Privacy policy.

01 / Who's the controller

JURISAL OÜ Network Ltd., registered in Harju maakond, Tallinn, Kesklinna linnaosa, Juhkentali tn 8, 10132, is the data controller for the personal data described in this policy. Our Data Protection Officer can be reached at dpo@JURISAL OÜ.network.

02 / What we collect

Depending on how you interact with us, we collect:

If you visit the marketing site

• IP address, browser/device characteristics, approximate location (city-level).
• Pages visited, referrer, time on page, basic clickstream.
• Cookie identifiers — see §06.

If you apply as an affiliate

• Name, email, phone, country, postal address.
• Business name and registration details where applicable.
• Identity documents and proof of address required for KYC.
• Traffic source declaration: domains, channels, monthly volume estimates.
• Payment account information: wallet addresses, IBAN, e-wallet IDs.
• Tax residency, VAT number where applicable.

If you use the affiliate portal

• Login records, IP addresses, two-factor device fingerprints.
• Activity logs: links created, reports run, withdrawals requested.
• Support correspondence with our team.

03 / Why we collect it

• To run the platform — accounts, tracking, payouts.
• To meet legal obligations — AML/KYC, tax reporting, regulator requests.
• To prevent fraud — detecting bot traffic, multi-account schemes, sanctions hits.
• To improve the product — analytics on what works, what breaks.
• To communicate — operational emails, payout confirmations, optional marketing if you opted in.

04 / Legal basis (GDPR)

• Contract — most processing related to your affiliate account.
• Legal obligation — KYC/AML and tax record-keeping.
• Legitimate interests — fraud prevention, network security, product analytics, where these don't override your rights.
• Consent — marketing emails and non-essential cookies, both of which you can withdraw any time.

05 / Who we share data with

We share personal data only where necessary, with:

• Operators we're sending you traffic to — to attribute conversions and reconcile payouts.
• KYC providers (Sumsub, Onfido, equivalents) — to verify identity documents.
• Payment processors — banks, crypto custodians, e-wallet providers.
• Cloud infrastructure — AWS (eu-west-1), Cloudflare, Datadog, Sentry.
• Regulators & law enforcement — where compelled by law or to defend a legal claim.
• Advisors — accountants, auditors, external counsel under confidentiality.

We do not sell personal data. We never have.

06 / Cookies & tracking

The cookies and similar technologies we use fall into three buckets:

• Strictly necessary — session, auth, CSRF. No opt-out, because the site doesn't work without them.
• Functional — language and display preferences. Opt-out via the cookie banner.
• Analytics — first-party page analytics. Opt-out via the cookie banner.

We don't run third-party advertising cookies on this site. Tracking pixels used inside affiliate links to operator brands are governed by the operator's own privacy policy.

07 / How long we keep it

• KYC records — 5 years after account closure (AML requirement).
• Financial records — 7 years (tax requirement).
• Tracking and conversion logs — 36 months from the event.
• Marketing-site analytics — 14 months.
• Support tickets — 3 years from closure.

08 / International transfers

Our primary infrastructure is in the EU. Some processors are based in the United Kingdom (adequacy decision in place) and the United States. For US transfers we rely on the EU–US Data Privacy Framework where the processor is certified, and on Standard Contractual Clauses with supplementary measures otherwise.

09 / Your rights

Under GDPR / UK GDPR you have the right to:

• Access — get a copy of the data we hold about you.
• Rectify — fix data that's wrong.
• Erase — delete data, subject to legal retention obligations.
• Restrict — pause processing while a dispute is resolved.
• Object — to processing based on legitimate interests.
• Port — receive your data in a machine-readable format.
• Withdraw consent — for anything we process under consent.
• Complain — to a supervisory authority (Harju maakond, Tallinn, Kesklinna linnaosa, Juhkentali tn 8, 10132 Regulatory Authority for us; or the authority where you live).

Under CCPA, if you're a California resident: you have the right to know, delete, correct, and opt out of "sale" or "sharing" — note again that we do not sell personal data.

To exercise any right, write to dpo@JURISAL OÜ.network. We respond within 30 days.

10 / Security

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production systems is gated by SSO + hardware-key 2FA, audited monthly. All staff with access to personal data are bound by confidentiality and complete annual security training. We carry external penetration tests twice a year.

If something does go wrong, we'll notify the relevant supervisory authority within 72 hours and affected users without undue delay, consistent with Article 33/34 GDPR.

11 / Contact

Data Protection Officer: dpo@JURISAL OÜ.network
Postal: JURISAL OÜ Network Ltd., Harju maakond, Tallinn, Kesklinna linnaosa, Juhkentali tn 8, 10132 (full address provided on request).
Supervisory authority: Harju maakond, Tallinn, Kesklinna linnaosa, Juhkentali tn 8, 10132 Regulatory Authority — gra.gi.