Last updated: [2026-01-01]
Data Protection & Privacy#
We take your privacy and the protection of your personal data seriously. This page explains how we collect, use, store, and safeguard personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection and privacy laws.
Key Points (Summary)#
- Your data is currently stored in Amazon Web Services (AWS) – Oregon (USA)
- Regional data storage options (e.g. EU, Asia-Pacific) are planned for the future
- We apply encryption, access controls, and security best practices
- You have rights under GDPR, including access, correction, deletion, and portability
- You can contact us at dataprotection@continuia.io to exercise your rights
- Data is retained only as long as necessary, then securely deleted or anonymised
Data Controller#
For the purposes of applicable data protection laws, the data controller is:
[Continuia OÜ]
Email: dataprotection@continuia.io
Address: [Telliskivi tn 57, 10412 Tallinn, Harju maakond, Estonia]
Where Your Data Is Stored#
At present, all customer data is processed and stored securely in AWS Oregon (us-west-2).
We plan to introduce regional storage options in the future (such as the European Union or Asia-Pacific regions) to better support data residency and local regulatory requirements.
Legal Basis for Processing#
We process personal data under one or more of the following legal bases, as defined in Article 6 of the GDPR:
- Contractual necessity – to provide and operate our services
- Legitimate interests – to ensure security, reliability, and service improvement
- Legal obligations – to comply with applicable laws and regulations
- Consent – where explicitly required, such as for optional communications or features
Your Rights#
Under GDPR and similar privacy laws, you have the right to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Erase your personal data (where legally permitted)
- Restrict processing of your data
- Data portability, in a commonly used and machine-readable format
- Object to processing based on legitimate interests
- Not be subject to automated decision-making with legal or similarly significant effects
To exercise any of these rights, please contact dataprotection@continuia.io.
We will respond within the timeframes required by applicable law.
Data Retention#
We retain personal data only for as long as necessary to:
- Provide and maintain our services
- Meet legal, tax, or regulatory obligations
- Resolve disputes and enforce agreements
When data is no longer required, it is securely deleted or irreversibly anonymised.
Security Measures#
We apply appropriate technical and organisational measures to protect personal data, including:
- Encryption in transit and at rest
- Role-based access controls
- Audit logging and monitoring
- Regular security reviews and operational controls
These measures are designed to protect data against unauthorised access, loss, or misuse.
International Data Transfers#
Because our infrastructure is currently located in the United States, personal data may be transferred outside your country of residence.
Where required for EU or UK users, we rely on Standard Contractual Clauses (SCCs) or equivalent legal safeguards to ensure an adequate level of data protection in line with GDPR requirements.
Future Regional Storage Options#
We are working toward offering regional data storage choices, allowing users to select storage locations that align with their jurisdictional or regulatory preferences.
Contact#
If you have questions, concerns, or requests related to privacy or data protection, please contact:
[Continuia OÜ]
Email: dataprotection@continuia.io
Address: [Telliskivi tn 57, 10412 Tallinn, Harju maakond, Estonia]
Changes to This Policy#
We may update this Data Protection page from time to time to reflect changes in law, technology, or our services. Significant changes will be communicated through our website or application.
This policy is intended to comply with GDPR and to align with other privacy frameworks such as UK GDPR, CCPA, and similar international regulations.