Privacy Policy

Trusted Companies operates a verified directory of Estonian businesses at trustedcompanies.eu. For questions about your data, write to hello@trustedcompanies.eu.

• Application data — when a business applies to list, we collect the company name, Estonian registry code, primary category, short description, contact person name, email, and phone.
• Enquiry data— when a buyer contacts a listed company through our form, we collect the buyer's name, email, optional phone, the message, the page they sent it from, any UTM parameters, the requesting IP address, and the user agent.
• Member account data — once an application is approved, an account is created using the contact email so the member can sign into their dashboard.
• Profile data — content members add to their public listing (services, address, social links, etc.).

• To operate the directory and verify listings against public registry data.
• To forward buyer enquiries to the relevant listed company.
• To detect and prevent abuse (spam, fake applications, etc.).
• To send transactional emails (application receipts, acceptance, enquiry forwarding).
• To improve the service through aggregate analytics.

• Contract — for application, listing, and member dashboard data. Processing is required to deliver the service you requested.
• Legitimate interest — for buyer enquiry routing and abuse prevention diagnostics (IP, user agent).
• Consent — for any marketing communications; required and revocable.

We use the following third-party processors:

• Supabase (EU region) — database, authentication.
• Resend — transactional email delivery.
• Vercel — hosting + edge network.

We do not sell your personal data. We do not use it for advertising outside the platform.

• Applications: kept indefinitely while the listing is active; deleted within 12 months of rejection or withdrawal.
• Enquiries: kept for as long as the receiving listing is active so members have history; on request we can delete on a per-enquiry basis.
• Member accounts: kept while the listing is active; deleted on request.

Under GDPR you can request access to your data, correction, deletion, restriction of processing, portability, and to object to processing. Write to hello@trustedcompanies.eu and we'll respond within 30 days. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

We use cookies that are strictly necessary for the service to work (session cookies for member login, security tokens). We do not use tracking cookies for advertising.

We'll update this page when our practices change. Material changes will be announced via email to members.