SOVABOO
Privacy Policy
Effective date: April 28, 2026
This Privacy Policy explains how Sovaboo Digital OÜ, registry code 17150442, a company incorporated in the Republic of Estonia (“Sovaboo Digital”, “Sovaboo”, “we”, “us”, or “our”), collects, uses, stores, shares, and protects personal data when you visit our website, create an account, purchase digital content, use online reading services, contact us, or otherwise interact with our services.
This Privacy Policy applies to our website https://sovaboo.com, its subdomains, and related digital services operated by Sovaboo Digital (the “Services”).
For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Sovaboo Digital acts as the controller of personal data processed in connection with the Services, unless stated otherwise.
1. Contact Details
Sovaboo Digital OÜ
Registry code: 17150442
Registered office: Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 5, 10117, Estonia
Country of incorporation: Republic of Estonia
Website: https://sovaboo.com
Email: [email protected]
You may contact us at [email protected] regarding privacy questions, data protection requests, or the exercise of your rights.
2. Personal Data We Process
Depending on how you use the Services, we may process the following categories of personal data:
2.1 Account Data
This may include your name, display name, email address, password hash, account settings, language preferences, country or region, account status, and related account information.
2.2 Order and Purchase Data
This may include order number, purchased digital content, order status, payment status, price, currency, tax information, invoice or receipt details, refund status, and transaction references received from payment providers.
We do not store full payment card numbers or full payment authentication credentials.
2.3 Digital Content Access Data
This may include information about access to purchased digital content, online reading activity necessary to provide the service, download status, access timestamps, device or session identifiers, and technical logs required to deliver and protect digital content.
2.4 Communication Data
This may include messages you send to us, support requests, refund requests, copyright notices, feedback, email correspondence, and related communication history.
2.5 Technical and Usage Data
This may include IP address, browser type, device type, operating system, language settings, pages visited, referring URLs, session data, log files, security events, cookie identifiers, and similar technical information.
2.6 Marketing and Preference Data
Where applicable, this may include newsletter subscription status, communication preferences, consent records, campaign interactions, and unsubscribe records.
2.7 Age and Content Restriction Data
Where necessary, we may process information related to age confirmation, content access restrictions, or mature-content notices. We aim to collect only the minimum information necessary for this purpose.
3. Purposes and Legal Bases of Processing
We process personal data only where we have a lawful basis under applicable data protection law.
| Purpose | Examples | Legal basis |
|---|---|---|
| Providing the Services | account access, online reading, digital content delivery, downloads | performance of a contract |
| Processing purchases and refunds | orders, payments, receipts, refunds, payment verification | performance of a contract; legal obligation |
| Tax, accounting, and legal compliance | invoices, transaction records, statutory retention | legal obligation |
| Customer support | responding to questions, technical issues, refund requests | performance of a contract; legitimate interests |
| Security and fraud prevention | abuse detection, access logs, account protection, payment abuse prevention | legitimate interests; legal obligation |
| Copyright and rights protection | watermarking, access logs, infringement investigation, notice-and-takedown handling | legitimate interests; legal claims |
| Service analytics and improvement | understanding usage, improving functionality, fixing technical issues | legitimate interests; consent where required |
| Marketing communications | newsletters, promotional emails, updates | consent or legitimate interests where permitted by law |
| Cookie-based tracking and optional technologies | analytics, preferences, marketing cookies | consent where required |
Where we rely on legitimate interests, we balance our interests against your rights and freedoms. You may object to processing based on legitimate interests in certain circumstances.
Where we rely on consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
4. Cookies and Similar Technologies
We use cookies and similar technologies to operate the Website, remember preferences, understand usage, improve the Services, and, where applicable, support marketing or analytics.
Some cookies are strictly necessary for the Website and Services to function. Other cookies are used only where legally permitted, including on the basis of your consent where required.
More information is available in our Cookie Policy.
5. Sharing of Personal Data
We may share personal data with trusted service providers and partners where necessary for the purposes described in this Privacy Policy. These may include:
- hosting and infrastructure providers;
- payment service providers;
- email delivery providers;
- analytics providers;
- customer support tools;
- fraud prevention and security providers;
- tax, accounting, legal, and compliance advisers;
- public authorities, courts, regulators, or law enforcement bodies where required by law;
- authors, licensors, or rightsholders where necessary to investigate copyright infringement, payment abuse, or unlawful distribution of digital content.
Service providers that process personal data on our behalf must process it only under our instructions and must apply appropriate security and confidentiality measures.
We do not sell personal data.
6. International Transfers
We are established in Estonia and may use service providers located in the European Economic Area (“EEA”) or outside the EEA.
Where personal data is transferred outside the EEA, we will use appropriate safeguards where required by GDPR, such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.
7. Data Retention
We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Typical retention criteria include:
- account data is kept while your account remains active and for a reasonable period after deletion where necessary for legal, security, or dispute purposes;
- order, payment, invoice, tax, and accounting records are kept for the period required by applicable accounting and tax laws;
- support communications are kept for a reasonable period to manage requests, resolve disputes, and improve support quality;
- security logs are kept for a limited period unless needed to investigate abuse, fraud, infringement, or security incidents;
- marketing consent records are kept while you remain subscribed and for a reasonable period after withdrawal to prove compliance.
When personal data is no longer needed, we will delete, anonymise, or securely restrict it, unless retention is required by law or for legal claims.
8. Data Security
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction.
Such measures may include access controls, encryption where appropriate, secure authentication, logging, backup procedures, confidentiality obligations, provider due diligence, and internal access restrictions.
No online service can be guaranteed to be completely secure. You are responsible for keeping your account credentials confidential and for notifying us if you suspect unauthorised account access.
9. Your Rights
Subject to the conditions and limitations under applicable law, you may have the right to:
- request access to your personal data;
- request correction of inaccurate or incomplete personal data;
- request deletion of your personal data;
- request restriction of processing;
- object to processing based on legitimate interests;
- object to direct marketing;
- request data portability;
- withdraw consent where processing is based on consent;
- lodge a complaint with a supervisory authority.
To exercise your rights, contact us at [email protected].
We may need to verify your identity before responding to a request. We will respond within the period required by applicable law.
10. Marketing Communications
If you subscribe to newsletters or marketing communications, we may send you updates about books, authors, offers, releases, platform news, and related content.
You can unsubscribe at any time by using the unsubscribe link in the email or by contacting us.
We may still send you non-marketing communications, such as order confirmations, service notices, legal notices, security alerts, and support messages.
11. Children
The Services are not directed to children below the age at which they may lawfully use online services or provide valid consent under applicable law.
We do not knowingly collect personal data from children where parental consent is required and has not been obtained. If you believe that a child has provided us with personal data unlawfully, please contact us.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, technologies, or business operations.
The updated version will be published on the Website with a revised effective date. Where required by law, we may provide additional notice or request consent.
13. Supervisory Authority
If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with a competent data protection supervisory authority.
In Estonia, the supervisory authority is the Estonian Data Protection Inspectorate (“Andmekaitse Inspektsioon”).
We encourage you to contact us first so that we can try to resolve your concern directly.
This document is originally written in English. Translations into other languages are provided for convenience only. In case of discrepancies, the English version shall prevail unless mandatory law requires otherwise.