Legal

Privacy Policy

Last updated: May 27, 2026  ·  GDPR Compliant

1. Overview

Hustelio is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information about you when you use our platform, in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

The data controller is Hustelio Technologies Ltd, registered in Estonia. By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2. Data We Collect

We collect the following categories of personal data:

  • Identity Data: Full name, date of birth, government-issued identification details
  • Contact Data: Email address, phone number, postal address
  • Account Data: Username, encrypted password, account preferences and settings
  • Activity Data: Task completion records, session logs, platform interaction history
  • Technical Data: IP address, browser type and version, device identifiers, time zone
  • Verification Data: Documents submitted for identity verification (deleted after successful verification)

3. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account and verify your identity
  • To operate, maintain, and improve the Platform and its features
  • To communicate important platform updates, security alerts, and policy changes
  • To comply with legal obligations including anti-money laundering and KYC requirements
  • To detect, prevent, and investigate fraud, abuse, and security incidents
  • To generate aggregated, anonymised analytics for platform development

4. Legal Basis for Processing

We process your personal data under the following legal bases under GDPR Article 6:

  • Contract performance: Processing necessary to provide the services you have requested
  • Legal obligation: Processing required to comply with applicable law
  • Legitimate interests: Processing for fraud prevention, security, and platform improvement
  • Consent: Where you have provided explicit consent, such as for marketing communications

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with identity verification providers, cloud infrastructure providers, legal and regulatory authorities where required by applicable law, and professional advisors under confidentiality obligations. All third-party processors are subject to binding contractual obligations consistent with GDPR requirements.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Account data is retained for the duration of your account and for a period of 5 years thereafter. Identity verification documents are deleted within 30 days of successful verification. Activity logs are retained for 24 months.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time where applicable

To exercise any of these rights, please contact our DPO at [email protected]. We will respond within 30 days.

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include AES-256 encryption at rest, TLS 1.3 in transit, access controls, regular security audits, and staff data protection training.

9. International Data Transfers

Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, or adequacy decisions where applicable.

10. Children's Privacy

The Platform is not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email or a prominent notice on the Platform at least 14 days before they take effect.

12. Contact & Data Protection Officer

For any privacy-related enquiries or to exercise your rights, contact our Data Protection Officer:

DPO: [email protected]
General Privacy: [email protected]
Address: Tornimäe 5, 10145 Tallinn, Estonia

You also have the right to lodge a complaint with your local supervisory authority.