Privacy Policy

Last updated: 6 August 2025

1. Who We Are

361 Ventures OÜ ("Rohe Technik", "we", "us") operates the website virusfree.app, providing a purely cosmetic, prank-based scanning service.

361 Ventures OÜ is the data controller responsible for processing your Personal Data under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable privacy laws.

If you have questions regarding this Privacy Policy, please contact us at the address or email above. You may also reach our Data Protection Officer ("DPO") at support@361.ventures.

2. Scope

This Privacy Policy explains how we collect, use, disclose, and protect information that identifies or can reasonably be linked to an individual ("Personal Data") when you:

• visit or interact with our website virusfree.app,
• make a payment for premium cosmetic features or prank scans,
• contact our support team or communicate with us.

3. Personal Data We Process

We do not process special categories of Personal Data (Art 9 GDPR).

4. Purposes and Legal Bases

5. How We Share Personal Data

We only disclose Personal Data where strictly necessary, to:

• Payment processors (e.g., Paddle, Stripe) for processing transactions.
• Analytics services (limited usage data, IP addresses, anonymised whenever possible).
• Hosting providers (for website operation).
• Professional advisers (lawyers, auditors) under strict confidentiality.
• Public authorities where legally required.

We never sell or rent Personal Data.

6. International Transfers

Some service providers may be located outside the European Economic Area (EEA). When transfers occur, we rely on:

• Adequacy decisions by the European Commission (Art 45 GDPR), or
• Standard Contractual Clauses (Art 46 GDPR) with supplementary safeguards.

Copies of these safeguards are available upon request.

7. Data Retention

After the retention period, data is deleted or irreversibly anonymised.

8. Security Measures

We implement technical and organisational measures in compliance with Art 32 GDPR, including:

• TLS encryption in transit
• Secure storage with AES-256 encryption at rest
• Strict access controls and least-privilege principle
• Continuous monitoring and regular security audits
• Data backups and recovery processes

9. Your Rights

Under GDPR, subject to conditions and legal limitations, you have the following rights:

• Access (Art 15)
• Rectification (Art 16)
• Erasure (Art 17)
• Restriction of processing (Art 18)
• Data portability (Art 20)
• Object to processing based on legitimate interests (Art 21)

You have the right to lodge a complaint with a supervisory authority. Our lead authority is the Estonian Data Protection Inspectorate (AKI), though you may complain to your local authority as well.

10. Automated Decision‑Making

We do not engage in automated decision-making that produces significant or legal effects based solely on automated processing (Art 22 GDPR).

11. Children

Our website and service are intended only for individuals aged 18 or older. We do not knowingly process children's data. If we inadvertently collect data from minors, we will promptly delete it upon becoming aware.

12. Updates to This Policy

We may update this Privacy Policy periodically. We will inform you of material changes at least 14 days in advance via our website or email. Continued use after the effective date indicates acceptance of the revised Policy.

13. Contact & Data Protection Officer (DPO)

For any privacy-related questions or requests, please contact: