Legal · Last updated 6 May 2026

Privacy Policy

This Privacy Policy explains how MomentumAc OÜ ("we", "us") collects, uses and protects your personal data when you visit this website, register for a webinar, purchase a course, or otherwise interact with our services. We comply with the EU General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act.

Data controller: MomentumAc OÜ · Registry code 17501143 · Tartu mnt 82, 10112 Tallinn, Estonia · [email protected]

1. What we collect

Category	Examples	Where it comes from
Identity & contact	First name, last name, email, phone / Telegram, country	You — when you register for a webinar or buy a plan.
Profile data	Goals, e-commerce experience, budget, timeline, free-text notes	You — checkout / webinar form.
Transactional data	Plan, amount, billing period, order date, payment status	You and our payment processor.
Account & usage	Login times, modules accessed, support tickets	Automatically generated as you use the Services.
Technical data	IP address, device, browser, referrer, language	Automatically when you visit the website.
Marketing preferences	Newsletter opt-in, discount-code claim, unsubscribe status	You — opt-in checkboxes.

We do not intentionally collect special-category data (health, religion, etc.) and we do not knowingly process the personal data of children under 16.

2. Why we use it & legal bases

Purpose	Legal basis (GDPR Art. 6)
Provide and deliver the Services you ordered (account, course access, community, mentorship calls)	Performance of a contract — Art. 6(1)(b)
Process payments and prevent fraud	Performance of a contract + legitimate interest — Art. 6(1)(b), (f)
Send transactional emails (receipts, course access, replays, schedule changes)	Performance of a contract — Art. 6(1)(b)
Send marketing emails (weekly playbooks, product drops, course launches)	Consent — Art. 6(1)(a) (you can withdraw any time)
Improve the website and learn what works	Legitimate interest — Art. 6(1)(f)
Comply with accounting, tax and consumer-protection law	Legal obligation — Art. 6(1)(c)
Defend legal claims if necessary	Legitimate interest — Art. 6(1)(f)

3. Who we share data with (processors)

We do not sell your data. We only share it with carefully selected service providers acting as data processors on our behalf, under written agreements:

Stripe Payments Europe Ltd (Ireland) — payment processing.
Formspree, Inc. — secure handling of webinar & checkout form submissions.
Email service provider — sending transactional and (with consent) marketing emails.
Cloudflare / hosting provider — website delivery, security and DDoS protection.
Zoom Video Communications — live workshops and mentorship calls.
Telegram FZ-LLC — closed community channels (only if you choose to join).
Accountants & tax authorities — when required for invoicing and bookkeeping.

Some of these providers may transfer data outside the EEA (e.g. to the US). When that happens, transfers are protected by EU Standard Contractual Clauses and additional safeguards as required by GDPR Art. 46.

4. Cookies & similar technologies

Our website uses a minimal set of cookies and local storage:

Strictly necessary: session, security, language preference, language redirect (ma_lang), checkout draft (ma_checkout_draft), modal-shown flags, countdown timestamp.
Functional: webinar seat counter, modal display state.
Analytics / marketing: we currently do not run any analytics or tracking pixels by default. If we add them in the future (e.g. Meta Pixel, Google Analytics), they will only fire after you give consent through a cookie banner.

You can clear cookies and local storage at any time from your browser settings. Blocking strictly-necessary items may break parts of the site.

5. How long we keep data

Account & course access: while your account is active and up to 3 years after the last activity.
Accounting records (invoices, payments): 7 years as required by Estonian Accounting Act §12.
Marketing list: until you unsubscribe, then within 30 days we remove your email from active lists (we may keep a hashed suppression record to honour your opt-out).
Webinar registrations not converted to a customer: up to 24 months.
Server logs: typically 30–90 days.

6. Your rights under GDPR

You have the right to:

Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erase ("right to be forgotten") your data, subject to legal-retention obligations.
Restrict or object to certain processing.
Data portability — receive your data in a structured, machine-readable format.
Withdraw consent at any time for marketing — without affecting processing already done.
Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) — aki.ee/en.

To exercise any of these rights, email [email protected] from the email address on file. We respond within 30 days.

7. How we protect your data

We use industry-standard measures: TLS encryption, access controls, principle of least privilege for staff, regular backups, segregation of payment data with PCI-DSS compliant processors. No method of transmission is 100% secure, but we work hard to safeguard your information and notify you and the regulator of any data breach as required by GDPR Art. 33–34.

8. Marketing communications

We only send marketing emails if you actively opt in (during checkout or webinar registration). Every email contains a one-click unsubscribe link. You can also email us to be removed from all lists at once.

9. Children

The Services are intended for adults. If you are under 18, please do not register or purchase. If we discover we have collected data from a minor without parental consent, we will delete it.

10. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the current version. Material changes will be communicated via the website or email.

11. Contact us

For privacy questions, requests, or complaints, email [email protected].