Privacy Policy

Effective Date: May 28, 2026

This Privacy Policy describes how Icemint LLC, a Wyoming limited liability company doing business as EltexSoft (“EltexSoft,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal data in connection with the website at eltexsoft.com (the “Site”). EltexSoft is a business-to-business (“B2B”) software engineering studio. The Site is an informational and inquiry channel for prospective and existing clients.

This Policy applies to data collected through the Site. Personal data processed by EltexSoft in the course of delivering professional services to a client is governed by the engagement agreement and any data processing addendum executed with that client, not by this Policy.

For purposes of this Policy, “personal data” has the meaning given to comparable terms (“personal data,” “personal information,” “personally identifiable information”) under applicable data-protection law, including the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the United Kingdom General Data Protection Regulation (“UK GDPR”), the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), and similar laws.

1. Controller and Contact

The data controller (under GDPR / UK GDPR) and business (under CCPA/CPRA) responsible for personal data collected through the Site is:

Icemint LLC d/b/a EltexSoft Headquarters: Lisbon, Portugal Additional offices: Kyiv, Ukraine; New York, NY, USA; Los Angeles, CA, USA Email for privacy inquiries: [email protected]

2. Data We Collect

We collect the following categories of personal data through the Site.

2.1 Information you submit

When you contact us through the Site (for example, via the contact form or by email), we collect the information you choose to provide. This typically includes:

your name;
your email address;
your company or organization (if provided);
your role or title (if provided);
the contents of the message or inquiry; and
any other information you choose to include.

We also collect technical metadata associated with the submission (for example, the timestamp and the IP address from which the submission was received).

2.2 Information collected automatically

When you visit the Site, we (and the third-party services described in Section 4) automatically collect certain technical information, including:

IP address and approximate location derived from IP;
device type, operating system, and browser;
pages viewed, navigation paths, and time on page;
referring URL and search terms (if any) that brought you to the Site;
date and time of access; and
similar technical information.

2.3 Information from cookies and similar technologies

See Section 5 below and the Cookie Policy for details.

We do not knowingly collect personal data from children under the age of 16. The Site is not directed to children. If you believe a child has provided personal data through the Site, contact us at [email protected] and we will delete the information promptly.

3. How We Use Personal Data

We use personal data for the following purposes:

Purpose	Examples	Legal basis (GDPR / UK GDPR)
Responding to inquiries	Replying to a contact form submission; following up about a potential engagement	Contract / pre-contractual measures (Art. 6(1)(b)); legitimate interests (Art. 6(1)(f))
Operating and securing the Site	Server logs, abuse and bot detection, debugging	Legitimate interests (Art. 6(1)(f))
Site analytics	Aggregate measurement of which pages are visited and how visitors navigate the Site	Legitimate interests (Art. 6(1)(f))
Compliance and defense of legal claims	Retaining records as required by law; responding to lawful requests; defending against claims	Legal obligation (Art. 6(1)(c)); legitimate interests (Art. 6(1)(f))
Internal business administration	Auditing, accounting, internal reporting	Legitimate interests (Art. 6(1)(f))

We do not sell personal data. For visitors in the United States only, we use an advertising-attribution pixel to measure the effectiveness of our own advertising campaigns, as described in Section 4.4; apart from that, we do not build cross-site behavioral profiles of visitors or engage in cross-context behavioral advertising. We do not use personal data submitted through the Site to train, fine-tune, or evaluate machine-learning models.

4. Third-Party Services

We use the following third-party services in connection with the Site. Each provider acts as an independent controller, joint controller, or processor as set forth in its own terms and privacy notices.

4.1 Cloudflare Web Analytics

We use Cloudflare Web Analytics in its server-side (“no client-side script”) configuration. In this configuration, Cloudflare measures aggregate traffic from server-side request data without setting analytics cookies in your browser and without loading client-side analytics JavaScript. Cloudflare Web Analytics is provided by Cloudflare, Inc. and is designed to be a privacy-preserving alternative to traditional web analytics.

Cloudflare also provides content-delivery and security services for the Site. In the course of providing those services, Cloudflare may set operational cookies (for example, for bot mitigation) and may process IP addresses and request metadata to detect and block malicious traffic.

Provider’s privacy notice: https://www.cloudflare.com/privacypolicy/.

4.2 Google Fonts

The Site uses the Inter font, which is loaded from the Google Fonts content delivery network operated by Google LLC. When the Inter font loads, your browser sends a request to Google’s servers, which discloses your IP address and basic request information (such as the user-agent string and the requested font file) to Google. Google Fonts does not set cookies. Google states that it does not use Google Fonts requests to build user profiles for advertising.

Provider’s privacy notice: https://policies.google.com/privacy; Google Fonts–specific information: https://developers.google.com/fonts/faq/privacy.

4.3 Email engagement tracking (Mailsuite)

We use Mailsuite (operated by Mailsuite S.L., Barcelona, Spain) in our outbound business correspondence. Mailsuite embeds a small tracking pixel in emails we send. When a recipient opens an email, the pixel records whether and approximately when the email was opened, approximate open count, and basic technical information (IP-derived approximate location, device type, and email client). Mailsuite does not store or access the body of any email. Data is processed by Mailsuite as a data processor on our behalf on infrastructure hosted by Amazon Web Services in Ireland, encrypted with AES-256. Our legal basis for this processing is legitimate interest (GDPR Art. 6(1)(f)) in understanding whether our business communications are received and read. Recipients can prevent open tracking by disabling remote image loading in their email client. For more information, see Mailsuite’s privacy policy at https://mailsuite.com/en/privacy.

4.4 OpenAI Ads attribution pixel (United States visitors only)

For visitors whose location is determined to be the United States, the Site loads the OpenAI Ads pixel operated by OpenAI. We use this pixel solely to measure the effectiveness of our own advertising — that is, to attribute visits and inquiries to advertising campaigns we run. It is configured to measure click attribution and a single lead-generation event (a contact-form submission). We do not transmit purchase, e-commerce, or other commercial conversion events through it.

The pixel is served only to visitors whose location, as determined server-side by Cloudflare at the network edge, is the United States. It is not loaded for visitors located in the European Economic Area, the United Kingdom, or any other location. The pixel is also not loaded for any visitor whose browser transmits a Global Privacy Control (GPC) signal — this is enforced automatically at the network edge for all visitors, regardless of location, and requires no action by you beyond enabling GPC. We honor GPC as an opt-out of sale/sharing (see Sections 5 and 9).

When loaded, the pixel may collect technical information such as IP address, device and browser information, the page URL and referrer, and advertising click identifiers contained in the URL, and may set or read identifiers stored on your device. Our processing of this information for US visitors is addressed in Section 9 (CCPA/CPRA).

Provider’s privacy notice: OpenAI’s privacy policy, available at https://openai.com/policies/privacy-policy/.

4.5 What we do not use

Except for the United States–only advertising-attribution pixel described in Section 4.4, the Site does not use:

cookie-based or client-side analytics tools (such as Google Analytics);
Meta (Facebook) Pixel or other social-media advertising pixels;
session-recording or session-replay tools;
heat-mapping or scroll-tracking tools; or
behavioral retargeting pixels or cross-site profiling. (The pixel described in Section 4.4 measures our own advertising and does not retarget visitors or build cross-site behavioral profiles.)

If we add a further tracking technology in the future, we will update this Policy and the Cookie Policy before deployment.

The Site uses tracking technologies to enable analytics and operational functionality. The technologies in current use include the following categories:

Analytics: Cloudflare Web Analytics in server-side mode (described in Section 4.1). This service does not set cookies or load client-side scripts.
Advertising attribution (United States visitors only): the OpenAI Ads pixel (described in Section 4.4), loaded only for visitors located in the United States and only where no Global Privacy Control signal is present.

Other than the United States–only advertising-attribution pixel described in Section 4.4, the Site does not use cookie-based analytics, advertising or attribution pixels, session-recording or session-replay tools, or heat-mapping tools. See Section 4.5.

These technologies may collect information about your interactions with the Site, including page views, navigation patterns, click events, device and browser information, IP address, approximate location derived from IP, referrer information, and similar data. The data collected by these technologies may be transmitted to and processed by the third-party providers identified in Section 4, in some cases on servers located outside your country of residence.

Consent through use (visitors outside the EEA, UK, and other opt-in jurisdictions). If you are not located in the European Economic Area, the United Kingdom, or another jurisdiction whose law requires opt-in consent for analytics technologies, then by accessing the Site and continuing to use it, you acknowledge and consent to the use of these tracking technologies and to the collection, transmission, and processing of data described in this Privacy Policy. If you do not consent, do not use the Site.

EEA / UK visitors. The Site does not deploy non-essential tracking technologies that require opt-in consent to visitors in the EEA or the UK. All analytics are server-side and cookie-free (Section 4.1), and the United States–only advertising-attribution pixel described in Section 4.4 is not served to visitors located in the EEA or the UK. If we deploy consent-requiring technologies to EEA or UK visitors in the future, we will obtain affirmative consent before activation. See Section 8 for additional GDPR / UK GDPR rights.

Optional opt-outs. Independent of consent status, you may control or limit tracking through:

standard browser controls, including cookie blocking and Do Not Track / Global Privacy Control signals; and
the privacy controls offered by Cloudflare (https://www.cloudflare.com/privacypolicy/).

Your election to limit optional tracking does not affect your ability to use the Site for its intended informational purpose.

6. Cookies

The Site uses a small number of cookies. Detailed information about cookie names, purposes, and durations is set out in the Cookie Policy. The Cookie Policy is incorporated into this Privacy Policy by reference.

We share personal data only as follows:

Service providers: With the third-party services described in Section 4, in each case for the limited purposes described.
Professional advisors: With our legal, accounting, insurance, and similar advisors, under duties of confidentiality, where reasonably necessary for the operation of our business.
Legal compliance: Where required by law, regulation, court order, or other legal process; to enforce these terms; or to protect the rights, property, or safety of EltexSoft, our personnel, our clients, or others.
Corporate transactions: In connection with a merger, acquisition, reorganization, financing, sale of assets, or similar transaction, in which case the recipient will be bound by privacy obligations consistent with this Policy.

We do not sell personal data. To the extent the United States–only advertising-attribution pixel described in Section 4.4 constitutes “sharing” of personal information for cross-context behavioral advertising as those terms are defined under CCPA/CPRA, we honor the Global Privacy Control (GPC) signal as an opt-out: the pixel is not loaded for any visitor whose browser transmits a GPC signal, enforced automatically at the network edge for all visitors regardless of location. Apart from that pixel, we do not “share” personal data for cross-context behavioral advertising.

International transfers. EltexSoft is headquartered in Portugal (EU) and has offices in Ukraine and the United States. Personal data we collect may be transferred to, stored in, and processed in countries other than your country of residence, including the United States. Where we transfer personal data of individuals in the EEA or UK to a country that is not the subject of an adequacy decision (or to a recipient not certified under the EU-U.S. Data Privacy Framework or its UK Extension where applicable), we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), supplemented by such additional measures as are required under applicable law.

If you are located in the EEA, the United Kingdom, or another jurisdiction to which the GDPR or substantially equivalent law applies, you have the following rights with respect to personal data we hold about you:

Right of access (Art. 15): obtain confirmation of whether we process your personal data and a copy of that data;
Right to rectification (Art. 16): have inaccurate personal data corrected;
Right to erasure (Art. 17): have personal data deleted in defined circumstances;
Right to restriction of processing (Art. 18): require us to restrict processing in defined circumstances;
Right to data portability (Art. 20): receive personal data you provided to us in a structured, commonly used, machine-readable format;
Right to object (Art. 21): object to processing based on legitimate interests, including profiling, and to processing for direct marketing;
Right to withdraw consent (Art. 7(3)): where processing is based on consent, withdraw that consent at any time, without affecting the lawfulness of processing prior to withdrawal; and
Right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD) in Portugal (https://www.cnpd.pt). In the United Kingdom, you may complain to the Information Commissioner’s Office (https://ico.org.uk). You may also lodge a complaint with the supervisory authority in your country of residence.

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law (generally one month under the GDPR, extendable as permitted). We may need to verify your identity before fulfilling a request.

9. Your Rights — California (CCPA/CPRA)

If you are a California resident, you have the following rights regarding personal information we collect about you:

Right to know: request the categories and specific pieces of personal information we have collected, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share personal information;
Right to delete: request deletion of personal information we have collected, subject to statutory exceptions;
Right to correct: request correction of inaccurate personal information;
Right to opt out of sale or sharing: California law gives consumers the right to opt out of the “sale” or “sharing” of personal information. We do not sell personal information. For California residents, the United States–only advertising-attribution pixel described in Section 4.4 may involve “sharing” of personal information (identifiers and internet-activity information) with our advertising provider for cross-context behavioral advertising as defined under CCPA/CPRA. We honor the Global Privacy Control (GPC) signal as an opt-out of this sharing: the pixel is not loaded for any visitor whose browser transmits a GPC signal. This is enforced automatically at the network edge for all visitors, regardless of location — a California resident with GPC enabled opts out automatically, with no further action required. Apart from that pixel, we do not “share” personal information for cross-context behavioral advertising;
Right to limit use of sensitive personal information: we do not use or disclose sensitive personal information for purposes that would trigger the right to limit under CCPA/CPRA;
Right to non-discrimination: we will not discriminate against you for exercising any of these rights.

The categories of personal information we have collected through the Site in the preceding 12 months are: identifiers (name, email, IP address); commercial information (inquiry contents); internet or other electronic network activity (browsing and interaction data); geolocation (approximate, derived from IP); and professional or employment-related information (company, role, where you provide it).

To exercise California rights, contact us at [email protected]. You may designate an authorized agent to make a request on your behalf, in which case we will require proof of authorization. We will respond within the timeframes required by California law.

10. Data Retention

We retain personal data only for as long as is reasonably necessary for the purposes described in this Policy, including:

Contact form submissions and related correspondence: up to 36 months from the last interaction, after which the records are deleted or anonymized, except where a longer retention period is required for an active matter, a contractual relationship, or legal compliance.
Server logs (security and abuse prevention): typically up to 90 days, except where retained for investigation of a specific incident.
Analytics data: retained by Cloudflare Web Analytics using rolling-window aggregation. No individual-level analytics data is stored on our infrastructure.
Records required by law: for the period required by applicable tax, accounting, or other law.

When personal data is no longer needed for the purposes for which it was collected, we delete it or render it irreversibly anonymous.

11. Data Security

We maintain technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. These measures include, as appropriate to the risk: encryption of data in transit (TLS) and at rest, access controls, logging and monitoring, vendor security assessments, and personnel training. No security control is perfect, and we cannot guarantee the security of any data transmitted over the internet.

If we determine that a personal-data breach has occurred and is reportable under applicable law, we will notify the relevant supervisory authority and affected individuals as required and within the timeframes required by that law.

12. Disputes Regarding Data Handling

Any dispute, claim, or controversy arising under or relating to the collection, use, sharing, processing, or retention of data under this Privacy Policy is governed by the dispute-resolution provisions, including the pre-dispute notice requirements, informal resolution requirements, arbitration agreement, class-action waiver, governing law, and venue, set forth in Section 9 of the Terms of Service. By using the Site, you agree that any such dispute will proceed in accordance with those provisions and will not be brought as a class, collective, consolidated, or representative action.

This Section does not limit any non-waivable statutory right you have under GDPR, UK GDPR, CCPA/CPRA, or other applicable law, including the right to lodge a complaint with a supervisory authority or regulator.

12.1 Substantiation of Data-Handling Claims

If you believe your personal data has been collected, used, shared, or processed in violation of this Privacy Policy or applicable law, you must provide us with all of the following as part of your pre-dispute notice under the Terms of Service:

(a) a complete, unedited copy of the data forming the basis of your claim;

(b) a detailed written explanation specifying the nature of the alleged violation, the date(s) on which it occurred, the URLs accessed, the device and browser used, and the IP address(es) used to access the Site if known;

(d) a description of the harm alleged.

This requirement is intended to enable a meaningful investigation of any alleged violation and shall not be construed to limit any rights you have under applicable law, including the right to lodge a complaint with a supervisory authority without first contacting us.

13. Jurisdiction-Specific Rights

The rights described in Section 8 (GDPR / UK GDPR) and Section 9 (CCPA/CPRA) above govern the exercise of jurisdiction-specific rights and prevail over any inconsistent provision elsewhere in this Policy as to the matters they address. Exercise of these rights is governed by the procedures specified in those Sections, not by Section 12.1.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on the Site with a new “Effective Date.” If we make material changes, we will provide additional prominent notice as required by applicable law. Your continued use of the Site after the Effective Date of any updated Policy constitutes acceptance of the updated Policy, except that for jurisdictions requiring opt-in consent, material changes affecting consented processing will require renewed consent.

15. Contact

For privacy questions, complaints, or to exercise any of the rights described above, contact:

Icemint LLC d/b/a EltexSoft Attn: Legal / Privacy Email: [email protected] Headquarters: Lisbon, Portugal Website: https://eltexsoft.com