Privacy Policy
Last updated: 29 March 2026 · Enigmatic OÜ, Tallinn, Estonia
1. Who we are
Beyond Enigmatic is the trading name of Enigmatic OÜ, a company registered in Estonia (registry code to be added). Our registered address is Sepapaja tn 6, 15551 Tallinn, Estonia.
For the purposes of the General Data Protection Regulation (GDPR), Enigmatic OÜ is the data controller. If you have questions about how we handle your data, contact us at hi@beyondenigmatic.com.
2. What data we collect
We collect the minimum data necessary to provide our services and improve your experience on our website.
Data you provide directly
Data type | When collected | Purpose |
|---|---|---|
Email address | When you unlock your Startup Diagnostic results or subscribe to updates | To deliver your results and, if you opt in, send relevant resources |
Name and contact details | When you book a strategy call or contact us | To schedule and prepare for your consultation |
Diagnostic responses | When you complete the Startup Growth Diagnostic | To generate your personalised score and recommendations |
Project information | During a consulting engagement | To deliver our services |
Data collected automatically
Data type | Tool | Purpose |
|---|---|---|
Page views, scroll depth, click heatmaps, session recordings | Microsoft Clarity | To understand how visitors use our site and improve the experience |
Device type, browser, approximate location | Microsoft Clarity | Technical diagnostics and site optimisation |
Microsoft Clarity does not collect personally identifiable information. Session recordings mask text inputs by default. See Clarity's privacy terms for details.
3. Legal basis for processing (GDPR)
We process your personal data under the following legal bases:
Consent — When you provide your email to unlock diagnostic results or opt into communications. You can withdraw consent at any time.
Contractual necessity — When we process data to deliver consulting services you've engaged us for.
Legitimate interest — For website analytics (Microsoft Clarity) to improve our site, where your rights and freedoms are not overridden.
4. How we use your data
We use your data to deliver diagnostic results, provide consulting services, improve our website, and send you relevant resources if you've opted in. We do not sell, rent, or share your personal data with third parties for their marketing purposes.
5. Data sharing
We share data only with the following categories of processors, and only to the extent necessary:
Processor | Purpose | Location |
|---|---|---|
Microsoft Clarity | Website analytics and heatmaps | USA (EU Standard Contractual Clauses) |
Email service provider | Sending diagnostic results and resources | To be confirmed |
Framer | Website hosting | EU / USA |
Calendly or equivalent | Booking strategy calls | USA (EU Standard Contractual Clauses) |
We do not transfer data outside the EEA without appropriate safeguards (Standard Contractual Clauses or adequacy decisions).
6. Data retention
Diagnostic responses: Stored for 12 months, then anonymised or deleted.
Email addresses: Retained until you unsubscribe or request deletion.
Client project data: Retained for 24 months after project completion for reference, then deleted unless agreed otherwise.
Analytics data: Microsoft Clarity retains session data for 30 days.
7. Your rights
Under the GDPR, you have the right to:
Access — Request a copy of the personal data we hold about you.
Rectification — Ask us to correct inaccurate data.
Erasure — Ask us to delete your data ("right to be forgotten").
Restriction — Ask us to limit how we process your data.
Portability — Receive your data in a structured, machine-readable format.
Object — Object to processing based on legitimate interest.
Withdraw consent — At any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, email hi@beyondenigmatic.com. We will respond within 30 days.
8. Cookies
Our website uses cookies for analytics and functionality. For full details, see our Cookie Policy.
9. Security
We implement appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), access controls, and regular review of our data processing activities.
10. Children's data
Our services are not directed at individuals under 18. We do not knowingly collect data from minors. If you believe we have collected such data, please contact us and we will delete it promptly.
11. Supervisory authority
If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): www.aki.ee.
12. Changes to this policy
We may update this policy from time to time. Significant changes will be communicated via our website. The "last updated" date at the top reflects the most recent revision.
13. Contact
Enigmatic OÜ
Sepapaja tn 6, 15551 Tallinn, Estonia
hi@beyondenigmatic.com
