Privacy Policy

Last updated: 2026-06-03.

This policy explains what we collect when you visit necralab.com, why, and what your rights are under the EU General Data Protection Regulation (GDPR).

It covers the website only. Each Necralab product — NecralabPMA, Email Archiver, Cloakednote, Elding, BriCalc — has its own separate privacy policy, presented with the product.

1. Who we are

This site is operated by Necralab OÜ, an Estonian private limited company.

  • Address: Lõõtsa tn 8a, 11415 Tallinn, Harju maakond, Estonia
  • Registry code: 17478639
  • Contact: info@necralab.com

For all privacy questions, write to info@necralab.com.

2. What this site collects — and what it doesn’t

No cookies. This site sets no cookies, first-party or third-party.

No analytics. No Google Analytics, no Plausible, no Mixpanel, no Facebook Pixel — no analytics scripts of any kind. We have no idea which pages you visit beyond what’s described below.

No third-party trackers. No social-media widgets that phone home, no Google Fonts, no embedded video players, no chat widgets.

No accounts, no forms. Nothing on this site collects information you submit, because there’s nothing to submit.

One piece of browser storage. If you toggle between light and dark mode, the choice is saved in your browser’s local storage under the key theme. It is not transmitted anywhere. Clear your browser data to reset it.

Server access logs. Our web server (nginx) writes a standard access log for each request, containing:

  • your IP address
  • the time of the request
  • the URL you requested
  • the HTTP status code returned
  • the size of the response
  • your browser’s User-Agent string
  • the referring URL (if your browser sent one)

These logs are kept for 14 days for security, debugging, and abuse-prevention purposes. After 14 days they are deleted by log rotation. They are never shared with anyone and are not used for marketing or analytics.

Legal basis (GDPR Art. 6(1)(f)): legitimate interest in keeping the website secure and operational. You can object to this processing (see Section 5).

3. Where the data lives

The site is hosted in Germany on infrastructure provided by Hetzner Online GmbH, within the EU. No data leaves the EU as part of operating this website. There are no international transfers.

4. Sharing with third parties

We do not share access-log data with anyone, with two narrow exceptions:

  • Law enforcement, if compelled by a valid Estonian or EU legal order.
  • Our hosting provider (Hetzner), which sees network traffic as a matter of operating the servers.

We do not sell, rent, or trade data. We have no advertising partners.

5. Your rights under GDPR

You have the right to:

  • Access — request a copy of any personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure (“right to be forgotten”) — ask us to delete data.
  • Restriction — ask us to stop processing data while a dispute is resolved.
  • Portability — receive your data in a machine-readable format.
  • Object — object to processing based on legitimate interest, including the access logging in Section 2.
  • Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, https://www.aki.ee/), or with the supervisory authority of your EU member state of residence.

To exercise any of these rights, email info@necralab.com. We will respond within 30 days, usually sooner.

6. Children

This site is not directed at children under 16, and we knowingly collect no information from them.

7. Security

The site is served over HTTPS only (TLS 1.2+). Server access is restricted to the company’s owner. Logs are stored on the same EU-hosted server and deleted on rotation.

8. Changes to this policy

If we change anything material, we update the “Last updated” date above and append a line to the Version history at the bottom of this page.

9. Contact

Write to info@necralab.com.

Version history

  • 2026-06-03 — Initial publication.