews. No system is completely infallible; in the event of a security breach affecting your data, we will notify you in accordance with GDPR requirements.

11. Updates to This Policy

We reserve the right to update this Privacy Policy when necessary to reflect changes in the service or applicable legislation. Material changes will be communicated by email or via a prominent notice on the platform at least 15 days in advance. The date of the last update appears at the top of this document.