Pilvio
    |

    Privacy Policy

    Astrec Data OÜ (brand Pilvio)

    Effective from: February 10, 2026 · Last updated: February 10, 2026

    1. General Provisions

    This Privacy Policy explains how Astrec Data OÜ (hereinafter "Pilvio", "we", or "us") collects, uses, retains, and protects personal data in connection with the use of the websites pilvio.com and pilvio.pro and the related services.

    Pilvio respects your privacy and processes personal data in accordance with the European Union General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), the Estonian Personal Data Protection Act, and other applicable legislation.

    Data Controller:

    • Business name: Astrec Data OÜ
    • Registry code: 12626294
    • Address: Telliskivi 57, Palo Alto, 10412 Tallinn, Estonia
    • Email: info@pilvio.com
    • Phone: +372 521 68 08

    2. What Personal Data We Collect

    2.1 Upon Account Registration and Use of the Service

    • First and last name
    • Email address
    • Phone number
    • Company name and registry code (for business clients)
    • Billing address and payment details
    • IP address and login history

    2.2 When Visiting the Website

    • IP address
    • Browser type and version
    • Operating system information
    • Date, time, and duration of the visit
    • Data collected through cookies (see Section 8)

    2.3 Through Customer Support

    • Communication content (emails, chats, support tickets)
    • Technical data for problem resolution

    2.4 Technical Data Generated During Use of the Service

    • Resource usage statistics (CPU, memory, disk usage, network traffic)
    • Service logs and system events
    • API request metadata

    3. Purposes and Legal Bases for Processing Personal Data

    PurposeLegal Basis (GDPR)
    Provision of the Service and account managementPerformance of a contract (Art. 6(1)(b))
    Billing and accountingLegal obligation (Art. 6(1)(c))
    Provision of customer supportPerformance of a contract (Art. 6(1)(b))
    Service improvement and analyticsLegitimate interest (Art. 6(1)(f))
    Marketing communications (only with consent)Consent (Art. 6(1)(a))
    Fraud prevention and ensuring securityLegitimate interest (Art. 6(1)(f))
    Establishment and defense of legal claimsLegitimate interest (Art. 6(1)(f))
    Fulfillment of obligations regarding terrorist content online (Regulation (EU) 2021/784)Legal obligation (Art. 6(1)(c))

    4. Sharing of Personal Data

    We do not sell, rent, or share your personal data with third parties for marketing purposes. Personal data may be shared in the following cases:

    • Payment processors — for the execution of payments (e.g., banks, payment platforms)
    • Accounting service providers — for the fulfillment of accounting obligations
    • IT service providers — for ensuring the operation of the Service, provided that all data processors are obligated to comply with GDPR requirements
    • Government authorities — only pursuant to a legal obligation, including to the Consumer Protection and Technical Regulatory Authority (TTJA) under Regulation (EU) 2021/784 on addressing the dissemination of terrorist content online

    All third parties processing personal data are bound by data processing agreements that ensure the protection of your data.

    4.1 Data Location

    Pilvio service data is located in the following locations:

    ServiceData LocationJurisdiction
    pilvio.com servicesRepublic of EstoniaEU / Estonian jurisdiction
    pilvio.pro servicesThe NetherlandsEU / Dutch jurisdiction

    Both locations are situated within the territory of the European Union and are fully subject to the GDPR.

    We do not transfer personal data outside the European Union / European Economic Area, unless it is necessary for the provision of a specific service and an adequate level of data protection is ensured in accordance with GDPR requirements (e.g., European Commission adequacy decision, standard contractual clauses, etc.).

    5. Retention of Personal Data

    Personal data is retained only for as long as necessary to achieve the purposes of processing or to fulfill legal obligations:

    Data CategoryRetention Period
    Account dataUntil account closure + 3 years
    Invoices and payment data7 years (Accounting Act)
    Customer support communications3 years after case resolution
    Website logsUp to 12 months
    Marketing consentsUntil withdrawal of consent
    Removed terrorist content and related data6 months after removal (Regulation (EU) 2021/784 Art. 6), extended at the request of a competent authority or court

    After the expiry of the retention period, data shall be deleted or anonymized.

    6. Your Rights

    Under the GDPR, you have the following rights:

    • Right of access — you have the right to obtain information about what personal data we process about you
    • Right to rectification — you have the right to request the correction of inaccurate data
    • Right to erasure — you have the right to request the deletion of your data when there is no legal basis for processing
    • Right to restriction of processing — you have the right to request the restriction of data processing in certain cases
    • Right to data portability — you have the right to receive your data in a structured, commonly used, and machine-readable format
    • Right to object — you have the right to object to the processing of your data on the basis of legitimate interest
    • Right to withdraw consent — if processing is based on consent, you may withdraw it at any time

    To exercise your rights, please contact us at info@pilvio.com. We will respond to your request within 30 days at the latest.

    If you believe that the processing of your personal data violates your rights, you have the right to file a complaint with the Estonian Data Protection Inspectorate (www.aki.ee).

    7. Data Security

    Pilvio implements appropriate technical and organizational measures to protect personal data:

    • Encryption of data in transit (TLS/SSL) and at rest
    • Access control and authentication
    • Regular security audits and vulnerability testing
    • Employee training in data protection
    • Physical security at data centers
    • Incident response procedures

    8. Cookies

    Pilvio websites use cookies to ensure the proper functioning of the website and to improve the user experience.

    8.1 Cookie Categories

    CategoryDescriptionConsent
    Strictly NecessaryRequired for the basic functions of the website to operate (e.g., session management, security)Does not require consent
    AnalyticalHelp us understand how visitors use the websiteRequires consent
    FunctionalEnable enhanced functionality and personalizationRequires consent
    MarketingUsed to display relevant advertisementsRequires consent

    8.2 Cookie Management

    You have the right to disable cookies at any time through your browser settings. Disabling strictly necessary cookies may affect the functionality of the website.

    9. Third-Party Services

    The website may contain links to third-party websites. Pilvio is not responsible for the privacy practices of those websites. We recommend that you review the privacy policies of third parties before using their services.

    10. Target Audience of Services and Data of Minors

    Pilvio services are intended exclusively for business clients — legal entities and sole proprietors acting in the course of their economic or professional activity. The Services are not directed at consumers or minors. We do not knowingly collect personal data from persons under the age of 18. If we become aware that we have collected data from a minor, we will delete it without delay.

    11. Processing of Client Data (Data Processing)

    Pilvio provides cloud infrastructure services in the course of which clients may store and process their data on our servers. With respect to such data, Pilvio acts as a data processor in accordance with Article 28 of the GDPR.

    • Pilvio does not access or process the content of data stored by clients on the servers, unless it is necessary for the provision of the Service, the client has given explicit consent, or there is a legal obligation to do so (e.g., a removal order for terrorist content pursuant to Regulation (EU) 2021/784)
    • A separate Data Processing Agreement (DPA) shall be entered into with clients who process personal data in our infrastructure
    • The Client is the data controller with respect to the data of their end users

    12. Changes to the Privacy Policy

    We reserve the right to update this Privacy Policy from time to time. In the event of material changes, we will notify you by email and/or by a notice published on the website. We recommend reviewing the Privacy Policy regularly.

    13. Contact

    For privacy-related questions, requests, or complaints, please contact us:

    • Email: info@pilvio.com
    • Phone: +372 521 68 08
    • Address: Astrec Data OÜ, Telliskivi 57, Palo Alto, 10412 Tallinn, Estonia

    Supervisory authority: Estonian Data Protection Inspectorate — www.aki.ee, info@aki.ee

    Back to HomepageTerms of Service