Let's talk

Privacy Policy

Last updated: 16/01/2026

This Privacy Policy explains how Avenza Tech OÜ (“we”, “us”, or “our”) collects, uses, discloses, and protects personal data in connection with Cuora, our AI assisted legal workspace for businesses.

We are committed to processing personal data lawfully, fairly, and transparently in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

Company name: Avenza Tech OÜ
VAT number: EE102918744
Registry / Fiscal ID: 17354439

Registered address:
Sepapaja tn 6
15551 Tallinn
Harju County
Estonia

Contact email: info@cuora.co

For GDPR purposes, Avenza Tech OÜ acts as the data controller for personal data processed for website, sales, and account administration purposes, except where we act as a data processor on behalf of customers (see Section 5).

2. Scope of This Policy

This Privacy Policy applies to:

  • Website visitors
  • Users of the Cuora application
  • Prospective customers and business contacts

It does not apply to third party services or websites linked from Cuora.

3. Personal Data We Collect

3.1 Information you provide directly

  • Name, email address, and professional contact details
  • Account, workspace, and billing related information
  • Communications with us, including demo requests and support inquiries

3.2 Information processed through Cuora

Users may input or upload content that can include personal data, such as names, roles, email addresses, signatures, or internal references. This content is processed to provide the service and, where applicable, on the customer’s instructions.

3.3 Technical and usage data

  • IP address
  • Browser and device information
  • Log data related to application usage, performance, and security

4. Purposes and Legal Bases for Processing

Purpose Legal basis
Providing and operating Cuora Contract performance (Art. 6(1)(b))
Account management and authentication Contract performance (Art. 6(1)(b))
Customer support and communications Legitimate interests (Art. 6(1)(f)) and/or Contract performance
Security, fraud prevention, and system integrity Legitimate interests (Art. 6(1)(f))
Legal and regulatory compliance Legal obligation (Art. 6(1)(c))
Sales and business communications Legitimate interests (Art. 6(1)(f)) or Consent where required

5. Processor and Controller Roles

For website activity, sales communications, and account administration, Avenza Tech OÜ acts as data controller.

For customer content uploaded to Cuora, Avenza Tech OÜ generally acts as a data processor on behalf of the customer, and the customer acts as the data controller for that content.

Customers remain responsible for ensuring they have a lawful basis to upload and process any personal data within Cuora.

6. Use of AI and Customer Content

Cuora uses AI to generate draft text, summaries, classifications, and suggestions based on user prompts and uploaded materials. Customer content is processed only to provide the requested functionality.

Customer content is not used by Avenza Tech to train general AI models. We do not claim ownership over customer content. AI outputs can be incomplete or inaccurate and must be reviewed by users before use.

7. Infrastructure and Subprocessors

7.1 AWS cloud infrastructure

We use Amazon Web Services (AWS) to host and operate Cuora, including storage, databases, and related infrastructure services. Customer content and application data may be stored and processed within AWS environments used by Cuora.

7.2 OpenAI

We use OpenAI as an AI service provider to process user prompts and relevant content in order to generate AI assisted outputs within Cuora. We send only the data necessary to provide the AI functionality.

7.3 Other service providers

  • Security monitoring and logging providers
  • Service reliability and operational analytics providers
  • Customer support tooling providers

All subprocessors are subject to contractual obligations designed to protect personal data consistent with GDPR requirements. We do not sell personal data.

8. International Data Transfers

Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs)
  • Other lawful transfer mechanisms under GDPR

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, unless a longer retention period is required by law.

Customer content stored in Cuora is retained in accordance with customer instructions, contractual arrangements, and configured retention settings where available.

10. Security Measures

  • Access controls and least privilege permissions
  • Encryption in transit and at rest where appropriate
  • Logging and monitoring for security events
  • Separation of customer workspaces and access controls

11. Your Rights Under GDPR

Individuals in the EU have the right to:

  • Access their personal data
  • Rectify inaccurate data
  • Request erasure
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with a supervisory authority

Requests can be sent to info@cuora.co. Where we act as a processor for customer content, we may direct the request to the relevant customer as controller where appropriate.

12. Cookies and Tracking

Cuora uses limited cookies necessary for functionality, security, and session management. We do not use advertising cookies by default. Additional details may be provided in a separate Cookie Policy if applicable.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the website or application. The “Last updated” date reflects the latest version.

14. Contact

Avenza Tech OÜ
Email: info@cuora.co