Privacy Policy

1. Who we are

Pronomy OÜ (“Pronomy,” “we,” “us”) is an Estonian company (registry code 17309629) located at Ahtri tn 12, Tallinn 15551, Estonia. We provide AI-powered customer support automation for B2C companies.

This Privacy Policy explains how we collect, use, store, and protect information when you visit our website (pronomy.io), use our platform, or interact with us in any way.

2. Data we collect

2.1 Website visitors

When you visit our website, we may collect:

• Usage data — pages visited, time on site, referral source, browser type, device type, and approximate location (country/city level) via analytics tools.
• Cookies — we use minimal, analytics-only cookies. See Section 8 for details.
• Contact information — if you fill out a form or email us, we collect the information you provide (name, email, company, message).

2.2 Client data (B2B platform usage)

When a business (“Client”) uses Pronomy to automate their customer support, we process the following data on their behalf:

• Support ticket data — ticket content, customer messages, agent replies, metadata (timestamps, ticket IDs, tags, priority).
• Customer interaction data — information contained in support conversations between the Client’s customers and their helpdesk, which may include names, email addresses, order details, and other information customers share in support requests.
• Integration data — data exchanged through connected services such as Zendesk, Intercom, Freshdesk, Stripe, and other business tools the Client chooses to connect.
• Account information — the Client’s business name, contact details, billing information, and authorized user accounts.

3. How we use data

3.1 Website visitor data

We use visitor data to understand how people find and use our website, improve our content and user experience, respond to inquiries, and communicate about our services when requested.

3.2 Client data processing

We process Client data solely to provide our service — specifically to:

• Analyze incoming support tickets using large language models (LLMs) to understand intent, sentiment, and context.
• Generate and deliver responses to customer support tickets on the Client’s behalf.
• Execute actions in connected tools (e.g., issuing refunds via Stripe, updating ticket status in Zendesk) as configured by the Client.
• Provide reporting and quality assurance metrics to the Client.
• Improve and maintain the reliability of our service.

4. Our role as a data processor

When processing support ticket data and customer interactions on behalf of our Clients, Pronomy acts as a data processor under GDPR. Our Clients are the data controllers — they determine what data is shared with us and for what purposes.

We process Client data only according to their instructions and our service agreement. We do not sell Client data, use it for advertising, or share it with third parties beyond what is necessary to provide the service.

Each Client relationship is governed by a Data Processing Agreement (DPA) that specifies the scope, purpose, and safeguards for data processing.

5. Third-party services

We use the following categories of third-party services to operate Pronomy:

• LLM providers — we use multiple large language model providers to analyze and generate support responses. Ticket data is sent to these providers for processing. We select providers that offer enterprise-grade data handling commitments and do not use customer data for model training.
• Helpdesk integrations — Zendesk, Intercom, Freshdesk, and other platforms as connected by Clients.
• Payment processors — Stripe and other processors for billing and payment handling.
• Analytics — website analytics tools to understand visitor behavior (anonymized/aggregated where possible).
• Infrastructure providers — cloud hosting and storage services located in the EU/EEA where feasible.

6. Data retention and deletion

We retain data according to the following principles:

• Support ticket data — processed ticket data is stored temporarily for quality assurance and service reliability purposes. We do not retain ticket data longer than necessary to provide the service.
• Account data — Client account information is retained for the duration of the business relationship and for a reasonable period afterward as required for legal and accounting purposes.
• Website analytics — aggregated analytics data is retained for up to 26 months.
• Contact form submissions — retained until the inquiry is resolved, or up to 12 months, whichever comes first.

Upon termination of a Client relationship, we delete or anonymize all Client data within 30 days, unless a longer retention period is required by law or explicitly requested by the Client.

7. Your rights under GDPR

As an Estonian/EU entity, Pronomy complies with the General Data Protection Regulation (GDPR). Depending on your relationship with us, you have the following rights:

If you are a website visitor or contact

You have the right to access, correct, delete, or port your personal data. You can also object to or restrict certain processing. To exercise these rights, contact us at oleksii@pronomy.io.

If you are a customer of one of our Clients

Because Pronomy acts as a data processor, requests related to your support ticket data should be directed to the company you contacted for support (the data controller). We will assist our Clients in fulfilling such requests as required by GDPR.

We respond to all data subject requests within 30 days. If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or another relevant supervisory authority.

8. Cookies

We use minimal cookies on our website, limited to:

• Essential cookies — required for basic site functionality (e.g., theme preference). These do not require consent.
• Analytics cookies — used to understand how visitors use our website. These are loaded only with your consent where required by law.

We do not use advertising cookies, tracking pixels, or third-party marketing cookies. You can manage cookie preferences through your browser settings at any time.

9. Data security

We implement appropriate technical and organizational measures to protect data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security reviews, and incident response procedures.

10. International data transfers

Pronomy is based in the EU (Estonia). When data is transferred outside the EEA — for example, to LLM providers — we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

11. Children’s privacy

Pronomy is a B2B service and is not directed at children. We do not knowingly collect personal data from individuals under 16. If we learn that we have collected data from a child, we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via our website or by email to active Clients. The “Last updated” date at the top of this page reflects the most recent revision.

13. Contact us

For any questions about this Privacy Policy, data protection practices, or to exercise your rights, please contact:

Pronomy OÜ
Ahtri tn 12, Tallinn 15551, Estonia
Email: oleksii@pronomy.io