Privacy Policy

Last Updated: November 01, 2025

This Privacy Policy (hereinafter referred to as the “Policy”) describes how Phage Technologies OÜ (hereinafter referred to as “Phage,” “We,” or the “Company”) collects, stores, uses, protects, and processes personal and technical data of users of the Phage.energy platform (hereinafter referred to as the “Platform” or the “Service”).

By using our website or any Phage.energy services, the user (hereinafter referred to as the “User” or “You”) confirms that they have read, understood, and agreed to this Policy.

1. General provisions

1.1. This Privacy Policy defines the procedure for collecting, processing, storing, using, and protecting the personal and technical data of users of the Phage.energy platform owned by Phage Technologies OÜ (Republic of Estonia).

1.2. The purpose of this Policy is to ensure transparency during the processing of personal data, comply with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), and guarantee the security and rights of individuals whose data are collected and processed while using the Service.

1.3. This Policy applies to all activities related to the processing of personal data carried out by Phage Technologies OÜ through its website, cloud platform, API, integrations, or while providing services to users, partners, and clients.

1.4. This Policy forms an integral part of the Terms of Use and applies to all users of the Platform regardless of their location, jurisdiction, or account type.

1.5. By using the Phage.energy Platform, you acknowledge that you have read and understood this Policy and agree that Phage Technologies OÜ may collect, store, and process your personal data under the terms outlined herein.

1.6. If you do not agree with the provisions of this Policy, you must stop using the Platform and delete your account. Continued use of the Service constitutes your full acceptance of this Policy.

1.7. Phage Technologies OÜ reserves the right to update or amend this Policy due to technical changes, legal updates, or Platform development. Users will be notified of such changes by publishing the updated version on the official website.

1.8. All terms used in this Policy shall be interpreted in accordance with the GDPR and applicable laws of the Republic of Estonia unless otherwise specified.

1.9. This Policy becomes effective upon its publication on the website https://phage.energy and remains valid until amended or revoked by Phage Technologies OÜ.

2. Definitions

2.1. “Personal Data” means any information that directly or indirectly identifies an individual (e.g., name, email address, IP address, phone number, payment details).

2.2. “Data Processing” means any operation or set of operations performed on personal data (collection, storage, use, transmission, deletion, etc.).

2.3. “Data Controller” means Phage Technologies OÜ, which determines the purposes and means of processing personal data.

2.4. “Data Processor” means third parties that process data on behalf of Phage Technologies OÜ (e.g., cloud service providers, payment systems).

3. Data we collect

3.1. Phage Technologies OÜ collects only the data necessary to provide high-quality services, ensure user security, and improve the functionality of the Phage.energy platform.

3.2. We may collect the following categories of data:

a) Data provided by the user voluntarily:

• first name, last name, email address, phone number, or other contact details;
  
• data submitted during account registration or subscription;
  
• payment information required for tariff payments or contract execution;
  
• messages, comments, or requests sent via support service, feedback form, or other communication channels;
  
• information contained in contracts, invoices, legal or financial documents related to the use of the Service.
  

b) Technical data collected automatically:

• IP address, browser type and version, operating system, device model;
  
• data about login time, session duration, and navigation on the website;
  
• cookies, tokens, web beacons, and other technological identifiers;
  
• system logs, error information, and technical activity records.
  

c) Analytical and operational data:

• performance metrics and usage statistics of platform features and modules;
  
• anonymized data about user behavior;
  
• aggregated results of machine learning (ML/AI) algorithms in a depersonalized format;
  
• information about interaction efficiency with the platform that helps improve the Service.
  

3.3. We do not collect or process special categories of personal data (such as political opinions, religion, health, or biometric data), unless such data are necessary and voluntarily provided by the user.

3.4. All information collected through Phage.energy is processed in accordance with the principles of lawfulness, proportionality, and data minimization — we do not collect more data than is needed to achieve specific purposes.

3.5. Phage Technologies OÜ may anonymize or aggregate certain user data for internal analytics, statistical research, and algorithm improvement, ensuring that such data do not allow the identification of any individual.

3.6. Data of minors (under 18 years old) are processed only with the consent of their legal representatives, if such information is provided within a contractual or partnership relationship.

3.7. If a user provides data of third parties (for example, contact information of employees, partners, or clients), the user guarantees that they have the proper authorization and have obtained the necessary consent of such persons for the processing of their personal data.

4. Purpose of Data Processing

4.1. Phage Technologies OÜ processes users’ personal data solely for specific, lawful, and legitimate purposes related to the provision, maintenance, and development of the Phage.energy platform.

4.2. The main purposes of personal data processing are:

• registration of user accounts and provision of access to Phage.energy services;
  
• delivery of services, management of subscriptions, tariffs, and platform modules;
  
• fulfillment of contractual obligations between the user and Phage Technologies OÜ;
  
• processing of payments, issuing invoices, maintaining financial records and accounting;
  
• providing technical support, responding to inquiries, and resolving technical incidents;
  
• improving platform performance, analyzing feature efficiency, developing new products and modules;
  
• ensuring information security, preventing fraud, unauthorized access, and misuse;
  
• compliance with legal requirements, including tax, financial, and regulatory obligations;
  
• conducting analytics, statistical assessments, service quality evaluations, and enhancing user experience;
  
• informing users about changes to terms of use, policy updates, new features, or service notifications.
  

4.3. In some cases, Phage Technologies OÜ may process user data for marketing or informational purposes, including sending messages about new products, updates, or events related to the platform. Such messages are sent only with the prior consent of the user, which may be withdrawn at any time.

4.4. Personal data may also be used for testing, auditing, internal quality control, as well as for training artificial intelligence and machine learning systems, provided that such data have been previously anonymized or depersonalized.

4.5. Data processing is not carried out for purposes incompatible with the original ones without the user’s separate consent. Any changes or extensions of the purposes of processing are communicated to users by updating this Policy.

4.6. Phage Technologies OÜ follows the principle of data minimization: only those personal data necessary for a specific purpose are processed, with limited access and defined retention periods.

4.7. If data are processed to pursue the company’s legitimate interests (for example, to improve security or analyze service efficiency), such actions must not infringe upon the fundamental rights and freedoms of users.

4.8. A user may obtain detailed information about specific purposes of processing their data by submitting a request to Phage Technologies OÜ at legal@aggregator.energy.

5. Legal Grounds for Processing

5.1. Phage Technologies OÜ processes users’ personal data in compliance with the requirements of the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), the legislation of the Republic of Estonia, and other legal acts governing information and privacy protection.

5.2. Personal data are processed only on the basis of one or more of the following lawful grounds:

a) User consent.
Processing takes place after the user has given voluntary, specific, and informed consent. This applies, for example, to subscriptions to newsletters, analytical or marketing communications, or the processing of non-essential data not directly related to the core services.

b) Contract performance.
Processing is necessary for the performance of contractual obligations between the user and Phage Technologies OÜ, including granting access to the platform, issuing invoices, managing accounts, or providing technical support.

c) Compliance with legal obligations.
Phage Technologies OÜ may process personal data to comply with statutory requirements, including accounting, taxation, anti-money-laundering laws, or when providing information to public authorities as required by law.

d) Legitimate interests of the company.
Processing may be carried out to ensure the proper functioning of services, improve performance, prevent fraud, and protect the rights, property, and safety of Phage Technologies OÜ, its users, and third parties.

e) Protection of vital interests.
In exceptional cases, when processing is necessary to protect the life or health of the user or another person, Phage Technologies OÜ may temporarily use personal data within the limits allowed by law.

f) Public interest task.
Processing may also be carried out in cases directly provided by law or regulations, for example, for reporting to state or European bodies within the framework of energy or technology initiatives.

5.3. Phage Technologies OÜ adheres to the principle of necessity: each data processing operation is carried out only to the extent required to achieve a specific lawful purpose.

5.4. If the processing is based on user consent, the user has the right to withdraw it at any time by sending a request to legal@aggregator.energy. Withdrawal of consent does not affect the legality of processing conducted prior to its withdrawal.

5.5. In the event of changes to the legal grounds for processing, Phage Technologies OÜ shall inform users by updating this Policy or through official communication channels.

5.6. The user has the right to request additional information about the legal grounds under which their personal data are processed and to receive a response within a reasonable period of time.

6. Data Transfer and Storage

6.1. Phage Technologies OÜ may transfer users’ personal data only when necessary to provide services, fulfill contractual obligations, or comply with legal requirements. All transfers are carried out in accordance with the principles of lawfulness, security, and data minimization.

6.2. Data may be transferred to the following categories of recipients:

• providers of cloud and technical services (servers, data centers, hosting, infrastructure);
  
• partners providing auxiliary services such as technical support, maintenance, analytics, and monitoring;
  
• payment systems and banks for processing financial transactions;
  
• legal, auditing, and consulting companies, if necessary for compliance with statutory obligations;
  
• public authorities or regulators, if the transfer is mandatory by law or based on an official, properly formatted request.
  

6.3. All third parties receiving data are required to comply with confidentiality and data protection obligations as set out in agreements with Phage Technologies OÜ and in accordance with GDPR security standards.

6.4. Phage Technologies OÜ does not transfer, sell, or disclose personal data to third parties for commercial purposes without the user’s explicit consent.

6.5. Personal data may be stored:

• on servers located within the European Union;
  
• when using cloud services that comply with EU data protection standards and ensure an adequate level of protection (for example, Amazon Web Services, Google Cloud, Microsoft Azure).
  

6.6. If data are transferred to a country outside the European Union, such transfer is carried out only if that country ensures an adequate level of protection according to a decision of the European Commission or through the use of Standard Contractual Clauses.

6.7. The retention period for personal data is determined according to the purposes of processing, the type of information, and legal requirements. In particular:

• account data are stored for the entire duration of Service use;
  
• payment and financial data are stored for up to seven years in accordance with accounting regulations;
  
• technical logs, analytical data, and system files are retained for the time necessary to ensure security and system monitoring.
  

6.8. After the retention period expires, personal data are deleted or anonymized to prevent identification of the user.

6.9. Phage Technologies OÜ applies technical and organizational measures to ensure data protection during transfer, including encryption, access control, audit of operations, and continuous security monitoring.

6.10. In the event of a data breach, unauthorized access, or security incident, Phage Technologies OÜ shall notify the relevant data protection authorities and affected users within a reasonable timeframe, but no later than 72 hours after discovery of the incident.

6.11. The user has the right to request information from Phage Technologies OÜ regarding the location of data storage, retention period, recipients, or conditions of transfer to third parties.

7. Information Security

7.1. Phage Technologies OÜ ensures a high level of protection of users’ personal, technical, and analytical data within the Phage.energy platform, adhering to international information security standards and GDPR requirements.

7.2. To protect information from unauthorized access, loss, damage, alteration, or unlawful disclosure, the company implements a set of organizational, technical, and procedural measures.

7.3. The main security measures include:

• data encryption during transmission and storage (SSL/TLS, AES-256);
  
• a multi-level authentication and access control system, including two-factor authentication (2FA);
  
• isolated storage of databases and access keys;
  
• regular data backups with recovery capability in case of incidents;
  
• monitoring and auditing of all activities related to access to user data;
  
• periodic updates of security systems, software, and infrastructure;
  
• protection of servers against DDoS attacks, viruses, and other cyber threats.
  

7.4. Access to users’ personal data is granted only to authorized employees of Phage Technologies OÜ who perform their duties within the limits of granted authority and are bound by confidentiality obligations.

7.5. All employees with data access undergo cybersecurity training and sign non-disclosure agreements.

7.6. When contractors or partners are engaged in data processing, Phage Technologies OÜ enters into agreements requiring them to ensure an appropriate level of information protection in compliance with GDPR standards.

7.7. The company periodically conducts internal audits and security assessments to identify potential risks, as well as penetration testing to strengthen infrastructure resilience against external attacks.

7.8. Phage Technologies OÜ uses intrusion detection and prevention systems (IDS/IPS) and anomaly detection mechanisms to prevent unauthorized access or data manipulation.

7.9. In the event of a data breach or security incident, Phage Technologies OÜ immediately takes measures to eliminate the consequences, localize the problem, and minimize potential harm. The company also notifies the competent data protection authorities and affected users within the legally prescribed timeframe.

7.10. Phage Technologies OÜ is not responsible for loss or disclosure of information resulting from unlawful actions by the user, including violations of security rules such as sharing passwords with third parties, using insecure devices, or connecting through open networks.

7.11. The user also agrees to take reasonable measures to protect their account credentials, including:

• using strong passwords;
  
• not sharing account information with others;
  
• regularly updating software on their devices;
  
• promptly notifying Phage Technologies OÜ of any suspected unauthorized access.
  

7.12. Phage Technologies OÜ continuously improves its cybersecurity systems, implements modern technologies and security methods, and ensures stable and secure operation of Phage.energy for all users.

8. User Rights

8.1. Every user of the Phage.energy platform has guaranteed rights regarding their personal data in accordance with the General Data Protection Regulation (GDPR) and the applicable legislation of the Republic of Estonia.

8.2. Phage Technologies OÜ ensures the implementation of these rights within a reasonable timeframe, usually no later than 30 calendar days from the date of receiving the user’s request.

8.3. The user has the following main rights:

a) Right of access.
The user has the right to obtain confirmation of whether their personal data are being processed, as well as access to a copy of such data and information about the purpose, scope, methods of processing, and categories of recipients.

b) Right to rectification.
The user may request correction of inaccurate or outdated data and completion of incomplete personal data.

c) Right to erasure (“right to be forgotten”).
The user has the right to request deletion of their personal data in cases where:

• the data are no longer necessary for the purposes for which they were collected;
  
• the user withdraws their consent to processing;
  
• the processing is unlawful;
  
• there is a legal obligation to delete the data.
  

d) Right to restriction of processing.
The user may request temporary or complete restriction of processing if they contest the accuracy of the data or the lawfulness of processing.

e) Right to data portability.
The user has the right to receive their personal data in a structured, machine-readable format and to transmit those data to another data controller, where technically feasible.

f) Right to object.
The user may object to the processing of their data based on the company’s legitimate interests or for marketing purposes. In such a case, Phage Technologies OÜ shall cease processing unless there are compelling legitimate grounds for continuation.

g) Right to withdraw consent.
If processing is based on the user’s consent, the user may withdraw that consent at any time without affecting the lawfulness of prior processing.

h) Right to lodge a complaint.
The user has the right to lodge a complaint with the supervisory authority if they believe that the processing of their personal data violates legal requirements.

The supervisory authority responsible for data protection for Phage Technologies OÜ is the Data Protection Inspectorate (Andmekaitse Inspektsioon, Estonia).

8.4. To exercise their rights, the user may contact Phage Technologies OÜ in writing by sending a request to legal@aggregator.energy.

8.5. Phage Technologies OÜ may request additional information to verify the user’s identity if necessary to ensure data security.

8.6. In certain cases, the company may refuse to fulfill a user’s request if doing so would contradict legal obligations, the rights of other persons, or the company’s legitimate interests (for example, maintaining accounting records or complying with legal proceedings).

8.7. All user requests regarding their rights are processed free of charge, unless otherwise provided by law or if the requests are manifestly unfounded or excessive.

8.8. Users have the right to be informed of the actions taken in response to their requests and of the possibility to appeal the company’s decisions before the competent authorities.

9. Cookies and Analytics

9.1. The Phage.energy platform uses cookies and similar technologies to ensure stable website operation, improve user experience, collect analytical data, and personalize content.

9.2. Cookies are small text files stored on the user’s device (computer, tablet, smartphone) when visiting the website. They allow the system to recognize the user, remember their preferences, and simplify interaction with the platform.

9.3. Phage Technologies OÜ may use the following types of cookies:

• technical cookies necessary for the correct operation of the website, login to the account, and navigation between pages;
  
• functional cookies that save user settings such as language, region, or display preferences;
  
• analytical cookies that help collect information about how users interact with the site, which pages they visit, and how long they stay on the platform;
  
• marketing cookies used to display relevant advertisements or track the effectiveness of marketing campaigns, subject to the user’s prior consent.
  

9.4. Data collected through cookies may include information about the IP address, device type, browser, language, operating system, visited pages, session duration, and other technical parameters. Such data are anonymized and not used for direct identification of the user.

9.5. We may use third-party analytical services (for example, Google Analytics, Matomo, or similar) to analyze traffic and user behavior. These services process information in accordance with their own privacy policies, which users can review on their official websites.

9.6. The user can manage cookie usage at any time by changing browser settings to allow, block, or delete cookies. However, disabling certain types of cookies may limit functionality or cause some elements of the platform to operate incorrectly.

9.7. When visiting the website for the first time, the user sees a notification (banner) providing brief information about the use of cookies and offering options to accept or adjust settings. Continued use of the site after the banner is displayed constitutes consent to the use of cookies in accordance with this Policy.

9.8. Analytical information obtained through cookies is used to:

• evaluate the performance and efficiency of the platform;
  
• optimize website structure and navigation;
  
• develop new features and improve usability;
  
• monitor the technical stability of the system.
  

9.9. Phage Technologies OÜ does not use cookies to collect personal data without the user’s consent and does not share such files with third parties without lawful grounds.

9.10. Detailed information about the types of cookies used on the Phage.energy platform is provided in the “Cookies Policy” section on the official website.

9.11. The user may withdraw their consent to the use of cookies at any time by adjusting banner settings or contacting the Phage Technologies OÜ support service.

10. Anonymized and Aggregated Data

10.1. Phage Technologies OÜ may collect, process, and use anonymized or aggregated data for analytical, statistical, and research purposes. Such data do not allow the direct or indirect identification of an individual.

10.2. Anonymization means the removal or modification of information that enables identification of the user (for example, name, email address, IP address, or other identifiers). Once anonymized, data are no longer considered personal and are not subject to the rules governing personal data processing.

10.3. Aggregated data are formed by combining statistical indicators of multiple users, allowing the analysis of general trends, usage patterns, and service efficiency without identifying individual persons.

10.4. Such data may be used for:

• analyzing the performance of the Phage.energy platform;
  
• improving algorithms and technological processes;
  
• conducting research in the fields of energy, ecology, technology, or related areas;
  
• creating generalized statistical reports for internal use or publication.
  

10.5. Phage Technologies OÜ may share anonymized and aggregated data with third parties (partners, investors, research organizations) only to the extent necessary to achieve the stated purposes and without enabling user identification.

10.6. All anonymized or aggregated data are processed in accordance with the principles of transparency, security, and integrity established by applicable law and internal standards of Phage Technologies OÜ.

10.7. If any anonymized data could potentially be re-identified (for example, through combination with other datasets), the company takes additional technical measures to prevent this.

10.8. Anonymized and aggregated data may be stored indefinitely, as they do not contain personal information and are used exclusively for analytical or research purposes.

11. Changes to the Privacy Policy

11.1. Phage Technologies OÜ reserves the right to modify or update this Policy at any time.

11.2. The new version of the Policy takes effect upon its publication on the Phage.energy website. Continued use of the Platform after the updated version is published constitutes the user’s consent to the new edition.

Contact Information

Phage Technologies OÜ

Registered address:

Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152, Estonia

Email: legal@aggregator.energy

Website: https://phage.energy

Data Protection Officer (DPO): Dmytro Vorobey