Legal

Privacy Policy

Last updated: March 2026

Novansa OÜ (“we”, “us”, or “our”) operates the Thinklio website. This Privacy Policy explains how we collect, use, store, and protect your personal information, and describes your rights under the General Data Protection Regulation (GDPR). If you have any questions, contact us at privacy@thinklio.com.

1. Who we are

The data controller is Novansa OÜ, a private limited company registered in the Republic of Estonia. For all data protection enquiries, please write to privacy@thinklio.com.

2. What data we collect

We collect only the minimum data necessary to operate the Website and communicate with you. This includes:

Contact form submissions

When you use the contact form, we collect your name, email address, and the content of your message so that we can respond to your enquiry.

Newsletter and early access signups

If you sign up to receive product updates or early access communications, we collect your email address. You may also voluntarily provide your name.

Standard web analytics

We use privacy-respecting analytics to understand how visitors use the Website. This may include page views, referral sources, and general device or browser information. We do not use tools that build individual advertising profiles.

3. How we use your data

We use the personal data we collect for the following purposes:

  • To respond to your enquiries and messages submitted through the contact form.
  • To send you product updates, early access invitations, and other communications that you have subscribed to.
  • To understand how the Website is used so that we can improve it.
  • To comply with our legal obligations.

4. Legal basis for processing

We process your personal data on the following legal bases under the GDPR:

Consent (Article 6(1)(a))

We rely on your consent to send you marketing communications, product updates, and early access notifications. You may withdraw your consent at any time by unsubscribing or contacting us.

Legitimate interests (Article 6(1)(f))

We rely on our legitimate interest in responding to your enquiries and in operating and improving the Website. This interest is balanced against your rights and does not override them.

Legal obligation (Article 6(1)(c))

Where applicable law requires us to retain or process certain data, we do so on the basis of legal obligation.

5. Where your data is stored

Your personal data is stored on infrastructure within the European Union. Our primary hosting provider is Hetzner Cloud, with servers located in Nuremberg, Germany. We do not transfer your data outside the European Economic Area unless required by law or with your explicit consent.

6. Data retention

We retain your personal data only for as long as necessary for the purposes set out in this policy:

  • Enquiry data — retained for the duration of our business relationship and for a reasonable period thereafter in case follow-up is needed, after which it is securely deleted.
  • Newsletter and marketing data — retained until you unsubscribe or request deletion.
  • Analytics data — retained in aggregate, anonymised form.

7. Your rights under GDPR

As a data subject, you have the following rights under the GDPR. To exercise any of these rights, please contact us at privacy@thinklio.com. We will respond within 30 days.

Right of access

You have the right to request a copy of the personal data we hold about you.

Right to rectification

You have the right to ask us to correct inaccurate or incomplete personal data.

Right to erasure

You have the right to ask us to delete your personal data, subject to certain exceptions.

Right to data portability

You have the right to receive your data in a structured, commonly used, machine-readable format.

Right to restriction

You have the right to ask us to restrict processing of your data in certain circumstances.

Right to object

You have the right to object to processing based on legitimate interests, including direct marketing.

8. Cookies

We use only essential cookies required for the Website to function. We do not use third-party advertising cookies, cross-site tracking cookies, or cookies that build advertising profiles.

Essential cookies may include session identifiers and theme preference storage (e.g., light or dark mode). You can disable cookies in your browser settings, though this may affect some functionality of the Website.

9. Supervisory authority

You have the right to lodge a complaint with a supervisory authority if you believe your personal data has been processed in a manner that does not comply with the GDPR. As Novansa OÜ is registered in Estonia, the relevant supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), reachable at www.aki.ee. You may also contact the supervisory authority in your country of residence.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Website after any changes constitutes your acknowledgement of the updated policy.

11. Contact

For any privacy-related questions or to exercise your rights, please contact us:

Novansa OÜ

Registered in the Republic of Estonia

Data protection enquiries: privacy@thinklio.com

General enquiries: hello@thinklio.com