• English
    • Eesti
    • Polski
    • Suomi

Privacy Policy

Last updated: 01.05.2026

1. GENERAL INFORMATION

Waybiller OÜ (registry code 14200010, address Mäealuse 2/1, Tallinn, Estonia) respects your privacy and processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, “GDPR”) and other applicable data protection laws.

This Privacy Policy describes what personal data we collect, for what purposes and on what legal basis we process such data, and what rights you have in relation to your personal data. In addition, prior to using the Service, a Data Processing Agreement (“DPA”) is concluded between Waybiller and the user, governing the processing of personal data within the Service.

For the purposes of this Policy:

  • “Waybiller” or “we” – Waybiller OÜ
  • “user” or “you” – a visitor of our website, user of the Service, client or prospective client
  • “Service” – Waybiller’s web application and mobile applications together with related functionalities

Data protection contact:
privacy@waybiller.com

General contact:
waybiller@waybiller.com

2. ROLE OF CONTROLLER AND PROCESSOR

Depending on the context, Waybiller acts either as a data controller or a data processor.

2.1 Waybiller as Data Controller

Waybiller acts as a data controller when processing:

  • website visitor data
  • demo and contact form data
  • marketing data
  • newsletter subscriber data
  • customer support inquiries (including AI-assisted support interactions)
  • user account creation and management data

In such cases, Waybiller determines the purposes and means of processing.

2.2 Waybiller as Data Processor

Waybiller acts as a data processor when processing personal data entered into the Service by the Client on behalf of the Client. In such cases, data processing is governed by the Data Processing Agreement (DPA).

3. PERSONAL DATA PROCESSED

We may process the following categories of personal data:

Data Type Personal Data
Identification and contact data First and last name; personal identification code; email address; phone number; company name; job title
Customer relationship data Order information; credit information; payment behavior
Customer support data Inquiry content; communication history; metadata (submission time, resolution time); recorded calls (where applicable); AI chatbot interactions
Technical data IP address; device and browser information; data collected via cookies
Payment data Payment card or other payment method details; transaction data

We retain personal data for as long as required or permitted by law, but no longer than reasonably necessary for the purposes for which the data was collected.

Data Type Purpose Legal Basis Retention Period
Identification and contact data Identification of the Client and representatives; account management; access provisioning; service delivery Contract performance; legal obligation; legitimate interest Reasonable period after account deletion; or 7 years if included in accounting documents (Accounting Act § 12(1))
Customer relationship data Service provision; billing; dispute resolution Contract performance; legal obligation; legitimate interest 7 years (Accounting Act § 12(1))
Customer support data Customer communication; responding to inquiries; service quality assurance Legitimate interest; contract performance Generally up to 3 years
Technical data Website operation; security; analytics; marketing Necessary cookies: legitimate interest; others: consent According to cookie settings
Payment data Payment processing; dispute resolution Contract performance; legal obligation 7 years

4. LEGAL BASIS FOR PROCESSING

Personal data is processed on the following legal bases:

  • performance of a contract (GDPR Art. 6(1)(b))
  • compliance with a legal obligation (Art. 6(1)(c))
  • legitimate interest (Art. 6(1)(f))
  • consent (Art. 6(1)(a))

Marketing activities are carried out based on consent or legitimate interest, in accordance with applicable law.

Waybiller does not use personal data for automated decision-making or profiling within the meaning of GDPR Article 22. AI-based voice and chat solutions are used solely for informational purposes and to support customer support operations. Such systems do not produce decisions with legal or similarly significant effects. Human oversight is ensured where necessary.

Waybiller may engage third-party service providers (sub-processors), including telecommunications, customer support and AI technology providers. These providers process personal data only on documented instructions and implement appropriate safeguards. Where data is transferred outside the EU/EEA, appropriate legal safeguards are applied.

5. DATA SHARING AND SUB-PROCESSORS

Personal data may be shared with service providers (sub-processors), including:

  • cloud service providers
  • hosting providers
  • customer support platforms
  • analytics providers

Data processing agreements are concluded with all sub-processors in accordance with GDPR requirements.

A list of sub-processors is available upon request at: privacy@waybiller.com

6. INTERNATIONAL DATA TRANSFERS

Where personal data is processed outside the EU/EEA or accessed from a third country (e.g. the United States), appropriate safeguards are applied, including Standard Contractual Clauses (SCCs) or other lawful mechanisms.

Certain data collected via cookies may also be transferred outside the EU/EEA in accordance with the Cookie Policy.

7. YOUR RIGHTS

You have the right to:

  • access your personal data
  • request rectification
  • request erasure
  • request restriction of processing
  • object to processing (GDPR Art. 21)
  • request data portability (GDPR Art. 20)
  • withdraw consent

Requests will be responded to within 30 days.

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate.

8. DATA SECURITY

Waybiller implements appropriate technical and organizational measures, including:

  • access controls
  • audit logs
  • regular security checks
  • role-based access restrictions

While reasonable measures are applied, no data transmission over the internet can be guaranteed to be completely secure.

9. COOKIES

Waybiller uses cookies and similar technologies for website functionality, analytics and marketing purposes.

For more detailed information, please refer to our Cookie Policy.

10. CHANGES

Waybiller may update this Privacy Policy at any time. Users will be notified of material changes at least 30 days in advance via website notice, email or in-app notification.

The current version is always available on our website.