Privacy Policy

This is the legal text on the left, and our plain-English explanation on the right. Both say the same thing — the legal text is what controls if there's ever a disagreement.

Last updated: May 14, 2026

1. Who we are

The controller of your personal data is Balancing Services OÜ, a private limited company registered in Estonia under registry code 17276551, with its registered office at Jakobi tn 31-3, 51006 Tartu, Estonia ("Balancing Services", "we", "us"). For any privacy-related question, request, or complaint you can reach us at privacy@balancing.services.

In plain English

We're a small Estonian company. Email us at privacy@balancing.services with any question about your data.

2. What this policy covers

This Privacy Policy applies to balancing.services and all of its subdomains (*.balancing.services), including the public map, the API at api.balancing.services, and the Agent Plugin at agents.balancing.services (together, the "Services"). It does not cover websites or services operated by third parties that we link to.

In plain English

Everything we run under balancing.services— the map, the API, and the agent plugin. Not other people's websites we link to.

3. What personal data we collect

We process the following categories of personal data:

  • Sign-up details — when you start a trial or subscribe, we collect your name, work email, organization name, and (for paid subscriptions) your EU VAT number and billing address.
  • Account and usage data — when you use the API or Agent Plugin we store your account identifier, issued API tokens, and request logs (timestamp, endpoint, response status, IP address) for security, debugging, and billing.
  • Correspondence — any information you choose to send us by email or through a contact form.
  • Aggregate analytics — privacy-friendly, cookieless usage statistics collected via Plausible Analytics (see Section 7).

We do not knowingly collect special categories of personal data (e.g. health, political opinions) and we ask you not to send us any.

In plain English
  • If you sign up: your name, work email, company, and billing info if you pay us.
  • If you use the API: your account, API tokens, and request logs.
  • If you email us: whatever you write.
  • If you just browse: anonymous, cookieless page stats.

4. Why we use your data and on what legal basis

Under the GDPR, we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)) — to provide and operate the Services for trial, subscription, and Agreement holders.
  • Legitimate interests (Art. 6(1)(f)) — to keep the Services secure, prevent abuse, measure aggregate usage, and improve our product. We have assessed that these interests do not override your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)) — to comply with accounting, tax, and other obligations under Estonian and EU law.
  • Consent (Art. 6(1)(a)) — where required, for example when you explicitly opt in to receive marketing communications.

We do not use your personal data for automated decision-making that produces legal or similarly significant effects, and we do not sell it.

In plain English

We use your data to run the product, keep it secure, comply with tax law, and (only with your consent) send you marketing. We don't sell your data and we don't make automated decisions about you.

5. How long we keep your data

We keep personal data only for as long as we need it:

  • Account data — for as long as your account is active, and deleted within 30 days of account closure, except where retention is required by law.
  • API request logs — up to 90 days, then deleted or aggregated.
  • Invoicing and accounting records — for 7 years, as required by Estonian accounting law.
  • Marketing and trial inquiries — up to 24 months from the last interaction.
In plain English
  • Account stuff: while you're using us, plus 30 days.
  • Request logs: ~90 days.
  • Invoices: 7 years (Estonian tax law).
  • Sales emails: up to 2 years after we last heard from you.

6. Who we share data with

We do not sell personal data. We share it only with service providers that help us operate the Services, each acting as a processor under a written agreement:

  • Hosting and infrastructure — Ubicloud and related providers, for running our servers and storing data.
  • Email delivery — to send you transactional emails (e.g. trial verification, invoices).
  • Payment processing — to handle subscription payments and invoicing for paid Services.
  • Analytics — Plausible Analytics for cookieless, aggregate website usage statistics.

We may also disclose personal data when required by law, by a competent authority, or to defend our legal rights.

In plain English

Only the tools that help us run the service: hosting, email delivery, payments, and anonymous analytics. We'll also hand data over if a court tells us to.

7. Cookies and analytics

We do not use tracking cookies or third-party advertising cookies on our Services. For aggregate usage statistics we use Plausible Analytics, a privacy-focused, EU-hosted analytics tool that does not set cookies and does not store IP addresses or personal identifiers. Strictly necessary cookies or local-storage entries may be used only where required for the Services to function — for example, to remember authenticated sessions on paid services and to store your user preferences (such as the selected map layers or chart settings) locally in your browser. These entries are not sent to us and are not used to track you.

In plain English

No tracking cookies, no ad cookies. We use Plausible, which is cookieless and EU-hosted. We do keep small bits of data on your device — to remember you're logged in and to save your preferences (like which map layers you had on) — but these stay on your device and aren't sent to us.

8. International transfers

Personal data is primarily processed within the European Economic Area (EEA). Where a processor we use is located outside the EEA, we ensure that an adequate level of protection is in place through the European Commission's Standard Contractual Clauses or another lawful transfer mechanism under Chapter V of the GDPR.

In plain English

Your data stays in the EU when possible. If we ever need to send it outside, we use the legal safeguards the GDPR requires.

9. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate personal data corrected;
  • have your personal data erased, where applicable;
  • restrict or object to the processing of your personal data;
  • receive your personal data in a portable format and have it transmitted to another controller;
  • withdraw your consent at any time, where processing is based on consent.

To exercise any of these rights, email privacy@balancing.services. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee) or with the supervisory authority in your EU country of residence.

In plain English

You can ask us to show, fix, delete, or hand over your data, and you can withdraw any consent you gave. Email privacy@balancing.services. If you think we're doing it wrong, you can complain to the Estonian Data Protection Inspectorate.

10. Security

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit, access controls, and regular review of our infrastructure. No method of transmission over the internet is, however, fully secure, and we cannot guarantee absolute security.

In plain English

We use sensible security (encryption, restricted access). Nothing on the internet is 100% safe, but we take it seriously.

11. Children

The Services are not directed at children and are intended for users who are at least 16 years of age. We do not knowingly collect personal data from children under 16. If you believe that a child has provided personal data to us, please contact us so we can delete it.

In plain English

Our service isn't for kids under 16. If you spot kids using it, tell us and we'll remove their data.

12. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always available at this URL, with the "Last updated" date below. For material changes that affect your rights, we will notify you in advance by email (if you have an account) or through a notice on the Services.

In plain English

If we change something important, we'll email you or post a notice. The version on this page is always the current one.

13. How to contact us

For privacy questions, requests, or complaints:

Balancing Services OÜ
Jakobi tn 31-3
51006 Tartu, Estonia
Registry code: 17276551
Email: privacy@balancing.services

In plain English

Email privacy@balancing.services, or write to us in Tartu.

See also our Terms of Service.