Privacy Policy

Privacy Policy (English)

Version: 1.0 Effective Date: 25.03.2026

Noname

Registry code: 168888

Address: None

Email: privacy@deltalyth.com

This Privacy Policy explains how Noname (“Deltalyth”, “we”, “us”, “our”) processes personal data when you use our website, public checker, or paid business services.

We process personal data in accordance with:

• the General Data Protection Regulation (GDPR),
• the Estonian Personal Data Protection Act, and
• other applicable EU and Estonian laws.

1. Who We Are

For the public checker and website, Deltalyth acts as a data controller.

For paid business services, Deltalyth acts as a data processor, and the Customer is the data controller. Processing under paid services is governed by the Data Processing Agreement (DPA).

2. Personal Data We Process

We may process the following categories of personal data:

2.1 Data you upload

• documents, images, scans, PDFs
• metadata contained in files
• text or content you submit
• identifiers embedded in documents

2.2 Account and contact data (for paid services)

• name
• email address
• organization details
• billing information

2.3 Technical data

• IP address
• device information
• browser type
• log data
• usage analytics

2.4 Communication data

• emails and messages sent to us
• support requests
• feedback

We do not intentionally collect special categories of data unless you upload them voluntarily.

3. How We Use Personal Data

3.1 Public Checker (Controller Role)

We process uploaded files to:

• generate preliminary detection results,
• ensure security and prevent abuse,
• maintain and improve reliability where lawful,
• comply with legal obligations.

3.2 Paid Services (Processor Role)

We process data only according to the Customer’s instructions, for:

• document analysis,
• workflow and reporting,
• storage and retrieval,
• API-based processing.
• We do not use Customer data from paid services for:
• model training,
• product development,
• independent purposes, unless explicitly agreed in writing.

4. Legal Bases for Processing

Public Checker (Controller)

We rely on:

• GDPR Art. 6(1)(b) – performance of a contract (providing the checker),
• GDPR Art. 6(1)(f) – legitimate interests (security, abuse prevention, service reliability),
• GDPR Art. 6(1)(c) – legal obligations.
• Paid Services (Processor)
• Processing is based on:
• GDPR Art. 28 – processing under a DPA,
• the Customer’s lawful basis as controller.

5. Cookies and Analytics

We may use cookies for:

• essential website functionality,
• usage analytics,
• security and fraud prevention.

Where required, we request consent for nonessential cookies.

6. Data Retention

Public Checker

Public-check uploads are processed transiently to generate a result.

• This public website does not save a local copy of the uploaded file after the request is completed.
• The website does retain a hashed per-IP daily-usage counter, consent records, and consent-gated analytics events.
• Those records are kept for up to the configured analytics retention window (180 days by default) and are purged automatically during startup maintenance.

Paid Services

Retention is governed by the DPA and the Customer’s instructions.

Legal retention

Some data may be retained longer where required by law (e.g., accounting records).

7. Sharing Personal Data

We may share data with:

7.1 Subprocessors

Such as:

• hosting providers,
• email service providers,
• security and monitoring services.

All subprocessors are bound by GDPR-compliant agreements.

7.2 Legal authorities

Where required by law, court order, or regulatory obligation.

We do not sell personal data.

8. International Transfers

If personal data is transferred outside the EEA, we ensure appropriate safeguards under GDPR Chapter V, such as:

• Standard Contractual Clauses (SCCs),
• adequacy decisions,
• supplementary measures.

9. Your Rights

Depending on your role (consumer, data subject, or business customer), you may have the right to:

• access your personal data,
• correct inaccurate data,
• delete data (“right to be forgotten”),
• restrict processing,
• object to processing,
• data portability,
• withdraw consent (where applicable),
• lodge a complaint with a supervisory authority.
• In Estonia, the supervisory authority is: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

10. Security

We implement appropriate technical and organizational measures, including:

• encryption,
• access controls,
• logging and monitoring,
• secure development practices,
• incident response procedures.

No online system can guarantee absolute security, but we take reasonable steps to protect data.

11. Children’s Data

Our services are not intended for children under 18. We do not knowingly process children’s data unless submitted by a business customer under lawful grounds.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. Material updates will be communicated where required by law.

13. Contact Us

For privacy questions or requests, contact:

Noname Email: privacy@deltalyth.com Address: None