Effective date is August 17th, 2021
This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. Please, take time to read our Privacy policy carefully. We want to be clear how we’re using information and the ways in which you can protect your privacy.
This Privacy Policy applies to your Personal Data when you visit nitropack.io (the “Website”) and use our Services through this Website, and does not apply to online websites or services that we do not own or control. Separate agreements govern (i) delivery, type, access and use of our Services (the “Terms of Use” and the “Affiliate Terms of Use”) and (ii) processing of any information, files, Clients’ End user personal data or other content collected for the purpose of performing our automated optimization services (the Data Processing Addendum / “DPA”).
The Company providing you services through this Website is NitroPack Ltd. (referred to hereinafter as the “Company”, “we”, “our”, “us”), a company duly organized and registered under the law of Bulgaria, having its seat and registered office at 3 Prof. Georgi Bradistilov, entr. A, 3rd floor, Sofia, Bulgaria.
It is important to note that the Company is acting both as a Data Controller and as a Data Processor as the case may be. We are a controller with respect to our visitors and/or Clients interacting with our Website (nitropack.io) and/or Affiliates who participate in our Affiliate Program. We are a processor with respect to the personal data received from our Clients’ websites and their end users when the Client has subscribed for the performance of our Services. In this regard, each Client shall be considered a data controller (regarding Client’s websites and their end users personal data) and shall be obliged to comply with GDPR requirements by updating their own Terms of Service and/or Privacy Policy. The settlement of the controller-processor relations between the Company and the Client is subject to the Data Processing Addendum, which constitutes an integral part of the Company’s Terms of Use.
We take your right to privacy seriously and work continuously to keep the data we process minimized and in your control. Nevertheless, to enable you to use our Services and to improve and secure them, we need to process some personal data. By using any of our services and/or registering an account you agree to have read and understood our Privacy Policy.
Personal data is data that describes and is linkable to someone as a person. We collect some personal data in order to provide our Services to all our visitors or Clients. We will only process personal data for legal reasons, if we are obliged to do so by legal authorities. We don’t sell or otherwise distribute your personal data. We may share it with our selected service providers only when it is vital for the provision of our Services as explicitly described below.
We may process the following personal data.
These details are necessary for the identification of you as a Client and/or Affiliate, and the registration of a Client/Affiliate Account in our Website and the use of our Services.
As a Client, you provide us with your contact information - first and last name, email address used for registration, your phone number, IP address.
If you are an Affiliate, we require additional information:
The email address for payouts or bank details, if specified by the Affiliate, shall be used for payments of commissions due through the use of PayPal services, or by bank transfer.
When we receive an inquiry by a person through one of our contact forms available on our Website, we will use the contact information (name and email address) and other information provided by him / her to contact and provide the assistance he/she needs.
Current and past subscriptions to our Service, successful and failed payment transactions, billing address, billing postcode, transaction IP address, and other purchase-related meta-data - this information is necessary for the purchase of our subscription plans and settlement of the financial relationship between the parties. We receive this information from the service providers described in Section “Sub-processors and processing out of the EU” below. For more information about personal data protection policies please visit the websites of the respective service providers.
More information about this in the sections ‘What are cookies?’ and ‘How do we use cookies?’ below.
Non-personally identifiable information - demographic information, visitor browser, referring site, visitor country, language preference, the date and time of access, operating system, and network information. This information is collected from any visits to our Website.
Telemetric data - we may collect anonymous metrics from your website pageviews, that measure different aspects of page performance. The metrics that we may collect are:
Our service provides CDN delivery of optimized versions of your website resources. In this sense, end-user IP addresses are logged in our service logs which are destroyed automatically after a set period of time (between 7 and 90 days). Additionally, to correctly track usage of our service, end-user browsers communicate directly with an endpoint we provide, at which point we may collect access log information which includes: the end-user IP address, the end-user browser version, the requested link on your site (only for public links that do not contain personal information). Other information we automatically receive from your site visitors is their country of origin, and some non-user-identity cookies (used language, used currency). We do not collect or process personal identifiable information of your site visitors, such as e-mails, telephones, names, or addresses. Any information we collect is the minimum that we require to keep our service operational.
By using our free subscription plan the Client agrees to provide a link on pages that are optimized by NitroPack, forwarding to our website and to settle the personal data relations with its end users with regard to such notification.
We shall not use any other personal data, entered or uploaded by you, except for categories of data, described above. We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.
We collect personal data about you in the following cases:
We also collect some information automatically from you.
We may also receive information about you from the following 3rd-party sources:
Each Client/Affiliate or visitor provides personally the personal data, entered or uploaded to the Website.
Clients/Affiliates are not allowed to enter third party personal data, including sign up a third party using their email address, without due authorization by such third party. We do not monitor or control the content, entered or uploaded by the Client/Affiliate. It is the Client’s/Affiliate’s sole responsibility to provide and guarantee that the processing of personal data activities performed by the Client/Affiliate with our Website are compliant with the requirements of the GDPR and other applicable personal data protection legislation.
A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws:
We take appropriate technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is only accessible by only those who need access to do their job, and that they are properly trained and authorised. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.
We may also use your data in relation to improving stability and fixing problems with our Service, for example, by monitoring, debugging, repairing, and preventing issues.
For providing quality services we may engage third party service providers - Sub-processors, carefully selected according to their capacity for personal data protection and processing in compliance with our obligations under the GDPR. We provide personal data to our Sub-processors to process it for us, only based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
Based on the above we may store and process personal data out of the EU, including in the United States of America, where some of our Sub-processors are based.
By using our Website and Services, you consent to your personal data being transferred to other countries, including countries that have different data protection rules than your country.
You give your explicit consent for personal data transfers outside the EU/EEA to the sub-processors listed below, on your own behalf and on behalf of all data subjects, whose personal data is entered in the our Website by you or by any third party to which you have provided access to our Services.
You confirm that you have been informed and aware that there may be certain possible risks of transfers of personal data to third countries outside the EU/EEA, including the USA, such as: the third country may not ensure an adequate level of data protection pursuant to Article 45 of the GDPR.
You are responsible for informing all data subjects, whose personal data you entered in our Website that such personal data may be transferred outside the EU/EEA, including the USA, towards the sub-processors listed herein below, and about all possible risks of such transfer. It shall be your sole responsibility to acquire all data subjects’ explicit consent for such transfer after providing them with the information on possible risks and before entering or uploading any third party personal data in our Website.
We may replace our Sub-processors from time to time. You agree that the list of current Sub-processors may be amended. You agree that if we amend the list of Sub-processors, we shall inform you about such updates via email.
In transfers of personal data outside the EU/EEA we shall take such measures as are reasonably applicable to ensure the transfer is in compliance with applicable data protection legislation. You declare to be informed and agree that such measures shall be transferring the personal data: (i) to a recipient in a country that the European Commission has decided provides adequate protection for personal data; or (ii) to a recipient that has achieved binding corporate rules authorisation in accordance with the applicable data protection legislation; or (iii) to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
All our Sub-processors do not have any right to use the personal information we share with them beyond what is necessary to assist us in making our services possible. When we cooperate with third parties and they process your personal data on our behalf, we request that your personal data be handled with the same integrity and security as we do.
List of current Sub-processors:
Name | Service | Locations | Relevant Links |
FastSpring | Merchant of Record | EU, USA | |
PayPal | Payment provider | USA | https://www.paypal.com/us/webapps/mpp/gdpr-readiness-requirements |
Intercom, Inc. | Communication and support | USA | |
Zendesk | Communication and support | EU | https://www.zendesk.com/company/privacy-and-data-protection/#gdpr-sub |
Twilio SendGrid | Communication and marketing | USA | |
Amazon Web Services | Data/CDN services | EU | |
BunnyCDN | Data/CDN services | EU | |
DigitalOcean | Hosting services | EU | |
HotJar | Analytics services | EU, USA |
Our Services securely store your data at the data centers of our cloud, hosting, CDN, and payment providers. For more information, please refer to the list above.
Credit card information you enter on our website is not stored with us. It is transmitted, processed, and stored securely according to the security protocols used by our payment providers, wholesalers, and resellers. The information we provide to these services is: your name, your email, your telephone number, your country of billing, your billing state/region/postcode (where required for applying taxes), the purchase amount, purchase currency, product or service you purchase, interface language, and other information that is required for a purchase on our Website.
We may use your data to personalize your experience by serving you relevant notifications, making user interface adjustments depending on your persona, and sending you messages and/or advertisements for our Service (with your consent).
We may use your data to communicate with you. For example, by emailing you to ask for your feedback, sharing tips for getting the most out of our product; or calling you to share offers and promotions that we think will be of interest to you (only in cases where we have obtained your explicit consent to receive such offers and promotions). If you don't want to hear from us, you can opt-out of marketing communications at any time. (If you opt-out, we'll still send you critical updates relating to your account or the services you use).
Use of Zendesk Services: For the purpose of providing customer service, NitroPack uses Zendesk. For more information on how Zendesk work with the data we provide, please visit this link:
https://www.zendesk.com/company/privacy-and-data-protection/
Use of Intercom Services: We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as the sign-up date and some personal information like your email address) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom's use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy.
We may also use Intercom as a medium for communications, either through email or through messages within our product(s). The Intercom Messenger Apps and Apps in Inbox products may also provide you with access to other third-party applications such as Stripe. You should consult these third parties' privacy notices for further information on their use of your personal data. As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles, and physical addresses, to enhance your user experience.
For more information on the privacy practices of Intercom, please visit https://www.intercom.com/terms-and-policies#privacy. Intercom's services are governed by Intercom's terms of use which can be found at https://www.intercom.com/terms-and-policies#terms. If you would like to opt-out of having this information collected by or submitted to Intercom, please contact us.
Use of SendGrid: We share a limited amount of your information (such as e-mail, name, purchased products) to SendGrid for the purposes of managing our marketing campaigns and sending you service emails related to the state of your subscription with us. More information about how SendGrid manages your data can be found here: https://www.twilio.com/legal/privacy#sendgrid-services
Additional help by third parties: If you send us a request for assistance (for example, via a support email or one of our other feedback mechanisms), we reserve the right to forward that request to relevant third parties in order to clarify or respond to your request, or to help us support other users. We will not disclose any of your personal information to third parties.
Use of Hotjar: We use Hotjar in order to better understand our users' needs and to optimize our Service. Hotjar is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don't like, etc.) and this enables us to build and maintain our Service using indirect user feedback. Hotjar uses cookies and other technologies to collect data on our users' behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar' section of Hotjar's support site:
https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar
Use of Google Analytics: We use Google Analytics to understand visitor traffic on our Services. To opt out of traffic analysis, please install a browser extension, such as this one:
We can relate actions you take while using our Services, across different devices you may use after authenticating. The information we collect and relate is: occurrences of editions to a website entry; purchase occurrences and purchase value, upgrades, downgrades of subscriptions; installations, uninstallations, connecting of NitroPack connectors (plugins, extensions); user profile actions like login, logout, registration; and other important events, relating to your general usage of our Services.
All the information we collect with Google Analytics is non-identifiable for 3rd parties and cannot be used by 3rd parties to find your identity. We use this information to better understand the points of difficulty you may have using our Services and identify opportunities for improvement. Non-identifiable information of your behavior on our Services may also relate to data collected by Google Ads. To further protect your identity, we use IP address anonymization in Google Analytics.
We may use information you provide to measure, gauge, and improve the effectiveness of our marketing as a result of our marketing communication to you (only in cases where we have obtained your explicit consent to receive marketing communication and messages). For example, by targeting our marketing messages to groups of our visitors (like those who have a particular subscription plan with us or have been visitors for a certain length of time), advertising our Service, analyzing the results of our marketing campaigns (like how many people purchased a paid plan after receiving a marketing message), and understanding and forecasting user retention. If you have agreed to receive marketing messages, you may always opt-out at a later date. You have the right at any time to stop our Services from contacting you for marketing purposes.
We may share non-personal information for the purposes of our marketing efforts (e.g., by providing tools for identifying a specific marketing target group or improving our marketing campaigns, and by placing ads to market our services); those that help us understand and enhance our Services (like analytics providers); those that make tools to help us run our operations (like programs that help us with task management, scheduling, word processing, email and other communications, and collaboration among our teams). We require vendors to agree to privacy commitments in order to share information with them.
For advertising purposes and to make our business more responsive to your interests and/or those of like-minded customers, we may share a hashed version of your email address to the Facebook advertising platforms. We aggregate your email address and send it over to Facebook where it is initially hashed (irreversibly obfuscated) before it is further processed for the purpose of creating “Custom Audiences” (where targeted ads are sent to people on Facebook who have already interacted with our Site and/or services), and “Lookalike Audiences” (where targeted ads are sent to potential customers who appear to have shared interests or similar demographics to our existing customers, based on the platform’s own data). You can find more information here:
https://www.facebook.com/business/help/112061095610075?id=2469097953376494
We do not have access to the identity of anybody in the lookalike audience. Based on this, we believe that generating lookalike audiences poses little or no threat to the privacy of our customers. We lean on our legitimate interest for using “Custom Audience” and “Lookalike Audiences” solely in order to expand our network and services and to make our services more recognizable to new users and future customers. You may object at any time of the use of your email, please email us at [email protected], and we will remove your data from our list within the period of 10 business days.
We do not share personal information with companies, organizations and individuals unless one of the following circumstances applies.
With your consent - we will share personal information with companies, organizations or individuals when we have your written consent to do so.
For making some services possible – to third party processors, as described above.
For legal reasons - we will share personal information with companies, organizations or individuals, if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
We may disclose information about you in response to a subpoena, court order, or other governmental requests.
We may share information that has been aggregated or de-identified so that it can no longer reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services, or share a hashed version of your email address to facilitate customized ad campaigns on other platforms.
NitroPack LLC offers an affiliate program that rewards other businesses or influencers for incoming sales. In case you have signed up for our Services through an affiliate referral link, we may display to the affiliate some non-identifiable information about your purchase with us:
In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that NitroPack Ltd. goes out of business or enters bankruptcy, user information would likely be one of the assets that are transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
Data processing activities, listed above, are necessary for the provision of our Services. We may use the Personal data you submit during the registration process to send you Services-related communications. We may also use such Personal data to send you electronic newsletters, only if we have obtained your explicit consent. Your consent is voluntary and we will not refuse our Services, if you do not provide us with your consent. You may withdraw your consent to receive such information from us at any time by using our “E-mail Notifications” functionality, found in the NitroPack Website Dashboard > Account, after you login with your username and password.
We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties when you authorize us to do so.
We may share information that has been aggregated or de-identified so that it can no longer reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
We provide Services to and allow our Website to be used only by persons aged 18 and over. If aged under 18, please ask for the assistance of a person aged at least 18 in order to use our Services. If we obtain actual knowledge that we have collected personal data from a person under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data. Please, contact us, if you believe that we have mistakenly or unintentionally collected information from a person under the age of 18.
We will keep your Personal data for a time period at least as long as you use our Services and 5 years afterwards in order to prevent loss of data, valuable for our Clients/Affiliates and visitors and compliance with applicable legislation. Once this time period has expired, we will delete your data, unless otherwise required by law or our legitimate interest.
The term of storing your data if you contacted us through our contact forms but did not use our Services is 5 years in order to facilitate communication and assist you in all matters that may arise.
We take special care to secure personal data. We keep your data privately and securely on a backend layer, on volumes encrypted with LUKS (Linux Unified Key Setup).
Your data is only accessible by trained and authorized staff of NitroPack Ltd. We ensure that we educate our staff on the use and importance of encryption and data privacy.
We have assessed the nature and scope of our processing activities and have implemented encryption solution(s) to protect the personal data we store and/or transmit. We have considered the types of processing we undertake, and whether encryption can be used in this processing.
We understand the residual risks that remain, even after we have implemented our encryption solution(s). We ensure that we keep our encryption solution(s) under review in the light of technological developments.
All personal information is protected from unauthorized access, manipulation, falsification, and unauthorized disclosure.
For the purpose of data recovery in the unlikely event of service failure, we keep encrypted historical records of your personal information and any additional information necessary for the proper working of our service for up to 90 days. All backup data is automatically destroyed 90 days after creation.
We generally discard information about you when it's no longer needed for the purposes for which we collect and use it and if we're not legally required to keep it.
You have the right to request a copy of your personal data at any time, to check the accuracy of the stored information, to correct or update this information, to ask for your personal information to be deleted if there are grounds for doing so, as described below. You also have the right to complain when your privacy rights have been violated. Below is a detailed description of your rights as a data subject:
You can address all requests to the Data Protection Officer. In order to be able to provide you with full assistance, please provide us with accurate information about you and specify your request. It is possible that, in the exercise of your rights, we may ask for additional information to establish your identity.
Please keep in mind that when your requests are clearly unreasonable or excessive, in particular because of their repeatability, we can:
We will make reasonable efforts to respect your request within 30 days of receiving your application. If necessary, this term may be extended by a further two months, taking into account the complexity and the number of requests.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems). Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.
If you file a privacy-related complaint, we will collect your name and/or company name, name of a complaint-related person, email, and country location and details that gave rise to your complaint. We will use the information you provide to investigate your complaint and to send you an answer once your complaint is reviewed.
If you think we have infringed your privacy rights, you can lodge a complaint with the supervisory authority of Bulgaria, which is the Commission for personal data protection. More information can be found at:
You can also lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s).
The California Consumer Privacy Act (“CCPA”) requires us to provide California residents with some additional information about the categories of personal information we collect and share, where we get that personal information, and how and why we use it.
The CCPA also requires us to provide a list of the “categories” of personal information we collect, as that term is defined in the law, so, here it is. In the last 12 months, we collected the following categories of personal information from California residents, depending on the Services used:
We collect personal information for the business and commercial purposes described in the section “How will we use your data?”. And we share this information with the categories of third parties described in the Sharing Information section.
If you are a California resident, you have additional rights under the CCPA, subject to any exemptions provided by the law, including the right to:
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit nitropack.io, we may collect information from you automatically through cookies or similar technology. For further information, visit
Our Company uses cookies in a range of ways to improve your experience on our Services
Our Services use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and the location you are in.
Cookies by Google Analytics are only used to anonymously measure our website traffic, and cannot be used to identify you.
The Essential cookies our Services use are:
Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed, and information about your browser, your device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
The Advertising and Insights cookies our Services use are:
Our Services also collect non-personally identifiable cookies from your site visitors when they access your websites (such as cookies for their selected language or shopping currency). Our Services use Variation Cookies to correctly deliver optimized content to your site visitors. We do not use these cookies in any other way, and they cannot be used to identify you, or any of your site visitors.
Upon visiting our website, you will be asked to specify the kinds of cookies we can use.
The Essential cookies are required for the proper functioning of our website in relation to your user profile. You can set your browser not to accept cookies. However, some of our website features will not function as a result.
The Advertising and Insights cookies are optional - feel free to opt-in if you would like to help us improve our website and services, and also to receive ads specific to the way you use our website.
NitroPack Ltd. keeps its privacy policy under regular review and places any updates on this web page
https://nitropack.io/page/privacy
NitroPack shall notify registered users by e-mail in case of substantial changes to this privacy policy.
If you have any questions about Our Company's privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
Address: 3 Professor Georgi Bradistilov, entr. A, 3rd fl., Studentski Kompleks, Sofia, postcode 1756, Bulgaria
Data protection officer: Simeon Totev, email: [email protected]
You may also reach out to us using our live chat