Legal

Privacy policy

Effective date

July 9, 2026

1. Who we are

This Privacy Policy explains how Notakey Latvia, SIA, unified registration number 40103993632, registered address Ganu iela 3 – 12, Riga, LV-1010, Latvia (“Notakey”, “we”, “us”), collects and uses personal data when you visit notakey.com, contact us, request a demo, subscribe to the Service, or apply for a job with us. For how we handle data inside the Notakey mobile application, see our App Privacy Policy. For how we process end-user authentication data on behalf of our customers, see section 6 below and our Data Processing Agreement.

For the purposes of this Policy, and unless stated otherwise, Notakey is the data controller of the personal data described here.

2. What we collect and why

  • Contact and inquiry data (name, email, company, phone, message) — when you request a demo, contact us, or download a resource. Legal basis: steps taken at your request prior to entering a contract, or your consent.
  • Account and subscription data (billing contact, company details, usage tier) — to provision and administer the Service. Legal basis: performance of a contract.
  • Payment data — processed directly by our payment processor, Stripe; Notakey does not store full card details. Legal basis: performance of a contract.
  • Marketing communications data (email, engagement with newsletters) — only where you have opted in. Legal basis: consent, withdrawable at any time.
  • Job application data (CV, cover letter, contact details) — when you apply for a role. Legal basis: steps taken at your request prior to entering a contract, or legitimate interest in recruitment.
  • Website usage data (pages visited, approximate location, device/browser type) — collected in aggregate via privacy-preserving analytics; see section 4. Legal basis: legitimate interest in understanding and improving the site.

We keep personal data only for as long as needed for the purpose it was collected, or as required by law (for example, accounting records are kept for the period required under Latvian accounting and tax legislation).

3. How we use combined information

We may combine information collected directly from you with information from other sources (for example, publicly available company information) to improve its accuracy and to better tailor our communications with you.

4. Cookies and analytics

notakey.com does not set cookies and does not use advertising or cross-site tracking technologies. If we use website analytics, we use a cookie-less, privacy-preserving analytics service that does not collect personal data or full IP addresses — it reports aggregate, anonymous statistics such as page views and referrers only. Because no personal data is processed and nothing is stored on your device, no cookie-consent banner is required. If we ever introduce a cookie that is not strictly necessary for the site to function, we will update this section and request your consent first.

5. Who we share data with

We do not sell personal data. We share personal data only with service providers who process it on our behalf under contract, including:

  • Stripe, Inc. — payment processing.
  • Freshdesk (Freshworks Inc.) — customer support ticketing.
  • Amazon Web Services (AWS) — hosting of notakey.com.
  • Oracle Cloud Infrastructure — hosting of notakey.cloud.
  • Sentry (Functional Software, Inc.) — application error and crash diagnostics.

We may also disclose personal data where required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets.

6. Data we process on behalf of our customers

When an organization deploys Notakey to authenticate or authorize its own users (employees, customers, members), Notakey processes that data as a processor, acting only on that organization’s instructions, under the terms of our Terms of Service and Data Processing Agreement. If you are an end user of a Notakey-enabled service and have a question about your data, please contact that organization directly — they control how their authentication data is used.

7. International data transfers

Notakey is based in Latvia, in the European Union. notakey.com is hosted on Amazon Web Services and notakey.cloud on Oracle Cloud Infrastructure. Where a service provider processes personal data outside the European Economic Area, we rely on appropriate safeguards under the GDPR, such as the European Commission’s Standard Contractual Clauses or an adequacy decision (including the EU–US Data Privacy Framework, where the recipient is certified).

8. Security

We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your rights

If the GDPR applies to you, you have the right to: access the personal data we hold about you; correct inaccurate data; request erasure; restrict or object to processing; request portability of data you provided to us; and withdraw consent at any time where processing is based on consent, without affecting processing carried out before withdrawal. To exercise any of these rights, contact us at info@notakey.com. You also have the right to lodge a complaint with your local data protection authority; in Latvia, this is the Data State Inspectorate (Datu valsts inspekcija).

10. Children’s privacy

Our website and Services are directed at businesses and are not intended for individuals under 16. We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. For material changes, we will post the updated policy here and update the effective date above; where required by law, we will notify you directly.

Contact us

Questions about this Privacy Policy or your personal data can be sent to info@notakey.com.