Last updated: 01.05.2026
Waybiller OÜ (registry code 14200010, address Mäealuse 2/1, Tallinn, Estonia) respects your privacy and processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, “GDPR”) and other applicable data protection laws.
This Privacy Policy describes what personal data we collect, for what purposes and on what legal basis we process such data, and what rights you have in relation to your personal data. In addition, prior to using the Service, a Data Processing Agreement (“DPA”) is concluded between Waybiller and the user, governing the processing of personal data within the Service.
For the purposes of this Policy:
Data protection contact:
privacy@waybiller.com
General contact:
waybiller@waybiller.com
Depending on the context, Waybiller acts either as a data controller or a data processor.
Waybiller acts as a data controller when processing:
In such cases, Waybiller determines the purposes and means of processing.
Waybiller acts as a data processor when processing personal data entered into the Service by the Client on behalf of the Client. In such cases, data processing is governed by the Data Processing Agreement (DPA).
We may process the following categories of personal data:
| Data Type | Personal Data |
| Identification and contact data | First and last name; personal identification code; email address; phone number; company name; job title |
| Customer relationship data | Order information; credit information; payment behavior |
| Customer support data | Inquiry content; communication history; metadata (submission time, resolution time); recorded calls (where applicable); AI chatbot interactions |
| Technical data | IP address; device and browser information; data collected via cookies |
| Payment data | Payment card or other payment method details; transaction data |
We retain personal data for as long as required or permitted by law, but no longer than reasonably necessary for the purposes for which the data was collected.
| Data Type | Purpose | Legal Basis | Retention Period |
| Identification and contact data | Identification of the Client and representatives; account management; access provisioning; service delivery | Contract performance; legal obligation; legitimate interest | Reasonable period after account deletion; or 7 years if included in accounting documents (Accounting Act § 12(1)) |
| Customer relationship data | Service provision; billing; dispute resolution | Contract performance; legal obligation; legitimate interest | 7 years (Accounting Act § 12(1)) |
| Customer support data | Customer communication; responding to inquiries; service quality assurance | Legitimate interest; contract performance | Generally up to 3 years |
| Technical data | Website operation; security; analytics; marketing | Necessary cookies: legitimate interest; others: consent | According to cookie settings |
| Payment data | Payment processing; dispute resolution | Contract performance; legal obligation | 7 years |
Personal data is processed on the following legal bases:
Marketing activities are carried out based on consent or legitimate interest, in accordance with applicable law.
Waybiller does not use personal data for automated decision-making or profiling within the meaning of GDPR Article 22. AI-based voice and chat solutions are used solely for informational purposes and to support customer support operations. Such systems do not produce decisions with legal or similarly significant effects. Human oversight is ensured where necessary.
Waybiller may engage third-party service providers (sub-processors), including telecommunications, customer support and AI technology providers. These providers process personal data only on documented instructions and implement appropriate safeguards. Where data is transferred outside the EU/EEA, appropriate legal safeguards are applied.
Personal data may be shared with service providers (sub-processors), including:
Data processing agreements are concluded with all sub-processors in accordance with GDPR requirements.
A list of sub-processors is available upon request at: privacy@waybiller.com
Where personal data is processed outside the EU/EEA or accessed from a third country (e.g. the United States), appropriate safeguards are applied, including Standard Contractual Clauses (SCCs) or other lawful mechanisms.
Certain data collected via cookies may also be transferred outside the EU/EEA in accordance with the Cookie Policy.
You have the right to:
Requests will be responded to within 30 days.
If you believe your data has been processed unlawfully, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate.
Waybiller implements appropriate technical and organizational measures, including:
While reasonable measures are applied, no data transmission over the internet can be guaranteed to be completely secure.
Waybiller uses cookies and similar technologies for website functionality, analytics and marketing purposes.
For more detailed information, please refer to our Cookie Policy.
Waybiller may update this Privacy Policy at any time. Users will be notified of material changes at least 30 days in advance via website notice, email or in-app notification.
The current version is always available on our website.