Privacy Policy

1. INTRODUCTION

1.1 What this policy covers

This Privacy Policy explains how Nicodemus Labs (“we,” “us,” or “our”), operated by YFTS Labs OÜ (Registry Code: 16568665, registered in Estonia at Sepapaja tn 6, Tallinn, 15551, Estonia), collects, uses, processes, and protects your personal information when you visit our website nicodemuslabs.com (the “Website”) and use our competitive intelligence services.

1.2 Compliance commitment

We are committed to protecting your privacy and ensuring the security of your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Estonian Personal Data Protection Act, and other applicable data protection laws.

1.3 Acknowledgement

By accessing or using our Website and services, you confirm that you have read and understood this Privacy Policy.

2. DATA CONTROLLER

2.1 Controller details

YFTS Labs OÜ
Registry Code: 16568665
Address: Sepapaja tn 6, Tallinn, 15551, Estonia
VAT: EE102532023
Email: contact@untold.gg
Website: nicodemuslabs.com

3. INFORMATION WE COLLECT

3.1 Information you provide voluntarily

When submitting information through our competitive intelligence sample request form, you may provide your full name, business email address, company name, job title/position, phone number (optional), industry sector, competitor information, business requirements and interests, and any other information you include in communications.

3.2 Automatically collected information

When you visit our Website, we may collect technical information such as your IP address, browser type and version, operating system, device information, pages visited and time spent, referring website addresses, geographic location (country/city level), date and time of access, and cookies and tracking technologies (see Section 8).

3.3 Information from third parties

We may receive information about you from publicly available business sources, marketing partners and service providers, analytics providers, and social media platforms (if you interact with our content).

4. LEGAL BASIS FOR PROCESSING

4.1 Legal bases under GDPR

We process personal data under GDPR Article 6, including consent (Art. 6(1)(a)) when you submit forms voluntarily, contractual necessity (Art. 6(1)(b)) to provide requested services, legitimate interests (Art. 6(1)(f)) for improving services, fraud prevention, and business development, and legal obligation (Art. 6(1)(c)) for compliance with laws and regulations.

5. HOW WE USE YOUR INFORMATION

5.1 Primary purposes

We use your data to provide the competitive intelligence sample you requested, respond to inquiries, deliver reports and analysis, manage client relationships, and fulfill contractual obligations.

5.2 Secondary purposes

We may also use your data to improve and optimize the Website, personalize your experience, conduct market research and analytics, send marketing communications (with consent), detect fraud and security threats, and comply with legal requirements.

5.3 Data minimization

We only collect data necessary for the purposes outlined in this Privacy Policy.

6. CONFIDENTIALITY AND DATA PROTECTION

6.1 Confidentiality and safeguards

We treat all submitted information with strict confidentiality and implement safeguards against unauthorized processing, accidental loss or destruction, unauthorized access or disclosure, and alteration or misuse.

6.2 Security measures

Security measures include SSL/TLS encryption, regular audits and assessments, access controls and authentication, staff confidentiality training, secure infrastructure and backups, and incident response procedures.

7. DATA SHARING AND DISCLOSURE

7.1 We do not sell your data

We do not sell, rent, or trade personal information.

7.2 Service providers

We may share data with trusted providers such as cloud hosting services, email providers, analytics platforms, CRM systems, payment processors (if applicable), and technical support partners, and all processors comply with GDPR Article 28.

7.3 Legal requirements

We may disclose data if required by law, court order, or valid authority request.

7.4 Business transfers

If we undergo a merger, acquisition, or sale, your data may transfer to the successor entity under the same protections.

7.5 With your consent

We may share information with third parties when you provide explicit consent.

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 What are cookies

Cookies are small text files stored on your device to enhance browsing and analyze Website traffic.

8.2 Types of cookies we use

We use strictly necessary cookies (essential for functionality), performance cookies (Website usage insights), functional cookies (save preferences), and marketing cookies (advertising relevance, only with consent).

8.3 Cookie management

You can manage cookies via browser settings, including viewing/deleting cookies, blocking third-party cookies, and blocking all cookies, and you can learn more at www.allaboutcookies.org and www.youronlinechoices.eu.

8.4 Third-party analytics

We may use tools like Google Analytics, with safeguards such as data processing agreements and IP anonymization where applicable.

9. DATA RETENTION

9.1 How long we keep data

We keep personal data only as long as necessary, including form inquiries up to 3 years, client data for the relationship duration plus 7 years, analytics data up to 26 months, marketing data until you unsubscribe, and security logs up to 12 months.

9.2 Deletion and anonymization

After expiry, data is securely deleted or anonymized.

10. YOUR RIGHTS UNDER GDPR

10.1 Your rights

You have the right to access your data (Art. 15), rectify inaccuracies (Art. 16), request deletion (Art. 17), restrict processing (Art. 18), data portability (Art. 20), object to processing (Art. 21), withdraw consent (Art. 7), and lodge a complaint.

10.2 Supervisory authority

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Website: www.aki.ee
Email: info@aki.ee
Address: Tatari 39, 10134 Tallinn, Estonia

10.3 Response time

Requests will be answered within one month.

11. INTERNATIONAL DATA TRANSFERS

11.1 Transfers outside the EEA

If data is transferred outside the EEA, safeguards include Standard Contractual Clauses (SCCs), adequacy decisions, Binding Corporate Rules, and explicit consent.

12. CHILDREN’S PRIVACY

12.1 Age limitation

Our services are not intended for individuals under 16, and we do not knowingly collect their data.

13. DATA BREACH NOTIFICATION

13.1 Breach notification

We comply with GDPR breach notification requirements, including notifying the supervisory authority within 72 hours and notifying users without undue delay if high risk exists.

14. CHANGES TO THIS POLICY

14.1 Updates

We may update this Privacy Policy by posting updates on this page, updating the “Last Updated” date, email notification (if applicable), and Website notice, and continued use means acceptance.

15. CONTACT US

15.1 How to contact us

YFTS Labs OÜ
Attention: Data Protection Officer
Email: contact@untold.gg
Address: Sepapaja tn 6, Tallinn, 15551, Estonia
Website: nicodemuslabs.com

16. SUPERVISORY AUTHORITY

16.1 Authority details

Estonian Data Protection Inspectorate
Website: www.aki.ee
Email: info@aki.ee
Phone: +372 627 4135
Address: Tatari 39, 10134 Tallinn, Estonia

17. DATA PROTECTION BY DESIGN AND BY DEFAULT

17.1 Built-in privacy

We integrate privacy safeguards into all processes, including default minimization, regular security reviews, and privacy impact assessments.

18. CONSENT WITHDRAWAL AND OPT-OUT

18.1 Marketing communications

You may withdraw marketing consent by clicking “unsubscribe” in emails, contacting us directly, or updating preferences (if available).

18.2 Cookies

You may withdraw cookie consent via browser settings or cookie tools.

19. AUTOMATED DECISION-MAKING

19.1 No profiling

We do not engage in automated decision-making or profiling under GDPR Article 22.

20. SECURITY MEASURES SUMMARY

20.1 Summary of safeguards

Industry-standard measures include encryption (SSL/TLS), secure data centers, access controls, employee confidentiality training, incident response planning, backups, and anonymization, and while no system is 100% secure, we take all reasonable steps.

21. THIRD-PARTY LINKS

21.1 External sites

We are not responsible for third-party websites linked from our Website, and you should review their privacy policies separately.

22. BUSINESS CONTACT DATA

22.1 Business contact processing

Business contact information is processed for legitimate business purposes such as relationship management and service delivery.

23. RECORDKEEPING AND ACCOUNTABILITY

23.1 Records under GDPR

We maintain GDPR-compliant processing records under Article 30, including data categories, processing purposes, recipients, transfers and safeguards, retention schedules, and security measures.

ACCEPTANCE

Acknowledgement

By using our Website and submitting information, you acknowledge and accept this Privacy Policy.

If you do not agree

If you do not agree, please do not use our Website or submit personal information.

© 2026 YFTS Labs OÜ. All rights reserved.