Privacy
Policy

This privacy policy explains how NG OÜ (registration code 12954414, address Kentmanni tn 11b-7, 10116 Tallinn, Estonia; hereinafter Service Provider orwe) processes the personal data of users of the Sassu.io service (hereinafter Service).

This policy is based on the European Union General Data Protection Regulation (GDPR) and the Personal Data Protection Act of the Republic of Estonia.

The data controller is NG OÜ. For any questions regarding personal data processing, contact us at the application form.

We process the following categories of personal data:

• Application data — first name, last name, email, phone (optional), role, company name and registration code, location, employee count, needs.
• Account data — login email, password (encrypted), associated company information.
• Service usage data — created invoices, customers, services, notes, login timestamps, IP address.
• Technical data — browser type, device type, cookies (see section 8).

We process personal data for the following purposes:

• Processing applications — legal basis is consent and our legitimate interest in evaluating applications.
• Service delivery — legal basis is contract performance and statutory obligations (accounting).
• Customer support — legal basis is contract performance and our legitimate interest in improving the service.
• Legal compliance — accounting, taxation, dispute resolution.

• Applications — retained up to 12 months from submission, then deleted.
• Active account data — retained for the entire contract duration.
• Accounting records — retained for 7 years per Estonian Accounting Act.
• Technical logs — retained up to 12 months.

We do not sell or share your personal data with third parties. We only share data with the following categories:

• Hosting provider — Vercel Inc. (USA, EU-US Data Privacy Framework).
• Database provider — Supabase Inc. (USA, EU-US Data Privacy Framework, data stored in EU region).
• Email service — based on your selected SMTP/Resend configuration.
• Government authorities — when required by law (e.g., tax authority, court).

We implement appropriate technical and organizational measures to protect your personal data:

• Data transmission is encrypted (HTTPS/TLS).
• Passwords are encrypted with bcrypt.
• Database access is restricted and logged.
• The system is protected with row-level security policies (PostgreSQL RLS).

Sassu.io uses the following cookies:

• Essential — login session, preferences. Necessary for service operation.
• Functional — language preference, last selected company.

We do not use tracking cookies, advertising cookies, or third-party analytics.

Under GDPR, you have the following rights:

• Right to information about the processing of your data.
• Right of access to your data.
• Right to rectification of inaccurate data.
• Right to erasure ("right to be forgotten"), except where we have a legal obligation to retain data.
• Right to restrict processing.
• Right to data portability.
• Right to object to processing.
• Right to withdraw consent at any time.

To exercise your rights, contact us at the application form. We respond within 30 days.

If you believe that the processing of your personal data violates applicable law, you have the right to file a complaint with the supervisory authority. In Estonia, that is the Estonian Data Protection Inspectorate — information and contacts are available at aki.ee.

We reserve the right to modify this privacy policy from time to time. We will notify users of significant changes via email or within the Sassu.io interface.

For privacy-related questions, contact us:

NG OÜ
Kentmanni tn 11b-7, 10116 Tallinn, Estonia

All contact goes through the application form. Mark "Privacy" in your message and we'll respond as soon as possible.