Skip to content

Legal

Privacy policy

Last updated: May 14, 2026

1. Data controller

Byteweb OÜ
Sepapaja tn 6, 15551 Tallinn, Estonia
Registry code: 16990714 · VAT: EE102740802
E-mail: hello@byteweb.io

2. What data we process

We process personal data you actively send us (contact form, emails, configurator briefs: name, email, company, optional phone, your message). In addition, technical visit metadata (IP address, user agent, timestamp) is captured in server logs.

3. Purposes and legal bases

We process your data on the basis of Art. 6 (1)(b) GDPR (pre-contract and contract performance) and Art. 6 (1)(f) GDPR (legitimate interest in the secure operation of our site and abuse prevention). For email contact, Art. 6 (1)(a) GDPR (consent) also applies.

4. Retention

Inquiries are kept as long as needed to handle and follow up on your request, and at most for the duration of statutory retention obligations (e.g. up to 10 years for commercial/tax law). Server logs are anonymised or deleted after 14 days.

5. Your rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20) and objection (Art. 21) under the GDPR, and to lodge a complaint with a supervisory authority. Write to hello@byteweb.io.

6. Hosting & recipients

Our site is hosted within the European Union. Form submissions are stored on our own servers and forwarded to us via SMTP email (sent via Resend; receiving inbox in the EU). Other recipients and processors are named in sections 8 and 9 below.

7. Cookies and comparable technologies

We use only strictly necessary cookies. For anonymous traffic measurement we use Plausible Analytics (section 8) — a cookie-free solution. For advertising measurement we use the Meta Pixel (section 9) — only with your explicit consent through our consent banner.

8. Web analytics — Plausible

We use Plausible Analytics (Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia) for anonymous traffic measurement. Plausible sets no cookies and stores no personal data. Only aggregated page-view statistics are collected (page path, referrer, approximate country region, browser type).

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in anonymous traffic measurement). No consent under § 25 TTDSG is required as no information is stored on or read from your terminal device. Data is processed within the EU. Plausible's privacy policy: plausible.io/data-policy.

9. Advertising measurement — Meta Pixel and Conversions API

If you accept the "Marketing" category in our consent banner, we deploy the Meta Pixel (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland). This lets us measure the effectiveness of our advertising on Meta platforms (Facebook, Instagram) and build audiences for more relevant ads.

In addition, when you actively submit a contact request via our form, we transmit the following data directly from our server to Meta (Conversions API), hashed with SHA-256 first: your email address (if provided), your IP address, your user-agent, and the timestamp of the submission. Data is SHA-256 hashed before send — Meta receives no plaintext personal data.

Legal bases:

  • Meta Pixel (browser tracking): consent under Art. 6 (1)(a) GDPR and § 25 (1) TTDSG. You can withdraw consent at any time via the cookie settings.
  • Meta Conversions API (server-to-server on form submission): legitimate interest under Art. 6 (1)(f) GDPR to optimise our advertising, given that you have actively initiated contact with us.

Data processing: United States (Meta). Safeguarded by the EU-US Data Privacy Framework and supplementary Standard Contractual Clauses. Meta's privacy policy: facebook.com/privacy/policy.

10. Email delivery — Resend (with consent)

For delivering our lead magnets (e.g. the "Coach Website Diagnostic") and occasional content follow-up emails, we use Resend (Resend, Inc., 2261 Market Street, San Francisco, CA 94114, USA). Resend is certified under the EU-US Data Privacy Framework; supplementary Standard Contractual Clauses apply.

We process your email address and first name (if you provided one) solely for the agreed purpose: delivery of the requested diagnostic and up to 4 thematically relevant follow-up emails over two weeks. You can unsubscribe at any time via the link in the footer of every email.

Legal basis: Art. 6 (1)(a) GDPR (consent), given by actively ticking the consent checkbox in the signup form. Retention: until consent is withdrawn, or maximum 24 months after last activity.

11. Withdraw your consent

You can withdraw or change your consent to marketing tracking at any time: open cookie settings. Withdrawal is as easy as giving consent.