I
Impetora
Last updated: 2026-04-27

Privacy policy

Impetora is a custom AI studio operating from Vilnius, Lithuania, and Amsterdam, the Netherlands. We process personal data in accordance with the EU General Data Protection Regulation (Regulation 2016/679) and Lithuanian implementing law.

1. Who we are

Impetora is operated by the team behind Ainora UAB, registered in Lithuania. For data protection enquiries the controller is reachable at justas@ainora.lt. We do not currently appoint a Data Protection Officer because the volume and nature of processing fall below the GDPR Article 37 threshold.

2. What data we collect

The intake form on impetora.com collects the following fields:

  • Name and work email address
  • Company name, role, and industry
  • Project type, budget range, and timeline
  • The free-text project brief you provide
  • How you heard about us (traffic source) and the page you arrived on
  • Standard server log data (IP, user agent, timestamp) retained briefly for security and abuse prevention

We do not place advertising cookies. We do not run third-party analytics that build behavioural profiles. We do not collect special category data.

3. How we use it

Data submitted through the intake form is used to:

  • Reply to your enquiry and run a discovery call
  • Scope the proposed engagement and prepare a written brief
  • Maintain a record of the enquiry for follow-up or contractual purposes

We do not sell your data. We do not share it with marketing partners. We do not use it to train external models.

4. Lawful basis

For prospects and clients, processing is based on the legitimate interest of responding to a business enquiry you initiated (GDPR Article 6(1)(f)) and, where an engagement begins, on the performance of a contract (Article 6(1)(b)). You can object at any time by replying to any of our messages or emailing the address above.

5. Where it is stored

Form submissions are stored in a Supabase Postgres database hosted in the EU (Frankfurt region). Email notifications about new submissions are forwarded to justas@ainora.lt, which runs on Google Workspace under EU Standard Contractual Clauses. Hosting infrastructure for the website itself is provided by Vercel (EU edge regions for served traffic; build artefacts may be cached globally but contain no personal data).

6. Sub-processors

The following providers process personal data on our behalf:

  • Vercel Inc. - website hosting and edge delivery
  • Supabase - Postgres database (EU region) for intake submissions
  • Google Workspace - email and document storage for the data controller
  • Resend - transactional email delivery for intake notifications, when enabled
  • Cloudflare - DNS and edge security, when enabled (no log retention beyond 24 hours by default)

An updated sub-processor list is also maintained on our security page. Material changes are reflected with a new "last updated" date on this policy.

7. Retention

Intake submissions are retained for 12 months from the date of submission unless they convert into an active engagement, in which case they are retained for the duration of the engagement plus 5 years for accounting and contractual evidence. Server logs are retained for 30 days. You may request earlier deletion at any time.

8. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict processing in certain circumstances
  • Receive a copy of your data in a portable format
  • Object to processing based on legitimate interest
  • Lodge a complaint with the Lithuanian State Data Protection Inspectorate (VDAI) or your local supervisory authority

To exercise any of these rights, email justas@ainora.lt. We respond within 30 days.

9. International transfers

We do not transfer personal data outside the European Economic Area as a default. Where Google Workspace email may involve onward processing in the United States, that transfer is governed by EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework.

10. Security

We use TLS 1.3 in transit, AES-256 at rest, and access controls on internal accounts. A more detailed posture statement is available on our security page.

11. Changes

We update this policy when our practices change or to reflect new sub-processors. The date at the top of this page reflects the last revision. We will notify identified prospects and clients of material changes by email.

12. Contact

For privacy enquiries, data subject requests, or to report a concern: justas@ainora.lt.