Osaühing X

PRIVACY POLICY

Last updated: 05.03.2026


1. Company Information

Service Provider: Osaühing X
Registry Code: 17396663
Registered Address: [address as registered in the Commercial Register]
Email: mail@extaas.com
Phone: +372 5107862

The company does not have a public service point. Services are provided online.


2. Nature of the Service and Account Usage

Extaas.com is not a public account-based platform.

A user account is created only if a person orders a paid service (e.g., web development, software development, or another IT-related project). The purpose of the account is to:

  • link a specific project to a specific client
  • enable project management
  • enable management of project-related information and files
  • enable invoicing and payment association with the project
  • ensure the technical operation of the service
  • ensure proper service delivery in accordance with the agreement

Creating an account without ordering a service is not intended.

User activity logs are not maintained.
Click logs, behavioral analytics, or detailed usage histories are not collected.

The system stores only:

  • basic account information
  • last activity timestamp

Technical server logs may be generated for security and troubleshooting purposes, but they are not used for behavioral analysis or profiling.


3. Personal Data Processed


3.1 Authentication

Authentication is handled by Supabase.

Available sign-in methods:

  • Google OAuth
  • Discord OAuth
  • Magic Link (one-time login link via email)

During authentication, the system may process the following data:

  • unique user ID
  • email address
  • account name or display name
  • authentication provider (e.g., Google or Discord)
  • third-party account identifier
  • profile image URL (if provided by the authentication provider)
  • last sign-in timestamp

Technical session data (such as access tokens and refresh tokens) are processed solely for authentication purposes and are not used for any other purpose.

Extaas does not store passwords.


3.2 Project-Related Data

Depending on the service, the following data may be processed:

  • name
  • email address
  • billing information
  • project-related technical data
  • project-related files and documentation

Such data is processed exclusively for service delivery and fulfillment of project-related obligations.


3.3 Payment Processing

Payments are processed via Maksekeskus.

Extaas:

  • does not collect or store payment card data
  • does not have access to card details

After payment initiation, the payment service provider transmits a payment result confirmation to the system.

The following data may be stored:

  • transaction ID
  • payment status
  • payer’s full name
  • payment amount and currency

This data is used for:

  • payment confirmation
  • linking the payment to the relevant project
  • accounting purposes
  • compliance with statutory accounting obligations

Payment-related data is retained in accordance with Estonian accounting laws.


4. Purposes of Data Processing

Personal data is processed solely for the following purposes:

  • creation and management of client projects
  • delivery of services in accordance with contractual agreements
  • payment confirmation and accounting
  • compliance with legal obligations
  • resolution of potential disputes

Personal data is not used for marketing purposes.
No advertising or tracking cookies are used.


5. Service Providers and Data Transfers

The following service providers are used in service delivery:

  • Supabase – authentication and database
  • Resend – transactional emails
  • veebimajutus.ee – domain registration and email hosting services
  • Netlify – hosting web applications deployed from GitHub repositories
  • Maksekeskus – payment processing
  • Discord – API integration

OAuth providers (e.g., Google and Discord) act as independent data controllers under their own privacy policies.

Personal data is not sold to third parties.


6. Data Retention

Personal data is retained:

  • for as long as the project or service remains active
  • until account deletion
  • for the period required under accounting legislation (payment data)
  • until resolution of potential disputes

If no legal obligation exists, account-related data will be deleted within a reasonable period after the service ends.


7. Data Subject Rights

Users have the right to:

  • obtain information about the personal data processed about them
  • request correction of inaccurate data
  • request deletion of their account and related data
  • obtain a copy of their personal data

Separate restriction of processing is not technically possible, as the data is used solely for service functionality. If a person does not agree with data processing, they should not use paid services that require an account.

Requests: mail@extaas.com


8. Cookies and LocalStorage

The following may be used for functionality and user convenience:

  • authentication session cookies
  • maintaining login state
  • user preferences (e.g., language or theme)

No advertising or tracking cookies are used.


9. Changes

Osaühing X reserves the right to update this Privacy Policy.
Any changes will be published on the website.