Privacy Policy
Last Updated
Jan 11, 2026
Sera Leads OÜ (“Sera,” “we” “us” or “Company;” for contact details see the end of this privacy policy) is committed to respecting your privacy and protecting your personal data.
Capitalised terms used in this privacy policy have the meanings given to them herein or, if not defined herein, as defined in Sera's Service Terms available on our website https://www.seraleads.com (“Website”).
This privacy policy explains how we collect, use, store, share, and otherwise process your personal data when you visit our Website, when you use our Services including our AI-based sales lead generation, email generation, and email correspondence services application (“Application”), and in the context of providing our Services or communicating with you more generally. This policy is divided into three sections:
Website Visitors – personal data we process when you access or use our Website, including cookies and similar technologies;
Account Data and Customer Data – data processing in connection with the use of the Sera Application, covering both (a) authorised users of our customers (“Customer”) who configure, manage, or otherwise use the Application (“Account Data”), and (b) our Customers’ data (“Customer Data”) processed through the Application in the course of provision of Services, including lead generation, email generation, and email correspondence activities.
General Information – data security, international transfers, your rights under data protection laws, and how to contact us.
DATA PROCESSING WITH REGARD TO VISITING AND USING OUR WEBSITE
Who is Responsible for Processing Your Personal Data
We are the data controller in relation to the personal data processed when you visit and use our Website. This means that we determine the purposes and means of the processing. Our contact details can be found at the end of this privacy policy.
Persons Affected by Data Processing, Types of Personal Data Processed
This section and the relevant data processing applies to persons who visit and use our Website.
We may process personal data that we collect automatically (including through third-party tools) when you access or interact with our Website. This includes information about your device, browser, usage patterns, IP address, and general location. Typical data collected includes:
pages visited and time spent on each page;
interactions with elements of the Website;
IP address, browser type and version, device type, operating system;
referral URL and usage statistics.
We may also process personal data that you voluntarily provide through the Website, for example, when you book a demo, sign up for marketing communications, contact us, or interact with any other feature. This may include:
name, email address, phone number;
employer and job title;
any communications or content you submit (e.g. via forms or chats).
Where certain information is required to use a Website feature (e.g. booking a demo), we will indicate which fields are mandatory. If you choose not to provide required data, we may not be able to respond to your request or deliver the relevant feature.
We may combine information you provide with information we collect automatically.
Purposes and Lawful Basis for Personal Data Processing
We process the personal data described in this chapter above for the following purposes and on the following legal bases:
Purpose | Lawful Basis | ||
To operate, maintain, and secure the Website |
| ||
To analyse usage and improve Website performance and design |
| ||
To respond to your requests (e.g. demos, enquiries, commercial discussions) |
| ||
To send you marketing communications if you have opted in | Your consent, which you may withdraw at any time via the unsubscribe link in our messages |
We may also convert personal data into aggregated or anonymised information that can no longer be linked to any individual and is not therefore considered personal data. We may use or share such data to help us analyse trends, improve features, and develop new services.
Personal Data Retention
We retain personal data only as long as necessary to fulfil the purposes described above or to comply with applicable legal requirements. The following retention periods apply:
Personal data collected via cookies and analytics tools is retained for a period of up to 1 year;
Personal data you provide in contact forms or requests (e.g. demo bookings) is retained for up to 3 years to manage our relationship with you and respond to any follow-up queries.
Personal data may be retained longer if required to resolve disputes, protect our rights, or comply with a legal obligation. Personal data may also be deleted earlier upon data subject request, in accordance with applicable legal acts. Please note that such data deletion requests may result in us being unable to continue the provision of all or part of our services.
Some personal data may be stored in secure backup systems for a limited time, strictly for integrity and disaster recovery purposes or as required under applicable law or compliance requirements and deleted once no longer needed.
Cookies and Tracking
We use cookies and similar technologies to distinguish you from other users, enhance Website functionality, understand usage patterns, and support relevant advertising. We use the following categories of cookies:
Necessary cookies – essential cookies required for the operation of our Website. Cannot be disabled;
Analytical cookies – help us understand how users interact with the Website, e.g. page visits and user flows;
Functionality and performance cookies – enable enhanced features and customisation, such as remembering your preferences;
Third-party cookies – set by third parties to enable analytics or advertising.
Non-essential cookies are used only with your consent, which you can manage through our cookie tool available on our Website or through your browser preferences. Disabling certain cookies may impact your experience on our Website.
DATA PROCESSING WITH REGARD TO USING THE SERA APPLICATION
Who is Responsible for Processing Your Personal Data
The Sera Application is accessible via our Website and governed by our Agreement, comprising the Service Terms, Order Form, Subscription Plan terms, privacy policy, data processing addendum, and other applicable documents and policies as listed in the Service Terms.
When providing the Sera Application, we may act both as a data controller and a data processor, depending on the type of data and the purpose of processing, as described below.
With respect to Account Data, i.e. the contact details and other personal data relating to our Customers’ authorised personnel and representatives (e.g. individuals who configure, manage, or otherwise access the Application), we act as a data controller.
With respect to Customer Data that is transmitted, input, generated or otherwise made available via the Sera Application in connection with our lead generation, email generation, and email correspondence services, we act as a data processor. Customer Data includes all data and materials provided by our Customers’ authorised users to Sera through the Application or generated by use of the Application by our Customers’ authorised users, as well as all data regarding our Customers’ authorised users or their end customers processed through the Application in the course of provision of Services. Our Customers act as the data controllers of such Customer Data and are responsible for determining the purposes and legal basis of processing.
We also process service data (“Service Data”) as a data controller. Service Data means any technical Service performance related data generated by the Application or Services relating to email sending, deliverability, performance, and system usage.
Persons Affected by Data Processing, Types of Personal Data Processed
(a) Account Data
This refers to our Customers’ authorised users who access or manage the Sera Application. The data we may process includes:
name, email address, phone number, job title, and affiliated organisation;
usage and activity logs within the Sera Application;
billing, invoicing, and account-related information.
(b) Customer Data
This refers to Customer Data processed through the Services, including data regarding the Customer, its authorised users, and end customers. Customer Data may include:
name, email address, job title, affiliated organisation, and other contact information;
text or other content submitted by the individual during their interaction with the Application;
logs automatically generated during the interaction;
outputs generated by the AI components of the Application (e.g. leads, contact details, email contents or other material generated, derived, or obtained through the Services);
any other personal data included in Customer Data processed through the Services.
We do not process any special categories of personal data (as defined under Article 9 GDPR), and the Sera Application is not intended to collect or analyse biometric or otherwise sensitive data. If any such data is inadvertently submitted, the Customer remains responsible for ensuring a lawful basis exists.
Purposes and Lawful Basis for Personal Data Processing
We process the personal data described in this chapter above for the following purposes and on the following legal bases:
Data | Role | Purpose | Lawful Basis |
Account Data | Controller | Customer relationship and account management, service provision, support, billing and invoicing, contract performance and enforcement, dispute resolution, protection of our legitimate interests | Contract performance and our legitimate interests (e.g. relationship management, debt recovery) |
Customer Data | Processor | Enabling Customers to use the Sera Application | Processing on behalf of and under the documented instructions of the Customer, pursuant to the data processing agreement |
Service Data | Controller | Improving and developing the Services, conducting analytics and research, enhancing email and validation performance, producing aggregated anonymised insights, and other legitimate business purposes | Our legitimate interests in service improvement and development. |
As a controller, we may also irreversibly anonymise Customer Data as such that the resulting data is not linked to any identifiable individual and process such resulting data indefinitely to maintain and improve the performance of the Sera Application, develop new features, enhance AI functionality, and carry out statistical or quality-related analysis. This processing is based on our legitimate interest in improving and developing our services.
Personal Data Retention
We retain personal data only for as long as necessary to fulfil the relevant purposes or comply with legal requirements. The following retention periods apply:
Account Data is retained for the duration of the customer relationship and up to 3 years thereafter;
Customer Data is retained for the duration of the customer agreement and deleted within 90 days after termination, unless otherwise agreed with the customer or required by applicable law. During a 30-day export period following termination of the agreement for use of the Application, Customer Data remains available for export through the Application in accordance with our Service Terms;
Service Data and irreversibly anonymised Customer Data is retained indefinitely, including after termination of customer agreements, as it is the exclusive property of Sera and used for service improvement and development purposes;
Certain data (e.g. for accounting or tax purposes) may be retained for up to seven years.
Personal data may also be deleted earlier upon customer request or data subject request, in accordance with the data processing agreement. Please note that such data deletion requests may result in us being unable to continue the provision of all or part of our services.
Some personal data may be stored in secure backup systems for a limited time, strictly for integrity and disaster recovery purposes or as required under applicable law or compliance requirements and deleted once no longer needed.
GENERAL REGULATION
Storing and Transferring Your Personal Data
We implement appropriate technical and organisational measures to protect personal data, including Account Data and Customer Data, against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. This includes encryption of data in transit and at rest, and strict access controls.
All data we process is hosted on secure infrastructure within the European Union. We do not currently transfer personal data outside the EU/EEA. Should such transfers become necessary, we will notify you and implement appropriate safeguards and shall ensure that such transfers are carried out in compliance with Chapter V of the GDPR and on the basis of an adequacy decision by the European Commission or Standard Contractual Clauses approved by the European Commission.
If you would like further information about such safeguards, you may contact us using the details below.
Recipients
We may share personal data with trusted third-party service providers that perform services for us or on our behalf. In providing the Services, we use third-party technology and services, including large language model service providers, AI service providers, integration aggregators, machine translation and transcription service providers, cloud hosting providers, security, analytics, and fraud prevention services providers. These third-party providers may process personal data on our behalf in accordance with our instructions and appropriate data processing agreements.
Our list of current subprocessors is available here.
We may also disclose personal data if required by law, such as in response to court orders or requests from data protection authorities. In doing so, we will ensure that such disclosure is based on a valid legal basis.
Additionally, we may share personal data in the context of investigating suspected contract breaches or unlawful conduct, or in connection with the legitimate exercise or defence of legal rights. In such cases, data may be disclosed to legal advisors, law enforcement, or other appropriate authorities.
If we are involved in a merger, acquisition, reorganisation, asset sale, funding or financing round, personal data may be shared with parties to the transaction and their professional advisors, subject to appropriate confidentiality arrangements and strictly to the extent required for achieving the good faith purpose of any of the transactions described above, as relevant.
Your Rights Concerning the Processing of Your Personal Data
To the extent that we act as a data controller in connection with your personal data, you have the following rights under applicable data protection laws:
Right to Information: you have the right to obtain clear and transparent information about how we process your personal data, including the purposes for the processing and the lawful basis;
Right of Access: you may request access to your personal data processed by us, including a copy of such data;
Right to Data Portability: you may request that we provide your personal data in a structured, commonly used, and machine-readable format, or that we transfer your data directly to another controller, where technically feasible;
Right to Rectification: if your personal data is inaccurate or incomplete, you have the right to request correction or completion of the data held by us;
Right to Restrict Processing: you may request the restriction of processing in certain circumstances, such as when you contest the accuracy of the data, the processing is unlawful, or when you need the data for legal claims, and we no longer require it for processing purposes;
Right to Object: you have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes. In such cases, we will cease processing unless we can demonstrate compelling legitimate grounds that override your rights or if the processing is required for legal claims;
Right to Erasure: you may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when processing is unlawful. This right is subject to exceptions, such as where processing is required to comply with legal obligations or to establish, exercise, or defend legal claims;
Right to Withdraw Consent: if our processing of your personal data is based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
Right to Lodge a Complaint: if you believe we have not complied with applicable data protection laws, you have the right to lodge a complaint with your local data protection authority.
Where we act as a processor (e.g. for Customer Data), data subject rights should be exercised directly against the relevant Customer (the data controller). We will assist the Customer in responding to any such requests in accordance with our data processing agreement.
Please note that certain rights (particularly erasure and portability) may be limited with respect to Service Data and anonymised Customer Data, which is retained indefinitely for legitimate business purposes as described above.
Amendments to the Privacy Policy
We may update this privacy policy from time to time. If we make material changes, we will provide reasonable notice (e.g. via our Website or by email). The effective date will always be shown at the top of this policy. We encourage you to review this page periodically.
Contacting Us
If you have any questions, comments, or requests regarding this privacy policy or our processing of your personal data, please contact us at:
Sera Leads OÜ
Estonian commercial register code: 16976269
Registered address: Kentmanni tn 6-6, 10116 Tallinn, Estonia
e-mail address: support@seraleads.com
Our supervisory authority is the Estonian Data Protection Inspectorate (www.aki.ee).
