Legal

Privacy Policy

This policy explains what personal data we collect through the soiv.ai website, why we collect it, and your rights as a data subject under the General Data Protection Regulation (GDPR). It covers the website only — for example, our contact form. The soiv.ai voice service itself is provided to business clients under a separate service agreement and Data Processing Agreement; where we handle call or end-customer data on behalf of a business client, that client is the data controller and those terms — not this website policy — govern that processing.

Last updated: 29 June 2026

1. Data Controller

The data controller responsible for your personal data is:

Digital Priority OÜ Registry code: 16644892 · VAT: EE102571880 Pärnu mnt 139e/2, 11317 Tallinn, Harju maakond Estonia, European Union E-mail: [email protected]

soiv.ai is a product of Digital Priority OÜ, a company registered in Estonia under Estonian company law and subject to EU data protection rules.

2. Personal Data We Collect

2.1 Contact form

When you complete the contact form on this website, we collect the following information you provide voluntarily:

  • Full name
  • Company name
  • Work e-mail address
  • Phone number (optional)
  • Estimated monthly call volume (optional)
  • Message text

2.2 Server and access logs

Our web server automatically records standard access log data whenever you visit the site. This includes your IP address, the page requested, your browser type, and the date and time of the request. These logs are used for security monitoring, abuse prevention, and diagnosing technical issues.

2.3 Analytics

We use analytics tools to understand how visitors use our site. Analytics data is collected only after you have given your consent via the cookie consent banner. No analytics cookies or tracking scripts are loaded before consent is obtained. If you decline or withdraw consent, no analytics data is collected about your visit.

3. Purposes and Legal Bases (GDPR Art. 6)

PurposeData usedLegal basis
Responding to your enquiry and discussing a potential engagementName, company, e-mail, phone, call volume, messagePre-contractual steps at your request (Art. 6(1)(b))
Security monitoring and abuse prevention (server logs)IP address, access log dataLegitimate interests (Art. 6(1)(f)) — protecting the security of our systems
Understanding site usage to improve our service (analytics)Pseudonymised analytics dataConsent (Art. 6(1)(a)) — collected only after opt-in

4. Cookies and Consent

We use a cookie consent banner to give you control over non-essential cookies. Strictly necessary cookies (for example, security tokens required to submit the contact form) do not require your consent and are always active. All other cookies — including analytics — are loaded only after you click "Accept" on the banner.

You can change your cookie preferences at any time by clearing your browser's cookies or by using the preference controls in our consent banner (where available). Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

5. Processors and Data Sharing

We do not sell, rent, or trade your personal data. We may share your data with the following categories of processors, each bound to us by a data processing agreement:

  • Hosting infrastructure — our website and contact-form data are processed on servers operated on our own infrastructure within the EU/EEA. No third-party SaaS cloud hosting provider has access to form submissions.
  • E-mail delivery — enquiries submitted via the contact form are delivered through our own mail server infrastructure. We do not use a third-party e-mail marketing or transactional mail SaaS.
  • Analytics provider — we do not currently use a third-party analytics provider. If we introduce one, it will process data only with your consent, and this policy will be updated to name the provider and link its privacy policy.

We do not transfer your personal data to countries outside the EU/EEA.

6. EU/EEA Data Residency

All personal data collected through this website is stored and processed within the European Economic Area. The soiv.ai voice service has its own EU-native data residency arrangements, which are described in the service agreement and Data Processing Agreement with our business clients rather than in this website policy. We do not use website data to train AI models.

7. Retention Periods

  • Contact-form enquiries — retained for 24 months from the date of your enquiry, or until you request deletion, whichever comes first.
  • Server access logs — retained for 90 days and then deleted or anonymised.
  • Analytics data — not collected at present; if analytics are introduced, retention will follow the provider's settings and be stated here.

8. Your Rights as a Data Subject

Under GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15) You may request a copy of the personal data we hold about you and information about how we process it.

Right to rectification (Art. 16) You may ask us to correct inaccurate personal data or complete incomplete data.

Right to erasure (Art. 17) You may ask us to delete your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent, among other grounds. This right may be limited where we are required by law to retain data.

Right to restriction of processing (Art. 18) You may ask us to restrict processing of your data in certain circumstances — for example, while a correction is being investigated.

Right to data portability (Art. 20) Where processing is based on consent or a contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.

Right to object (Art. 21) You may object at any time to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to withdraw consent (Art. 7(3)) Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Right to lodge a complaint If you believe we have not handled your data in accordance with GDPR, you have the right to lodge a complaint with the Estonian supervisory authority:

Andmekaitse Inspektsioon (Data Protection Inspectorate) Tatari 39, 10134 Tallinn, Estonia www.aki.ee E-mail: [email protected]

You may also contact the data protection authority in your own EU/EEA country of residence.

9. How to Exercise Your Rights

To exercise any of the rights listed above, or to ask any questions about this policy, please contact us by e-mail:

[email protected]

We will respond within one month of receiving your request. If your request is complex or numerous, we may extend this period by a further two months and will notify you accordingly.

10. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated via a notice on this page and, where appropriate, by e-mail to active clients. The date at the top of this page indicates when the policy was last updated.