Esquseo Privacy Policy

Effective date: 18 June 2026 · Last updated: 18 June 2026

This Privacy Policy explains how DUB SERVICES LLC ("DUB SERVICES", "we", "us") processes personal data through the Esquseo service at app.esquseo.com and store.esquseo.com (the "Service"). It is specific to Esquseo; our company-wide practices are described in the DUB SERVICES Privacy Policy. It is written to align with the EU and UK GDPR and the California Consumer Privacy Act (CCPA/CPRA).

1. Who we are

The data controller is DUB SERVICES LLC, 0009, 18/1 Zarobyan Str., Yerevan, Armenia. For any privacy request, contact [email protected].

2. What we collect

• Account data: your email address and your credit balance. Sign-in uses a one-time link sent to your email — there is no password.
• Assessment inputs: information you enter about an organization you assess — its name, country of incorporation, and optionally its website and tax identification number. These are processed to produce the assessment; we do not keep a history of your assessments.
• Payment and order data: when you buy credits we record the order (your email, the pack, amount, currency, status, and the country derived from your IP for the Armenian-dram route). Card details are entered on the payment provider's page; we never receive or store them.
• Technical and security data: your IP address and a session cookie operate and protect the Service. We also store a small "cookie notice acknowledged" cookie and, after account deletion, a one-way salted hash of your email used solely to prevent repeat free-trial claims.

3. How we use it, and our legal bases

• To provide the Service — accounts, running assessments, managing credits: performance of a contract (GDPR Art. 6(1)(b)).
• To protect the Service against abuse, fraud, and denial-of-service, and to prevent free-trial recycling: our legitimate interests (Art. 6(1)(f); Recital 47).
• To route payments correctly and meet tax obligations, including checking the country of your IP for the Armenian-dram option: legal obligation (Art. 6(1)(c)) and legitimate interests.
• Where we ask for consent, the basis is your consent (Art. 6(1)(a)), which you may withdraw at any time.

4. Automated AI processing and web search

Assessments are produced with the help of an AI model (Claude, provided by Anthropic) together with automated web search. The information you enter is sent to these processors to generate the result. We do not use your data to train AI models. Assessment outputs are indicators for triage only and are not legal advice or a legal determination (see the Terms of Use).

5. Who we share data with

We use a small set of service providers who process data on our behalf under appropriate agreements:

• Anthropic — AI processing of assessment inputs.
• Netlify — hosting and data storage.
• Resend — sending sign-in and service emails.
• Evocabank / ArCa and our global Merchant of Record — payment processing.

We do not sell your personal data, and we do not share it for cross-context behavioural advertising.

6. International transfers

Some processors operate outside Armenia and the EEA (for example, in the United States). Where personal data is transferred internationally, we rely on appropriate safeguards such as adequacy mechanisms or standard contractual clauses.

7. How long we keep it

We keep your account data (email and credit balance) until you delete your account. We do not retain a history of assessments. Order records are kept as needed for accounting, tax, and dispute purposes. The salted free-trial hash is retained for as long as we operate the free trial, solely to prevent abuse; it cannot be reversed into your email or linked back to you.

8. Your rights (GDPR)

You have the right to access, rectify, erase, restrict, and object to processing of your personal data, to data portability, and to withdraw consent. You can delete your account and its data at any time from within the Service. To exercise other rights, contact [email protected]. You may also lodge a complaint with your local data protection authority.

9. California privacy rights (CCPA/CPRA)

In the past 12 months we collect these categories of personal information: identifiers (email), commercial information (credits and orders), and internet or network activity (IP address, cookies). We collect them to provide and secure the Service. California residents have the right to know, access, correct, and delete personal information, and to opt out of its "sale" or "sharing" — we do not sell or share personal information, and we do not use or disclose sensitive personal information for purposes that would trigger a right to limit. We will not discriminate against you for exercising your rights. To make a request, contact [email protected].

10. Cookies

The Service uses only strictly necessary cookies — to keep you signed in and to protect the Service against abuse and denial-of-service. We use no analytics, advertising, or third-party tracking cookies. A short notice is shown on your first visit.

11. Children

The Service is intended for organizations and professional users and is not directed to children. We do not knowingly collect personal data from children.

12. Security

We use measures such as encrypted transport (HTTPS), signed session tokens, and data minimisation to protect your data. No method of transmission or storage is perfectly secure.

13. Changes

We may update this policy; the effective date above shows the current version. Material changes will be notified through the Service.

14. Contact

DUB SERVICES LLC, 0009, 18/1 Zarobyan Str., Yerevan, Armenia — [email protected].