Privacy Policy.

Updated on October 11th, 2023

Effective date is August 17th, 2021

This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. Please, take time to read our Privacy policy carefully. We want to be clear how we’re using information and the ways in which you can protect your privacy.

This Privacy Policy applies to your Personal Data when you visit (the “Website”) and use our Services through this Website, and does not apply to online websites or services that we do not own or control. Separate agreements govern (i) delivery, type, access and use of our Services (the “Terms of Use” and the “Affiliate Terms of Use”) and (ii) processing of any information, files, Clients’ End user personal data or other content collected for the purpose of performing our automated optimization services (the Data Processing Addendum / “DPA”).

Who we are

The Company providing you services through this Website is NitroPack Ltd. (referred to hereinafter as the “Company”, “we”, “our”, “us”), a company duly organized and registered under the law of Bulgaria, having its seat and registered office at 3 Prof. Georgi Bradistilov, entr. A, 3rd floor, Sofia, Bulgaria.

It is important to note that the Company is acting both as a Data Controller and as a Data Processor as the case may be. We are a controller with respect to our visitors and/or Clients interacting with our Website ( and/or Affiliates who participate in our Affiliate Program. We are a processor with respect to the personal data received from our Clients’ websites and their end users when the Client has subscribed for the performance of our Services. In this regard, each Client shall be considered a data controller (regarding Client’s websites and their end users personal data) and shall be obliged to comply with GDPR requirements by updating their own Terms of Service and/or Privacy Policy. The settlement of the controller-processor relations between the Company and the Client is subject to the Data Processing Addendum, which constitutes an integral part of the Company’s Terms of Use.

We take your right to privacy seriously and work continuously to keep the data we process minimized and in your control. Nevertheless, to enable you to use our Services and to improve and secure them, we need to process some personal data. By using any of our services and/or registering an account you agree to have read and understood our Privacy Policy.

What data do we collect?

Personal data is data that describes and is linkable to someone as a person. We collect some personal data in order to provide our Services to all our visitors or Clients. We will only process personal data for legal reasons, if we are obliged to do so by legal authorities. We don’t sell or otherwise distribute your personal data. We may share it with our selected service providers only when it is vital for the provision of our Services as explicitly described below.

We may process the following personal data.

Personal identification information of registered users (Clients, and Affiliates)

These details are necessary for the identification of you as a Client and/or Affiliate, and the registration of a Client/Affiliate Account in our Website and the use of our Services.

As a Client, you provide us with your contact information - first and last name, email address used for registration, your phone number, IP address.

If you are an Affiliate, we require additional information:

  • PayPal E-mail address;
  • Bank account holder full name and address;
  • Bank account number and account type (e.g., checking or savings);
  • Bank routing number;
  • IBAN (if applicable).

The email address for payouts or bank details, if specified by the Affiliate, shall be used for payments of commissions due through the use of PayPal services, or by bank transfer.

Personal identification information of contacts

When we receive an inquiry by a person through one of our contact forms available on our Website, we will use the contact information (name and email address) and other information provided by him / her to contact and provide the assistance he/she needs.

Billing-related information

Current and past subscriptions to our Service, successful and failed payment transactions, billing address, billing postcode, transaction IP address, and other purchase-related meta-data - this information is necessary for the purchase of our subscription plans and settlement of the financial relationship between the parties. We receive this information from the service providers described in Section “Sub-processors and processing out of the EU” below. For more information about personal data protection policies please visit the websites of the respective service providers.


More information about this in the sections ‘What are cookies?’ and ‘How do we use cookies?’ below.

Non-personal data

Non-personally identifiable information - demographic information, visitor browser, referring site, visitor country, language preference, the date and time of access, operating system, and network information. This information is collected from any visits to our Website.

Telemetric data - we may collect anonymous metrics from your website pageviews, that measure different aspects of page performance. The metrics that we may collect are:

  • Largest Contentful Paint (LCP) - this is a time measure of when the largest element on the page becomes visible.
  • First Input Delay (FID) - this is the time between the first user interaction with the page, and the time the page reacts to the interaction.
  • Content Layout Shift (CLS) - this is a numeric measure of how much elements on the page move to a different position.
  • Cache Hit - this is a true/false value showing whether the page view was served from NitroPack cache or not.
  • Connection Type - this describes the effective connection speed at which the page was served.
  • Form Factor - this described the kind of device that was used for the pageview - desktop, tablet, or mobile.

End-user information

Our service provides CDN delivery of optimized versions of your website resources. In this sense, end-user IP addresses are logged in our service logs which are destroyed automatically after a set period of time (between 7 and 90 days). Additionally, to correctly track usage of our service, end-user browsers communicate directly with an endpoint we provide, at which point we may collect access log information which includes: the end-user IP address, the end-user browser version, the requested link on your site (only for public links that do not contain personal information). Other information we automatically receive from your site visitors is their country of origin, and some non-user-identity cookies (used language, used currency). We do not collect or process personal identifiable information of your site visitors, such as e-mails, telephones, names, or addresses. Any information we collect is the minimum that we require to keep our service operational.

By using our free subscription plan the Client agrees to provide a link on pages that are optimized by NitroPack, forwarding to our website and to settle the personal data relations with its end users with regard to such notification.

We shall not use any other personal data, entered or uploaded by you, except for categories of data, described above. We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

How do we collect your data?

As a result of your direct actions

We collect personal data about you in the following cases:

  • When you create a profile on our Website.
  • When you subscribe to use our free or paid Services.
  • When you communicate with us directly or by using 3rd party tools (such as support services or e-mail clients). You may also provide us with information when you communicate with our engineers and experts about a support question, or sign up for a newsletter. When you communicate with us via a contact form on our Website, email, website comment, or otherwise, we may store a copy of our communications.
  • We may, from time to time, offer surveys and opinion polls and ask you to provide information about your experience and feedback for our services. We may also occasionally organize contests, sweepstakes, competitions, prize draws, or other promotions on our website or through our Social Media channels and may offer a prize as a sign of appreciation to the people who have participated, qualified and/or completed the contest/survey. Information requested for entry may include personal contact information like your name, email, address, phone number, etc. Participation is entirely voluntary and it's up to you whether you choose to disclose any information or not.

Automatic collection

We also collect some information automatically from you.

  • Access log information: Like most online service providers, we collect information that web browsers, devices, and 3rd party tools typically make available, including but not limited to the browser version, IP address, language preference, referring site, the date and time of access, operating system, and network information. We collect this information when you use our Services.
  • Usage information: We collect information about your usage of our Service. For example, we collect information about the actions that visitors and Clients perform on our Website. We use this information to provide our Services to you, get insights on how people use our Services so we can improve the quality of our Services, and understand and make predictions about user retention.
  • Location information: We may determine the country of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Website or use our Services from certain geographic regions or to automatically localize our pricing to fit your location.
  • Information from cookies & other technologies: A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. Pixel tags (also called web beacons) are small blocks of code placed on websites and emails. We use cookies and other technologies like pixel tags to help us identify and track visitors, usage, and access preferences for our Services, as well as track and understand email campaign effectiveness and to deliver targeted ads. For more information about our use of cookies and other technologies for tracking, including how you can control the use of cookies, please see the sections ‘What are cookies?’ and ‘How do we use cookies?’ below..
  • Pageview information: NitroPack collects statistical information from the page views of our Website. The collected data cannot be used to identify any specific person.

Collection from third parties

We may also receive information about you from the following 3rd-party sources:

  • Wholesaler / reseller services we use to manage our paid subscriptions - FastSpring, PayPal - we receive information on your name and billing address regarding the payments of our subscription plans;
  • Communication services - Intercom, Zendesk, Facebook Messenger, Twilio SendGrid - we receive information that you choose to enter in the webchat or forms provided by the respective service provider.
  • Ad services - Facebook Ads, Google Ads - the information we receive from these service providers is anonymized and we can not identify the persons to which it is related. For more information about personal data protection policies please visit the websites of the respective service providers.

Method of collection

Each Client/Affiliate or visitor provides personally the personal data, entered or uploaded to the Website.

Clients/Affiliates are not allowed to enter third party personal data, including sign up a third party using their email address, without due authorization by such third party. We do not monitor or control the content, entered or uploaded by the Client/Affiliate. It is the Client’s/Affiliate’s sole responsibility to provide and guarantee that the processing of personal data activities performed by the Client/Affiliate with our Website are compliant with the requirements of the GDPR and other applicable personal data protection legislation.

How will we use your data?

Legal bases for collecting and using information

A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws:

  1. The use is necessary in order to fulfill our commitments to you under the applicable terms of service or other agreements with you or is necessary to administer your account; or
  2. The use is necessary for compliance with a legal obligation; or
  3. The use is necessary in order to protect your vital interests or those of another person; or
  4. We have a legitimate interest in using your information — for example, to provide and update our Service; to improve our Service so that we can offer you an even better user experience; to expand our network of users and customers; make our services more recognizable; to safeguard our Service; to communicate with you; to measure, gauge, and improve the effectiveness of our advertising; and to understand our user retention and attrition; to monitor and prevent any problems with our Service; and to personalize your experience; or
  5. You have given us your consent — for example before we place certain cookies on your device and access and analyze them later on, as described in the Сookie sections below.

Security measures

We take appropriate technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is only accessible by only those who need access to do their job, and that they are properly trained and authorised. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.

We may also use your data in relation to improving stability and fixing problems with our Service, for example, by monitoring, debugging, repairing, and preventing issues.

Sub-processors and processing outside of the EU

For providing quality services we may engage third party service providers - Sub-processors, carefully selected according to their capacity for personal data protection and processing in compliance with our obligations under the GDPR. We provide personal data to our Sub-processors to process it for us, only based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

Based on the above we may store and process personal data out of the EU, including in the United States of America, where some of our Sub-processors are based.

By using our Website and Services, you consent to your personal data being transferred to other countries, including countries that have different data protection rules than your country.

You give your explicit consent for personal data transfers outside the EU/EEA to the sub-processors listed below, on your own behalf and on behalf of all data subjects, whose personal data is entered in the our Website by you or by any third party to which you have provided access to our Services.

You confirm that you have been informed and aware that there may be certain possible risks of transfers of personal data to third countries outside the EU/EEA, including the USA, such as: the third country may not ensure an adequate level of data protection pursuant to Article 45 of the GDPR.

You are responsible for informing all data subjects, whose personal data you entered in our Website that such personal data may be transferred outside the EU/EEA, including the USA, towards the sub-processors listed herein below, and about all possible risks of such transfer. It shall be your sole responsibility to acquire all data subjects’ explicit consent for such transfer after providing them with the information on possible risks and before entering or uploading any third party personal data in our Website.

We may replace our Sub-processors from time to time. You agree that the list of current Sub-processors may be amended. You agree that if we amend the list of Sub-processors, we shall inform you about such updates via email.

In transfers of personal data outside the EU/EEA we shall take such measures as are reasonably applicable to ensure the transfer is in compliance with applicable data protection legislation. You declare to be informed and agree that such measures shall be transferring the personal data: (i) to a recipient in a country that the European Commission has decided provides adequate protection for personal data; or (ii) to a recipient that has achieved binding corporate rules authorisation in accordance with the applicable data protection legislation; or (iii) to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.

All our Sub-processors do not have any right to use the personal information we share with them beyond what is necessary to assist us in making our services possible. When we cooperate with third parties and they process your personal data on our behalf, we request that your personal data be handled with the same integrity and security as we do.

List of current Sub-processors:




Relevant Links


Merchant of Record



Payment provider


Intercom, Inc.

Communication and support



Communication and support


Twilio SendGrid

Communication and marketing


Amazon Web Services

Data/CDN services



Data/CDN services



Hosting services



Analytics services


Our Services securely store your data at the data centers of our cloud, hosting, CDN, and payment providers. For more information, please refer to the list above.

Payment providers, wholesalers, resellers

Credit card information you enter on our website is not stored with us. It is transmitted, processed, and stored securely according to the security protocols used by our payment providers, wholesalers, and resellers. The information we provide to these services is: your name, your email, your telephone number, your country of billing, your billing state/region/postcode (where required for applying taxes), the purchase amount, purchase currency, product or service you purchase, interface language, and other information that is required for a purchase on our Website.

Customizing your user experience

We may use your data to personalize your experience by serving you relevant notifications, making user interface adjustments depending on your persona, and sending you messages and/or advertisements for our Service (with your consent).

Communications and Support

We may use your data to communicate with you. For example, by emailing you to ask for your feedback, sharing tips for getting the most out of our product; or calling you to share offers and promotions that we think will be of interest to you (only in cases where we have obtained your explicit consent to receive such offers and promotions). If you don't want to hear from us, you can opt-out of marketing communications at any time. (If you opt-out, we'll still send you critical updates relating to your account or the services you use).

Use of Zendesk Services: For the purpose of providing customer service, NitroPack uses Zendesk. For more information on how Zendesk work with the data we provide, please visit this link:

Use of Intercom Services: We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as the sign-up date and some personal information like your email address) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom's use of cookies, please visit

We may also use Intercom as a medium for communications, either through email or through messages within our product(s). The Intercom Messenger Apps and Apps in Inbox products may also provide you with access to other third-party applications such as Stripe. You should consult these third parties' privacy notices for further information on their use of your personal data. As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles, and physical addresses, to enhance your user experience.

For more information on the privacy practices of Intercom, please visit Intercom's services are governed by Intercom's terms of use which can be found at If you would like to opt-out of having this information collected by or submitted to Intercom, please contact us.

Use of SendGrid: We share a limited amount of your information (such as e-mail, name, purchased products) to SendGrid for the purposes of managing our marketing campaigns and sending you service emails related to the state of your subscription with us. More information about how SendGrid manages your data can be found here:

Additional help by third parties: If you send us a request for assistance (for example, via a support email or one of our other feedback mechanisms), we reserve the right to forward that request to relevant third parties in order to clarify or respond to your request, or to help us support other users. We will not disclose any of your personal information to third parties.

User experience monitoring

Use of Hotjar: We use Hotjar in order to better understand our users' needs and to optimize our Service. Hotjar is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don't like, etc.) and this enables us to build and maintain our Service using indirect user feedback. Hotjar uses cookies and other technologies to collect data on our users' behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar' section of Hotjar's support site:

Use of Google Analytics: We use Google Analytics to understand visitor traffic on our Services. To opt out of traffic analysis, please install a browser extension, such as this one:

We can relate actions you take while using our Services, across different devices you may use after authenticating. The information we collect and relate is: occurrences of editions to a website entry; purchase occurrences and purchase value, upgrades, downgrades of subscriptions; installations, uninstallations, connecting of NitroPack connectors (plugins, extensions); user profile actions like login, logout, registration; and other important events, relating to your general usage of our Services.

All the information we collect with Google Analytics is non-identifiable for 3rd parties and cannot be used by 3rd parties to find your identity. We use this information to better understand the points of difficulty you may have using our Services and identify opportunities for improvement. Non-identifiable information of your behavior on our Services may also relate to data collected by Google Ads. To further protect your identity, we use IP address anonymization in Google Analytics.

Ads and marketing

We may use information you provide to measure, gauge, and improve the effectiveness of our marketing as a result of our marketing communication to you (only in cases where we have obtained your explicit consent to receive marketing communication and messages). For example, by targeting our marketing messages to groups of our visitors (like those who have a particular subscription plan with us or have been visitors for a certain length of time), advertising our Service, analyzing the results of our marketing campaigns (like how many people purchased a paid plan after receiving a marketing message), and understanding and forecasting user retention. If you have agreed to receive marketing messages, you may always opt-out at a later date. You have the right at any time to stop our Services from contacting you for marketing purposes.

We may share non-personal information for the purposes of our marketing efforts (e.g., by providing tools for identifying a specific marketing target group or improving our marketing campaigns, and by placing ads to market our services); those that help us understand and enhance our Services (like analytics providers); those that make tools to help us run our operations (like programs that help us with task management, scheduling, word processing, email and other communications, and collaboration among our teams). We require vendors to agree to privacy commitments in order to share information with them.

For advertising purposes and to make our business more responsive to your interests and/or those of like-minded customers, we may share a hashed version of your email address to the Facebook advertising platforms. We aggregate your email address and send it over to Facebook where it is initially hashed (irreversibly obfuscated) before it is further processed for the purpose of creating “Custom Audiences” (where targeted ads are sent to people on Facebook who have already interacted with our Site and/or services), and “Lookalike Audiences” (where targeted ads are sent to potential customers who appear to have shared interests or similar demographics to our existing customers, based on the platform’s own data). You can find more information here:

We do not have access to the identity of anybody in the lookalike audience. Based on this, we believe that generating lookalike audiences poses little or no threat to the privacy of our customers. We lean on our legitimate interest for using “Custom Audience” and “Lookalike Audiences” solely in order to expand our network and services and to make our services more recognizable to new users and future customers. You may object at any time of the use of your email, please email us at [email protected], and we will remove your data from our list within the period of 10 business days.

Information we share

We do not share personal information with companies, organizations and individuals unless one of the following circumstances applies.

With your consent - we will share personal information with companies, organizations or individuals when we have your written consent to do so.

For making some services possible – to third party processors, as described above.

For legal reasons - we will share personal information with companies, organizations or individuals, if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

  • meet any applicable law, regulation, legal process or enforceable governmental request;
  • enforce applicable Terms of Use, including investigation of potential violations;
  • detect, prevent, or otherwise address fraud, security or technical issues;
  • protect against harm to our rights, property or safety, our users or the public as required or permitted by law.

We may disclose information about you in response to a subpoena, court order, or other governmental requests.

We may share information that has been aggregated or de-identified so that it can no longer reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services, or share a hashed version of your email address to facilitate customized ad campaigns on other platforms.

NitroPack Affiliates

NitroPack LLC offers an affiliate program that rewards other businesses or influencers for incoming sales. In case you have signed up for our Services through an affiliate referral link, we may display to the affiliate some non-identifiable information about your purchase with us:

  • The homepage URL(s) of your website(s);
  • The status of your subscription with us (active, suspended, cancelled, etc.);
  • The calculated commission our affiliate gets, based on the monetary amount you have paid us;
  • The period of your subscription (monthly or annual);
  • The start date of your subscription;
  • The date on which payment was last charged per your subscription.

Business transfers

In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that NitroPack Ltd. goes out of business or enters bankruptcy, user information would likely be one of the assets that are transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.

With your consent

Data processing activities, listed above, are necessary for the provision of our Services. We may use the Personal data you submit during the registration process to send you Services-related communications. We may also use such Personal data to send you electronic newsletters, only if we have obtained your explicit consent. Your consent is voluntary and we will not refuse our Services, if you do not provide us with your consent. You may withdraw your consent to receive such information from us at any time by using our “E-mail Notifications” functionality, found in the NitroPack Website Dashboard > Account, after you login with your username and password.

We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties when you authorize us to do so.

Aggregated or de-identified information

We may share information that has been aggregated or de-identified so that it can no longer reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.


We provide Services to and allow our Website to be used only by persons aged 18 and over. If aged under 18, please ask for the assistance of a person aged at least 18 in order to use our Services. If we obtain actual knowledge that we have collected personal data from a person under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data. Please, contact us, if you believe that we have mistakenly or unintentionally collected information from a person under the age of 18.

Data deletion

We will keep your Personal data for a time period at least as long as you use our Services and 5 years afterwards in order to prevent loss of data, valuable for our Clients/Affiliates and visitors and compliance with applicable legislation. Once this time period has expired, we will delete your data, unless otherwise required by law or our legitimate interest.

The term of storing your data if you contacted us through our contact forms but did not use our Services is 5 years in order to facilitate communication and assist you in all matters that may arise.

How do we protect your data?

We take special care to secure personal data. We keep your data privately and securely on a backend layer, on volumes encrypted with LUKS (Linux Unified Key Setup).

Your data is only accessible by trained and authorized staff of NitroPack Ltd. We ensure that we educate our staff on the use and importance of encryption and data privacy.

We have assessed the nature and scope of our processing activities and have implemented encryption solution(s) to protect the personal data we store and/or transmit. We have considered the types of processing we undertake, and whether encryption can be used in this processing.

We understand the residual risks that remain, even after we have implemented our encryption solution(s). We ensure that we keep our encryption solution(s) under review in the light of technological developments.

All personal information is protected from unauthorized access, manipulation, falsification, and unauthorized disclosure.

For the purpose of data recovery in the unlikely event of service failure, we keep encrypted historical records of your personal information and any additional information necessary for the proper working of our service for up to 90 days. All backup data is automatically destroyed 90 days after creation.

We generally discard information about you when it's no longer needed for the purposes for which we collect and use it and if we're not legally required to keep it.

What are your data protection rights?

You have the right to request a copy of your personal data at any time, to check the accuracy of the stored information, to correct or update this information, to ask for your personal information to be deleted if there are grounds for doing so, as described below. You also have the right to complain when your privacy rights have been violated. Below is a detailed description of your rights as a data subject:

  • You have the right to request confirmation if personal data relating to you are being processed and to request a copy of your personal data as well as the information relating to the collection, processing and storage of your personal data.
  • You have the right to request your personal data to be deleted if there are any of the following grounds: personal data are no longer necessary for the purposes for which they have been collected; where you have objected against the processing when the processing is unlawful; where data is processed on your consent and you withdraw that consent; where personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller. You may be denied to delete your personal data for the following reasons: exercising of the right to freedom of expression and the right to information; to comply with our legal obligation or to carry out a task of public interest or in the exercise of the official authority that has been granted to us; for reasons of public interest in the field of public health; for the establishment, exercising or protection of legal claims.
  • You have the right to request your personal data to be corrected if it is inaccurate or to be supplemented if it is incomplete.
  • You have the right to request to restrict the processing of your personal data if applicable and there is a reason to do so, for example: you dispute the accuracy of personal data for a period that allows us to verify the accuracy of personal data; the processing is illegal, but you do not want personal data to be deleted but only to be limited; we do not need any more personal data for the purposes of processing, but you require them to identify, exercise or protect your legal claims; you have objected against the treatment pending verification that our legitimate grounds have an advantage over your interests.
  • You have the right to request to receive personal data that concern you and which you have provided in a structured, widely used and machine readable format, and you have the right to transfer this data to another administrator when the processing is based on consent or on contractual obligation and the processing is done in an automated manner.
  • You have the right to make an objection against the processing of your personal data before the Data Protection Officer if there are reasons to do so.

You can address all requests to the Data Protection Officer. In order to be able to provide you with full assistance, please provide us with accurate information about you and specify your request. It is possible that, in the exercise of your rights, we may ask for additional information to establish your identity.

Please keep in mind that when your requests are clearly unreasonable or excessive, in particular because of their repeatability, we can:

  • Charge a fee, taking into account the administrative costs of providing information or communication or undertaking the requested activities, or
  • Refuse to take actions on the request.

We will make reasonable efforts to respect your request within 30 days of receiving your application. If necessary, this term may be extended by a further two months, taking into account the complexity and the number of requests.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems). Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.

If you file a privacy-related complaint, we will collect your name and/or company name, name of a complaint-related person, email, and country location and details that gave rise to your complaint. We will use the information you provide to investigate your complaint and to send you an answer once your complaint is reviewed.

Supervisory Authority

If you think we have infringed your privacy rights, you can lodge a complaint with the supervisory authority of Bulgaria, which is the Commission for personal data protection. More information can be found at:

You can also lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s).

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (“CCPA”) requires us to provide California residents with some additional information about the categories of personal information we collect and share, where we get that personal information, and how and why we use it.

The CCPA also requires us to provide a list of the “categories” of personal information we collect, as that term is defined in the law, so, here it is. In the last 12 months, we collected the following categories of personal information from California residents, depending on the Services used:

  1. Identifiers (like your name, contact information, and device and online identifiers);
  2. Commercial information (your billing information and purchase history, for example);
  3. Characteristics protected by law (for example, you might provide your gender as part of a research survey for us);
  4. Internet or other electronic network activity information (such as your usage of our Services);
  5. Geolocation data (such as your location based on your IP address);
  6. Professional or employment-related information (for example, your company); and
  7. Inferences we make (such as likelihood of retention or attrition).

We collect personal information for the business and commercial purposes described in the section “How will we use your data?”. And we share this information with the categories of third parties described in the Sharing Information section.

If you are a California resident, you have additional rights under the CCPA, subject to any exemptions provided by the law, including the right to:

  1. Request to know the categories of personal information we collect, the categories of business or commercial purpose for collecting and using it, the categories of sources from which the information came, the categories of third parties we share it with, and the specific pieces of information we collect about you;
  2. Request deletion of personal information we collect or maintain;
  3. Opt-out of any sale of personal information; and
  4. Not receive discriminatory treatment for exercising your rights under the CCPA.

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit, we may collect information from you automatically through cookies or similar technology. For further information, visit

How do we use cookies?

Our Company uses cookies in a range of ways to improve your experience on our Services

Essential Cookies

Our Services use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and the location you are in.

Cookies by Google Analytics are only used to anonymously measure our website traffic, and cannot be used to identify you.

The Essential cookies our Services use are:

  1. PHPSESSID - uniquely identifies your user session on our website. This cookie does not contain personal information but serves as an identifier for you in our system. Expires after 1 year.
  2. navigation_cookie - determines if your website dashboard navigation is expanded or collapsed. Expires after 1 month.
  3. agreed_optional - specifies whether you have agreed to use optional Advertising and Insights cookies. Expires after 2 years.
  4. partner_id - specifies if you have followed a referral link. Expires after 30 days.
  5. Intercom Cookies -
  6. __atuvc -
  7. __atuvs -
  8. _ga - Google Analytics anonymous visitor identification. Expires after 2 years.
  9. _gid - Google Analytics anonymous tracking cookie. Expires after 2 years.
  10. _gat_gtag_XXXXXX - Google Analytics tracking cookie. Used to analyze visitor browsing habits, flow, source, and other information. Expires immediately.
  11. _fbp - Cookie that helps us with Facebook conversion tracking. Expiration varies.
  12. Convertize Cookies - A/B testing of visual elements on our website, to measure visitor engagement.

Advertising and Insights Cookies

Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed, and information about your browser, your device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.

The Advertising and Insights cookies our Services use are:

  1. HotJar Cookies -

Variation Cookies - Cookies of visitors to your websites

Our Services also collect non-personally identifiable cookies from your site visitors when they access your websites (such as cookies for their selected language or shopping currency). Our Services use Variation Cookies to correctly deliver optimized content to your site visitors. We do not use these cookies in any other way, and they cannot be used to identify you, or any of your site visitors.

How to manage cookies?

Upon visiting our website, you will be asked to specify the kinds of cookies we can use.

The Essential cookies are required for the proper functioning of our website in relation to your user profile. You can set your browser not to accept cookies. However, some of our website features will not function as a result.

The Advertising and Insights cookies are optional - feel free to opt-in if you would like to help us improve our website and services, and also to receive ads specific to the way you use our website.

Changes to our Privacy Policy

NitroPack Ltd. keeps its privacy policy under regular review and places any updates on this web page

NitroPack shall notify registered users by e-mail in case of substantial changes to this privacy policy.

How to contact us

If you have any questions about Our Company's privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Address: 3 Professor Georgi Bradistilov, entr. A, 3rd fl., Studentski Kompleks, Sofia, postcode 1756, Bulgaria

Data protection officer: Simeon Totev, email: [email protected]

You may also reach out to us using our live chat