Book a demo
Request a Quote

UAB LEOREMA
Privacy policy

Privacy Policy

  1. UAB Leorema (hereinafter “Leorema”, “we”, “us”, or “our”) is committed to safeguarding the privacy of our customers and users (referred to as “you” or “your”) who visit our websites (including leorema.com and any other websites we operate) and who use the services available through our online platform (collectively, the “Websites”). This Privacy Policy sets out our personal information collection and sharing practices for the Websites and is intended to inform you about how we collect, use, and share any personal information that you provide to us or that we gather from your use of our Websites and services.

  2. Additional notices highlighting certain uses of your personal information, together with the ability to opt-in or opt-out of specific uses, may be provided to you at the point where we collect your personal information.

  3. The Websites may contain links to third-party websites. If you follow a link to any third-party site, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for those policies or how those third parties handle your personal information. We encourage you to review such third-party privacy policies before you submit any personal data to them.

  4. This Privacy Policy is intended to explain our privacy practices. In particular, it covers the following areas:

    • What personal information we collect and process;

    • How we use your personal information;

    • How we store and protect your personal information;

    • Your rights regarding your personal information (including the right to prevent marketing) and how you can exercise them;

    • Our use of cookies and similar technologies;

    • How changes to this Privacy Policy will be communicated.

Information We May Collect About You

We will collect and process various types of personal information about you. This may include:

  • Information you provide to us: Personal information that you provide by filling in forms on our Websites or by corresponding with us (for example, by email or via our contact forms). This includes information such as your name, email address, telephone number, country, company name, and any other information you choose to provide. For instance, when you request a demo or information about our services, we may ask for your contact and company details. If you apply for a job at Leorema, we may collect additional information such as your education, qualifications, and work experience as part of the recruitment process.

  • Correspondence: If you contact us (for example, by email or through a contact form), we will keep a record of that correspondence and any personal information contained in it (such as your email address and the content of your message).

  • Survey Information: We may occasionally ask you to participate in surveys or provide feedback for research or service improvement purposes. If you choose to respond to such surveys, we will collect the information you provide in your responses.

  • Website usage and technical information: When you visit our Websites, we automatically collect certain information about your visit using cookies and other tracking technologies. This information may include your IP address, domain name, browser type and version, operating system, browser language, access times, referring website addresses (the site that led you to our Websites), pages viewed, links clicked, and other actions you take on our Websites. We also gather aggregate information about how our Websites are used (for example, visitor traffic patterns) to help us improve our services. In addition, we may use technologies (such as tracking pixels in emails) to determine whether you have opened a promotional email or clicked on links within it.

  • Third-Party Analytics: We use third-party analytics providers (for example, Google Analytics) on our Websites. These providers use cookies and similar technologies to collect information about how users interact with our site, which helps us analyze website traffic and user behavior. The information gathered (such as pages visited, time spent on pages, and approximate geolocation based on your IP address) is used in aggregate form to improve our Website functionality and services. (See the Cookies section below for more details on our use of cookies and analytics.)

Please note: If we ever enable integrations with third-party platforms or services as part of our offerings (for example, if you could connect our bot mitigation service with an account on another platform), we will only access and use information from those third-party accounts with your permission and as necessary to provide our services to you, in accordance with the privacy rules of those third-party services.

How We Use Your Personal Information

In this section, we describe the purposes for which we use the personal information we collect, and, in compliance with our obligations under applicable data protection laws (including the EU General Data Protection Regulation “GDPR”), the legal bases that justify our processing. We may process your personal information for one or more of the following purposes:

  1. To communicate with you and manage our relationship: We use contact details and other personal information to respond to your inquiries, requests for information, demo or free trial requests, or support tickets. For example, we will use your information to respond when you contact us for technical support, when you request a demo of our bot detection service, when you register for an event or webinar hosted by Leorema, or when you express interest in a partnership or doing business with us. We also process personal data as needed to carry out our obligations arising from any contracts we may have with you (or the company you represent), and to otherwise communicate with you about our business relationship.

    • Legal basis: Performance of a contract (where our communication relates to an existing contract or pre-contractual inquiries); Legitimate interests (to effectively respond to inquiries and maintain business relationships).

  2. To create and manage your account or access to restricted areas: If you register for an online account on our platform or sign up to use certain restricted areas of our Websites (such as a customer dashboard or portal), we will process your registration information to set up and administer your account. This includes using your details to authenticate you when you log in and to provide you with the specific information and services available to account holders (for example, access to analytics dashboards or configuration settings for our bot mitigation services). Please note that certain information is required to create an account (any mandatory fields will be indicated); if you do not provide this information, we cannot create an account for you.

    • Legal basis: Performance of a contract (providing and managing the account service you requested); Legitimate interests (to enable you to access and use our platform’s features and ensure the security of your account).

  3. To send you marketing communications (with your consent where required): We may use your email address and other contact information to send you news and updates about our products and services, special offers, industry news, or invitations to upcoming Leorema events or webinars that we believe may be of interest to you. We will only send you promotional emails or newsletters if you have consented to such communications, or if you are an existing customer and applicable laws allow us to contact you on the basis of our legitimate interests. In any case, we will always provide you with an easy way to opt out of further marketing messages (for example, via an “unsubscribe” link in our emails or by contacting us directly to opt out). We will not share your contact information with third parties for their own marketing purposes without your explicit consent.

    • Legal basis: Consent (when you have opted in to receive marketing communications); Legitimate interests (to inform our customers and prospects about updates relevant to their business, where permitted by law).

  4. To improve and develop our products and services: We may analyze usage data, feedback, and other information (often on an aggregated or anonymized basis) to better understand how our services are used and how we can improve them. For instance, we might review how often certain features of our dashboard are used or analyze feedback you provide to enhance our bot detection algorithms and develop new features. We may also use information for internal research and development purposes, such as troubleshooting, testing, and analyzing trends.

    • Legal basis: Legitimate interests (to improve our services, enhance user experience, and innovate new solutions in the field of bot detection and mitigation).

  5. To personalize your experience on our Websites: We use cookies and similar technologies to remember your preferences and settings, to recognize you when you return to our site, and to tailor content to you. For example, we may remember if you preferred a certain language or if you previously indicated interest in a particular type of content. We also collect statistics about usage of our Websites, which helps us understand what content is most useful to visitors. This personalization improves your experience and the overall effectiveness of our Websites. (See the Cookies section below for more details.)

    • Legal basis: Consent (for using non-essential cookies or similar technologies where required by law); Legitimate interests (to enhance user experience and ensure our Websites are relevant to our audience).

  6. To monitor, prevent, and detect fraud and malicious activity: We process certain data to help monitor network and service usage, ensure quality control, and to detect or prevent fraudulent activity or misuse of our services. For example, we may monitor attempted accesses to our platform or unusual patterns in requests that could indicate a malicious bot or security threat. This helps us protect our platform, our business, and our customers from fraud, cyber-attacks, or other unlawful activities.

    • Legal basis: Legitimate interests (to ensure the security and integrity of our services and to prevent fraud); Legal obligations (when processing is necessary to comply with laws requiring security measures or fraud prevention).

  7. To inform you of changes: We may use your contact information to notify you about important changes to our services, terms, or this Privacy Policy. For example, we might email you to let you know about significant updates to our platform or to our data handling practices outlined in this policy. These communications are primarily informational and not promotional in nature.

    • Legal basis: Legitimate interests (to keep you informed about updates that affect our services or your rights, and to ensure transparency in how we process personal data).

  8. To reorganize or make changes to our business: If we undergo a business transition such as a merger, acquisition by another company, or sale of all or part of our assets, or in the unlikely event of bankruptcy, we may need to disclose or transfer personal information to the new owner or other relevant third parties as part of that transaction. We will ensure that any such transfer of personal information is handled in accordance with applicable data protection laws. The new owner or reorganized entity would be allowed to use your personal information, but only in the manner set out in this Privacy Policy (unless you agree otherwise).

    • Legal basis: Legitimate interests (to facilitate business transitions and ensure our services can continue).

  9. To comply with legal obligations and protect our rights: We may process your personal information as necessary to comply with our legal obligations, or in connection with the establishment, exercise, or defense of legal claims. This includes using or disclosing personal data as required by laws, regulations, court orders, or regulatory authorities (for example, responding to a lawful request by law enforcement or regulatory body). Where permitted and feasible, we will attempt to notify you of such disclosure, unless doing so could compromise the prevention or detection of a crime or other legal obligations. We may also process data to investigate or address legal violations or breaches of contract, and to enforce our terms of service.

    • Legal basis: Legal obligations (when we are legally required to process or disclose data); Legitimate interests (to protect our rights, property, and safety or that of our employees and customers; to ensure compliance with our terms and the law); Legal claims (processing necessary for the establishment, exercise, or defense of legal claims).

Disclosure of Information: In addition to the specific situations discussed above, we may disclose personal information to certain trusted third parties for the purposes described in this Privacy Policy:

  • We may share your personal information internally within our company with staff who need to know the information in order to provide our services (for example, your information may be shared between our sales team, customer support team, and technical team as necessary).

  • We may share your information with service providers and partners who perform services on our behalf. This includes, for example, companies that provide website hosting, cloud infrastructure, data storage, email delivery services, customer relationship management and support software, analytics services, and other IT support. We only share data necessary for these providers to perform their functions, and we contractually require them to keep your information confidential and to use it only for the purposes of providing their services to us (and not for their own purposes).

  • We may also share information with our professional advisors (such as legal counsel, accountants, and business consultants) on a need-to-know basis, under duties of confidentiality.

We do not sell your personal information to third parties. We do not share your personal data with unrelated third parties for their own direct marketing purposes without your consent.

Transmission, Storage and Security of Your Personal Information

Security Measures

Leorema takes the security of your personal information very seriously. We implement and maintain appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures are designed to provide a level of security appropriate to the risk of processing your personal information.

While we strive to protect all information, please note that no method of transmitting or storing data is completely secure. Although we do our best to safeguard your personal information, we cannot guarantee absolute security of data transmitted over the Internet or via our Websites. Any transmission of your data to us is at your own risk. Once we have received your information, we will apply strict security standards to try to prevent unauthorized access or disclosure.

All information you provide to us is stored on secure servers (either operated by Leorema or by trusted service providers on our behalf) and is protected by access controls. If we have given you (or you have chosen) a password to access certain parts of our platform, you are responsible for keeping that password confidential and not sharing it with anyone. We also advise you to choose a unique and strong password and to log out of your account and close your browser when you have finished your session, especially when using a shared or public device.

International Transfers

Because Leorema is based in the European Union (Lithuania) and our clients may be around the world, the personal information that we collect from you may be transferred to and stored in a country outside of the European Economic Area (EEA). It may also be processed by our suppliers or service providers in other countries. For example, if we use a cloud service provider or an email service whose servers are located outside the EEA, your personal data may be stored or processed on those servers.

Whenever we transfer your personal information outside of the EEA, we will ensure that appropriate safeguards are in place to protect it, as required by GDPR. These safeguards may include:

  • Ensuring the destination country has been officially recognized by the European Commission as providing an adequate level of data protection (you can find the list of countries with adequacy decisions on the European Commission’s website);

  • If the data is transferred to a country without an adequacy decision, implementing an appropriate lawful transfer mechanism, such as entering into the European Commission’s standard contractual clauses (also known as Model Clauses) with the receiving party, or relying on another valid transfer mechanism under GDPR;

  • In specific cases, we may rely on your explicit consent for certain transfers, but we will inform you and seek your consent when required by law.

You can request more information about our international data transfer practices and obtain copies of the relevant safeguards (such as standard contractual clauses) by contacting us using the details in the Contacting Us section below.

Data Retention

We will not keep your personal data for longer than is necessary for the purposes for which we collect and use it. How long we retain your data depends on the purpose for which it was collected, and we will either delete or anonymize your data once it is no longer needed.

In practice:

  • For contact information and other personal data you provide for inquiries or demos, we will retain it for as long as is necessary to respond to you and fulfill your request, and for a reasonable period thereafter in case of follow-up questions or to establish a business relationship.

  • For account registration data, we will retain your information for as long as your account is active and as needed to provide you with services. If you close your account, we will delete or anonymize the data associated with it within a reasonable time after account closure, except for information we are required to keep by law or for legitimate business purposes (such as proof of transactions or communications).

  • For marketing communications, we will retain your contact details on our marketing list until you opt out or unsubscribe from marketing (or if we determine that your contact information is no longer valid). If you opt out, we will keep a record that you do not want to be contacted for marketing.

  • In all cases, we may retain certain information for a longer period if necessary to comply with legal requirements (for example, tax and accounting records retention periods), or to establish, exercise, or defend legal claims. For instance, we might retain basic information about transactions or communications for the duration of the statutory limitation period in case legal claims arise.

When we no longer have a legitimate need or legal obligation to retain your personal information, we will securely delete, destroy, or anonymize the data. If data is anonymized (so it can no longer be associated with any individual), we may retain and use that information indefinitely without further notice to you.

Your Rights and Choices

As a data subject, you have certain rights under GDPR and other applicable data protection laws. This section outlines your rights and how you can exercise them. Please note that these rights are not absolute – in some cases, legal exceptions may apply, and we may not be able to fulfill every request (for example, if fulfilling your request would infringe on another person’s rights or if we are legally prevented from doing so). However, we will provide an explanation if we cannot fulfill a request for such reasons.

Right to Withdraw Consent (Marketing Opt-Out)

You have the right to opt out of receiving marketing communications from us at any time. If you no longer wish to receive our newsletter or promotional emails, you can click the “unsubscribe” link in any marketing email, or contact us at any time to request removal from our mailing lists. Please note that even if you opt out of marketing messages, we may still send you important administrative or service-related communications (such as notices about your account, security updates, or changes to this Privacy Policy), as these are not marketing communications.

Keeping Your Information Up-to-Date

We take reasonable steps to ensure that the personal data we have about you is accurate and, where necessary, kept up-to-date. If any of your information is incorrect or has changed (for example, you have a new email address or phone number), please inform us so we can update our records. You can do this by contacting us using the details in the Contacting Us section below. For users who have an online account with us, you may also be able to log in to your account and update certain information directly.

Your Data Protection Rights

Under GDPR (and subject to certain conditions and exceptions), you have the following rights regarding your personal data:

  • Right of Access: You have the right to request confirmation whether we are processing your personal information, and if so, to request a copy of the personal data we hold about you, as well as information about how we use it. This is commonly known as a “data subject access request.”

  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. If you believe that any of your data is incorrect or out of date, please let us know and we will rectify it.

  • Right to Erasure: You have the right to request the deletion of your personal information in certain circumstances. This right (sometimes called the “right to be forgotten”) applies, for example, if your personal data is no longer necessary for the purposes it was collected, if you withdraw consent and we have no other legal basis to continue processing, or if you object to processing and we have no overriding legitimate grounds to continue. Please note that we may need to retain certain information if required by law or for legitimate business purposes (we will inform you if that is the case).

  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations. For instance, if you contest the accuracy of the data or have objected to our processing, you may request that we restrict processing while your concern is being resolved. When processing is restricted, we can still store your data but will not use it further until the restriction is lifted.

  • Right to Data Portability: You have the right to obtain a copy of certain personal information in a structured, commonly used, machine-readable format and to request that we transfer that information to another provider where technically feasible. This right applies to personal data you have provided to us, when the processing is based on your consent or a contract with you, and is carried out by automated means. (For example, if you provided us with your data as part of a contract, you can request we export that data in a format that can be re-used by another service.)

  • Right to Object: You have the right to object to certain types of processing. You can object at any time to our processing of your personal information for direct marketing purposes – if you do so, we will stop using your data for marketing. Additionally, if we are processing your information based on our legitimate interests, you have the right to object to that processing on grounds relating to your particular situation. We will then reevaluate our reasons for processing your data. We may continue processing if we can demonstrate compelling legitimate grounds that override your rights and interests or if the processing is necessary for legal claims.

  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing we conducted prior to your withdrawal. If you withdraw consent, we will stop the processing which was based on that consent. (For example, you can withdraw your consent for marketing emails, and we will stop sending them.)

Please note that the exercise of these rights is subject to certain limitations and conditions. There may be circumstances where we are legally entitled to refuse certain requests (for example, denying a request for erasure if processing is still necessary to comply with a legal obligation). If you exercise any of the above rights, we will respond within the time frame required by law (generally within one month under GDPR, though this may be extended by an additional two months for complex requests). We will inform you if we need additional information to verify your identity or to process your request.

Also, keep in mind that data protection laws can vary by country. If you are in a jurisdiction outside the EU, additional or slightly different rules may apply. For instance, under some national laws you might have certain extra rights – e.g., in France, individuals are allowed to set directives regarding the handling of their personal data after death.

If you would like to exercise any of your rights, you can contact us using the information provided in the Contacting Us section below. We will review your request and, if it is valid and applicable, we will honor it in accordance with applicable law. We may need to request specific information from you to help us confirm your identity before we can fulfill your request (this is a security measure to ensure that personal data is not disclosed to someone who does not have the right to receive it).

Right to Lodge a Complaint

If you have any concerns or complaints about how we handle your personal data, we hope you will contact us first so that we can address your concerns. However, you also have the right to lodge a complaint with a data protection supervisory authority. If you are in the European Economic Area, you may contact the supervisory authority in the country of your habitual residence, place of work, or where you believe a breach of data protection law has occurred.

For example, in Lithuania (where Leorema is located), the supervisory authority is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija). You can also find a list of supervisory authorities for other EU/EEA countries (with contact details) on the European Commission’s website.

Cookies and Similar Technologies

Our Websites use cookies and similar tracking technologies to distinguish you from other users and to improve your browsing experience. Cookies are small text files that are placed on your device (computer, smartphone, etc.) when you visit a website. They allow the website to recognize your device and store certain information about your preferences or past actions.

When you visit the Leorema website, we may use cookies to enable certain site functionality, to understand how you interact with our site, and to facilitate online advertising or analytics. For instance, we use both first-party cookies (set by us) and third-party cookies (set by service providers such as Google Analytics). These cookies might collect information about your browsing behavior on our site (as described in the “Website usage and technical information” section above). We use this information for several purposes:

  • Essential cookies: Some cookies are necessary for our website to function properly (for example, to keep you logged in to your account or to remember your cookie consent preferences). These cookies do not require your consent.

  • Analytics cookies: We use analytics cookies (e.g., Google Analytics cookies) to collect information about how visitors use our site. This helps us compile statistical reports on site activity and improve our Website. For example, we learn which pages are the most popular, how long users stay on each page, and where users encountered errors. The data collected via analytics cookies is typically aggregated and does not directly identify individual visitors. We only use these analytics cookies with your consent where required by law.

  • Functional and preference cookies: These cookies remember choices you make (such as your language or region) and provide enhanced, more personalized features.

  • Advertising cookies: At present, Leorema does not serve third-party advertisements on our site, but if we ever do, advertising cookies would be used to personalize ads to you and measure their effectiveness (these would also only be used with appropriate consent).

When you first visit our Websites, you will be presented with a cookie notice or banner requesting your consent for non-essential cookies. You can choose to accept or reject certain categories of cookies. Even after you’ve given consent, you can always manage or revoke your cookie preferences. Most web browsers also allow you to control cookies through their settings. You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. However, please note that if you block or disable certain cookies, some parts of our site might not function properly.

For more detailed information about the cookies and tracking technologies we use, you can refer to our Cookies Policy (if available) or contact us with any questions. By continuing to use our site with cookies enabled in your browser settings, you are agreeing to our use of cookies under this Privacy Policy.

Information Collected Through Our Services (Acting as a Data Processor)

Leorema provides bot detection and mitigation services that may be integrated into our clients’ websites, applications, or online services. In this context, our client is the data controller of any personal data collected from end users on the client’s site, and Leorema acts as a data processor on behalf of the client. This means that when an end user (for example, an individual visiting a website that uses Leorema’s bot protection service) has their data processed by Leorema’s technology, we are processing that data solely for the purpose of providing our anti-bot service to our client, and under the instructions of our client.

What data do we process as a service provider? When our bot mitigation script or API is deployed on a client’s website or application, it may collect certain technical data from visitors to that site/app in order to determine whether a visitor is a legitimate user or an automated bot. This can include elements like IP address, device and browser information, and behavioral patterns (such as mouse movements, keystrokes, or browsing activity necessary for differentiating bots from humans). Importantly, this data is only used for fraud and bot detection purposes on behalf of our clients. We do not use this information to identify individual end users, nor do we use it for any purposes other than providing the anti-bot/protection service to our clients.

Leorema does not collect additional information about end users for its own purposes when acting as a service provider. We do not build profiles of end users, and we do not share end-user personal data from our clients’ sites with third parties except as needed to deliver the security service (for example, transmitting data through our detection algorithms and back to the client’s site to decide whether to allow or block a connection).

Data retention in our service: We minimize retention of end-user data that we process on behalf of clients. We retain such data only as long as necessary to fulfill the purposes of bot detection and mitigation, and in accordance with our client contracts. Typically, raw data collected from end users for threat detection is retained for a short period (for example, data may be kept for up to 30 days or less) to allow for analysis, auditing, and improvement of our detection algorithms, after which it is deleted or aggregated/anonymized. We do not retain this data for longer than necessary, and in no case do we retain identifiable end-user data beyond the timeframe permitted by our client agreements or required by law.

If you are an end user who has interacted with a website or service that uses Leorema’s bot protection, and you have questions or requests regarding your personal data on that site, we recommend that you review the privacy policy of the website or service you visited, or contact that website’s owner (the data controller) directly. They will be able to provide you with information about any data collected and your options. Of course, Leorema will assist its clients in fulfilling their own data protection obligations towards their users, as required by GDPR and our contracts.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time in response to evolving legal, technical, or business developments. When we update the policy, we will take appropriate measures to inform you (consistent with the significance of the changes we make).

If we make any material changes, we will notify you by posting a prominent notice on our Website or, if appropriate, by contacting you directly (for example, via email if we have your contact information on file) to inform you of those changes. We encourage you to periodically review this page for the latest information on our privacy practices.

Contacting Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how Leorema handles your personal data, please do not hesitate to contact us.

You can reach us by email at support@leorema.com. Alternatively, you may send correspondence to the following address:

UAB Leorema
Maučiuvio g. 17-4, Nairių k.
LT-39380 Pasvalio r.
Lithuania

(Attn: Data Privacy Officer or Privacy Inquiry)

UAB Leorema (company registration code 306967321) is the data controller responsible for the processing of your personal data as described in this Privacy Policy. We are a company registered in the Republic of Lithuania, and our registered address is as stated above.

We value your privacy and will do our utmost to address any request or query to your satisfaction.

Stay on top of
the latest threats

INTEGRATION ECOSYSTEM

BY INDUSTRY

BY ROLE

COMPANY

Copyright 2025 UAB Leorema . All rights reserved