This is an agreement between the Service Provider and the Customer and is governed by and is an integral part of the Terms and Conditions.

Your rights

Under the GDPR regulation you have the following rights:

  • the right to be informed
  • the right to access data we hold about the individual
  • the right to have data rectified, if inaccurate
  • the right to withdraw consent, and to be forgotten
  • the right to have data blocked from further processing
  • the right to object to direct marketing

You may exercise any of your rights in relation to your personal data by contacting our Data Protection Officer via email at and attaching application with qualified electronic signature or visiting the company office in person.

Collecting Information

We collect and associate with your User Account the information you provide us, for example: names, addresses, email addresses, phone numbers and billing information. We are acting as Data Controllers for this information. This information is stored and processed within the EU/EEA.

We keep, process and transmit your uploaded documents and information related to them. This data is processed solely in accordance with the directions provided by you. We are acting as a Data Processor for this information. This information is stored and processed within the EU/EEA.

We collect information related to how you use the Services. We may collect information like IP addresses, device information and the way you use our Services. This is for improving our Services for our Customers. Should this purpose require us to process Customer Data, the data will only be used in an anonymous form. We might use third-party tools to collect information regarding visitor behaviour and visitor demographics on our Services (see the Cookies and Analytics section below). We are acting as a Data Controller for this information.

We might receive information about you from third parties we are working closely with (like Qualified Trust Service Providers, other Service Providers integrated into our Services, business partners, subcontractors, payment service providers, credit rating agencies). We will treat this information as

Personal Data in accordance with these Privacy Policy. We are acting as a Data Controller for this information.

Sharing Information

We only share your personal information with third parties if one of the following applies:

  • If we have your consent
  • In case your Account is managed for you by an Account Administrator, this Account Administrator will have full access to your Account. The Account Administrator is able to access all your uploaded data (Customer Data), suspend or terminate your Account access and obtain your usage information.
  • We may provide the Personal Data to our trusted business partners to process it for us, based on our instructions and in compliance with these Privacy Policy.
  • We may disclose the Personal Data when we have a good belief that this action is necessary to comply with the governing law and/or to comply with our Terms and Conditions.
  • We may share and/or transfer your Personal Data if we become involved in any merger, acquisition, reorganization, sale of assets, bankruptcy.


Services are provided through 256-bit encryption TLS connections. All data is stored in data centers in compliance with ISO 27001 standard. All encrypted values are encrypted using OpenSSL and the AES-256-CBC cipher.

If users are using service only for identifying themselves or signing documents then their personal data (for example name and identity code) can be stored in a database in encrypted form. Personal data might also be written to application log files in encrypted form. User data might be stored in application log files for audit trail and debugging purposes.

If a user has connected their Facebook or Google account for convenience purposes then their data will be stored until these methods connection event is expired or these methods are detached from the user info. This is needed for providing the service and identify themselves in an easier way without strong identification methods.

Depending on the Customer’s preference, they may opt to store signed containers on our servers. Containers are only stored in encrypted form.

Data Retention Period

Once you delete your User Account from the Services, your Customer Data is deleted within 30 days. Your account information and billing information is retained for a period of 7 years in accordance with the Estonian accounting and taxation laws.

Application log files are deleted after 90 days.

Data Processor

You’re acting as a Data Controller for your uploaded data (Customer Data) that contains Personal Data. We are not responsible for any Personal Data stored at your discretion- we are not responsible for how you collect, handle, disclose, distribute or otherwise process such data.

The terms for such data processing are defined in the Data Processing Agreement.

Cookies and Analytics

We use Google Analytics to analyse the use of our website, and our offered services. For more information about Google Analytics, see Google’s Privacy Policy.

Cookies are a small piece of information saved in your browser storage, used to improve the customer experience in pages and help third-party services to work properly. We use cookies in all our Services. We only store anonymous identifiers and other preferences.

Essential cookies for provision of Services. These cookies ensure that information and services are delivered securely and optimally.

Functionality cookies for helping personalize your experience. For example these cookies remember choices, language, preferred options etc.

Performance cookies to monitor your behaviour and help us improve our information and services. URLNamePurposeExpirationType
id.eideasy.comlaravel_sessionEnsures the visitor sees (only) info that is related to their person, and not anyone else’s.After current browsing session is closed.Essential cookies
id.eideasy.comXSRF-TOKENPrevents user from being vulnerable to CSRF attacks.2 hoursEssential cookies, id.eideasy.com_gaAllows us to collect information about visits to the websites. Used by Google Analytics.2 yearsPerformance cookies, id.eideasy.com_gid, _gatSame as previous.1 dayPerformance cookies, id.eideasy.comcollect, r/collectSame as previous.After current browsing session is closed.Performance cookies, id.eideasy.comTawkWindowName, ss, TawkConnectionTimeNecessary for the functionality of the website’s chat-box function.After current browsing session is closed.Functionality cookies, id.eideasy.comtawkUUID, __tawkuuidSame as previous.179 daysFunctionality cookies, id.eideasy.comtwk_*Same as previous.1 yearFunctionality cookies
GDPR Badge BVCER ISO 27001 eIDAS eID Easy Google for Startups