This Privacy Policy explains how Equipmeter OÜ collects, uses, shares, and protects personal data when you visit our website, create an account, or use the Equipmeter service. We are committed to handling personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Estonian law.
Data controller. Equipmeter OÜ, registered in Estonia with its office in Tallinn, is the controller of personal data described in this policy. Contact us at info@equipmeter.ee for any privacy question or to exercise your rights.
01The data we collect
Account and profile data
When you sign up or are invited to a workspace, we collect your name, work email, password (stored hashed), organization, role, and similar account details.
Customer Data you put into the Service
As you use Equipmeter you create records such as assets, work orders, inspections, spare parts, vendors, and team members. These records may contain personal data of your staff or contacts. For this Customer Data, you (our business customer) are the controller and Equipmeter acts as a processor on your behalf.
Billing data
Payments are handled by our reseller and Merchant of Record, Paddle.com. We receive limited billing information (such as plan, billing country, and the last digits or type of card) but we do not receive or store your full payment-card number.
Usage and device data
We collect technical data such as IP address, device and browser type, pages and features used, and timestamps, to operate, secure, and improve the Service.
Communications
If you contact us (for example by the website form, email, or a demo request) we keep the content of those communications and your contact details.
02How we use data and our legal bases
- To provide the Service — creating and managing your account and delivering the features you subscribe to. Legal basis: performance of a contract.
- To process payments — through Paddle. Legal basis: performance of a contract and compliance with legal (tax/accounting) obligations.
- To secure and improve the Service — monitoring, troubleshooting, analytics, and product development. Legal basis: our legitimate interests in running a safe, reliable, and improving product.
- To communicate with you — service notices, support, and (where permitted) product updates. Legal basis: legitimate interests or your consent, which you can withdraw at any time.
- To comply with law — for example accounting, tax, and responding to lawful requests. Legal basis: legal obligation.
03How we share data
We do not sell personal data. We share it only with:
- Service providers (sub-processors) who help us run the Service — including cloud hosting within the EU, payment processing (Paddle), email delivery, error monitoring, and analytics — under contracts that require appropriate safeguards;
- Your own organization — other authorized users in your workspace can see the Customer Data you create there;
- Authorities or third parties where required by law or to protect our rights, users, or the security of the Service.
04International transfers
We host data in the European Union and prefer EU-based providers. Where a provider processes data outside the European Economic Area, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision.
05Data retention
We keep personal data for as long as your account is active and as needed to provide the Service. After your account is closed, we delete or anonymize Customer Data within a reasonable period, except where we must retain certain records (for example, invoices) to meet legal obligations.
06Your rights
Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, the right to data portability, and the right to withdraw consent where processing is based on consent. To exercise these rights, contact info@equipmeter.ee. If we process your data as a processor on behalf of a business customer, we will direct your request to that customer. You also have the right to lodge a complaint with a supervisory authority — in Estonia, the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
07Security
We use technical and organizational measures appropriate to the risk — including encryption in transit, access controls, and secure cloud infrastructure — to protect personal data against unauthorized access, loss, or misuse. No method of transmission or storage is completely secure, but we work continuously to protect your data.
08Cookies
Our website and application use cookies and similar technologies that are necessary to operate the Service (for example, to keep you signed in) and, where applicable, to understand usage and improve the product. You can control non-essential cookies through your browser settings.
09Children
The Service is intended for business use and is not directed to children. We do not knowingly collect personal data from children under 16.
10Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you, and we will update the “last updated” date above.