Privacy Policy
Last updated: March 3, 2026
1. Introduction
Mstrly Labs OÜ (registry code: 17448851) ("Company," "we," "us," or "our") operates the website themasterly.com (the "Website"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Website.
This Privacy Policy complies with the General Data Protection Regulation (GDPR) and Estonian data protection laws.
By using the Website, you consent to the data practices described in this policy.
2. Data Controller
For the purposes of GDPR and Estonian data protection law, the data controller is:
Mstrly Labs OÜ
Registry Code: 17448851
Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152
Estonia
Email: ops@themasterly.com
3. Information We Collect
3.1 Personal Information You Provide
We collect personal information that you voluntarily provide to us when you:
- Fill out a contact form or inquiry form
- Subscribe to our newsletter or email updates
- Request information about our services
- Communicate with us via email or other channels
This information may include:
- Name
- Email address
- Company name
- Phone number (if provided)
- Project details and requirements
- Any other information you choose to provide
3.2 Automatically Collected Information
When you visit our Website, we automatically collect certain information about your device and usage, including:
- IP address
- Browser type and version
- Operating system
- Referring URLs
- Pages viewed and time spent on pages
- Device identifiers
- Geographic location (country/city level)
This information is collected through:
Google Analytics 4 (GA4)
We use GA4 to understand how visitors interact with our Website. GA4 collects data about your browsing behavior, including pages visited, session duration, and traffic sources. This data is aggregated and anonymized. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Cookies and Similar Technologies
We use cookies and similar tracking technologies to collect and store information. See Section 9 for more details.
4. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds under GDPR:
- Consent (Article 6(1)(a)): When you provide explicit consent for newsletter subscriptions, marketing communications, or cookies
- Contract (Article 6(1)(b)): When processing is necessary to provide services you've requested or to take pre-contractual steps
- Legitimate Interests (Article 6(1)(f)): For website analytics, security, fraud prevention, and business operations, where our interests do not override your rights
- Legal Obligation (Article 6(1)(c)): When required by Estonian or EU law
5. How We Use Your Information
We use the information we collect to:
- Respond to your inquiries and provide information about our services
- Process and manage service engagements
- Send you newsletters, marketing communications, and updates (with your consent)
- Analyze Website usage and improve our services
- Detect, prevent, and address technical issues or security threats
- Comply with legal obligations under Estonian and EU law
6. How We Share Your Information
We do not sell, trade, or rent your personal information to third parties.
We may share your information with:
6.1 Service Providers
HubSpot
We use HubSpot (HubSpot, Inc., United States) as our CRM and email marketing platform. When you submit a form or subscribe to our newsletter, your information is stored in HubSpot. Data transfers to the US are safeguarded through HubSpot's Standard Contractual Clauses (SCCs) approved by the European Commission. HubSpot processes this data on our behalf and is contractually obligated to protect your information. HubSpot Privacy Policy
Google Analytics
We use Google Analytics 4 (Google LLC, United States) to analyze website usage. Data is anonymized and aggregated. Google has implemented appropriate safeguards for international data transfers. Google Privacy Policy
6.2 Legal Requirements
We may disclose your information if required to do so by Estonian law, EU law, or in response to valid requests by public authorities (e.g., court orders, law enforcement agencies).
6.3 Business Transfers
If Mstrly Labs OÜ is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers (HubSpot, Google) operate.
We ensure appropriate safeguards are in place for such transfers, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission (where applicable)
- Additional security measures to protect your data
8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
- Contact form inquiries: Retained for up to 2 years or until you request deletion
- Newsletter subscribers: Retained until you unsubscribe
- Analytics data: Retained according to GA4 default settings (typically 14 months)
- Contractual data: Retained for 7 years as required by Estonian accounting law
9. Your Data Protection Rights
Under GDPR and Estonian data protection law, you have the following rights:
9.1 Right to Access (Article 15)
Request a copy of your personal information we hold.
9.2 Right to Rectification (Article 16)
Request correction of inaccurate or incomplete information.
9.3 Right to Erasure / "Right to be Forgotten" (Article 17)
Request deletion of your personal information when it is no longer necessary or when you withdraw consent.
9.4 Right to Restrict Processing (Article 18)
Request limitation on how we use your data in certain circumstances.
9.5 Right to Data Portability (Article 20)
Request transfer of your data to another service in a structured, machine-readable format.
9.6 Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing purposes.
9.7 Right to Withdraw Consent (Article 7(3))
Withdraw consent for marketing communications or cookies at any time.
9.8 Right to Lodge a Complaint
You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at www.aki.ee or with your local supervisory authority.
9.9 How to Exercise Your Rights
To exercise any of these rights, please contact us at ops@themasterly.com. We will respond to your request within 30 days as required by GDPR.
For requests requiring identity verification, we may ask for additional information to protect your data.
10. Cookies and Tracking Technologies
10.1 What Are Cookies
Cookies are small text files placed on your device to collect standard internet log information and visitor behavior.
10.2 Types of Cookies We Use
Strictly Necessary Cookies
Required for the Website to function properly. These cannot be disabled.
Analytics Cookies (requires consent)
Help us understand how visitors use our Website (Google Analytics). You can accept or reject these cookies through our cookie banner.
10.3 Managing Cookies
You can control cookies through:
- Our cookie consent banner (appears on first visit)
- Your browser settings (note: disabling cookies may affect Website functionality)
- Google Analytics opt-out: Google Analytics Opt-out
Your cookie preferences are stored for 12 months.
11. Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:
- Encryption of data in transit (SSL/TLS)
- Access controls and authentication
- Regular security assessments
- Secure data storage with our service providers
However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
12. Children's Privacy
Our Website is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.
13. Third-Party Websites
Our Website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review the privacy policies of any third-party sites you visit.
14. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service providers. We will notify you of any material changes by:
- Posting the new policy on this page with an updated "Last Updated" date
- Sending an email notification to newsletter subscribers (for significant changes)
- Displaying a notice on our Website
We encourage you to review this Privacy Policy periodically.
16. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Mstrly Labs OÜ
Registry Code: 17448851
Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152
Estonia
Email: ops@themasterly.com
Data Protection Officer (if applicable):
For data protection inquiries: ops@themasterly.com
Supervisory Authority:
If you have concerns about how we handle your data, you may contact:
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Tatari 39, 10134 Tallinn, Estonia
Phone: +372 627 4135
Email: info@aki.ee
Website: www.aki.ee