Privacy Policy

eupeak.io is a product of Samarkand OÜ
Privacy contact: privacy@samarkandindustries.com

1. Introduction

Samarkand OÜ (“we”, “us”, “eupeak.io”) operates developer.eupeak.io and api.eupeak.io.

This Privacy Policy explains how we collect, use, store, and protect personal data in connection with our services, and describes your rights under applicable law, including the EU General Data Protection Regulation (GDPR) where applicable.

2. Data we collect

a) Account data

• Email address
• Name (optional)
• Company name (optional)
• Password (hashed — plaintext never stored)

b) API usage data

• The query string submitted for screening
• API key identifier (hashed prefix only)
• Full response payload and risk score
• Request timestamp, IP address, and latency
• Source results and match data

c) Billing data

• Billing contact details
• Payment card data is processed by our payment processor and is never stored on eupeak.io infrastructure

d) Technical data

• Standard server logs: IP address, browser/client type, request path, response codes

3. How we use your data

We use your data to:

• Provide and operate the eupeak.io API service
• Authenticate your account and validate API keys
• Calculate and enforce usage limits per plan
• Generate audit logs for your screening history
• Send transactional emails (key creation, usage alerts)
• Respond to support requests
• Detect and prevent abuse or fraud
• Comply with applicable legal obligations

We do not use your screening queries to train machine learning models. We do not sell or share your data with third parties for marketing.

4. Screening query data

Queries submitted to POST /v1/screen are used solely to execute the screening request and to store the result in your audit log.

Queries are:

• Processed on EU-region infrastructure (Frankfurt)
• Stored in your account’s screening log for 24 months
• Not shared across tenant accounts
• Not used to train or improve any AI or machine learning system
• Accessible only by the API key that originated the request

5. Role under GDPR

For queries submitted by users of the eupeak.io API:

• You (the API customer) are the data controller, responsible for the lawfulness of your screening activities.
• eupeak.io (Samarkand OÜ) acts as a data processor on your behalf, processing entity names solely to execute the screening you have requested.

We are happy to enter into a Data Processing Agreement (DPA) on request. Contact: privacy@samarkandindustries.com

6. Legal basis for processing (GDPR Art. 6)

• Contract performance (Art. 6(1)(b)) — to provide the service you have subscribed to
• Legitimate interests (Art. 6(1)(f)) — for fraud prevention, abuse detection, and service reliability
• Legal obligation (Art. 6(1)(c)) — where required by law
• Consent — where explicitly provided (e.g. marketing emails)

7. Data retention

Account data

Duration of subscription + 5 years

Screening logs

24 months from screening date, then purged

Billing records

7 years (legal obligation)

Server logs

12 months

Anonymized statistics

Retained indefinitely

8. International data transfers

eupeak.io operates on EU-region infrastructure. Some third-party service providers may process data outside the EEA.

Where such transfers occur, we rely on:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission

A list of sub-processors is available on request at privacy@samarkandindustries.com.

9. Your rights

You have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion (subject to legal retention)
• Restriction — limit processing pending dispute resolution
• Data portability — receive data in machine-readable format
• Object — to processing based on legitimate interest
• Withdraw consent — at any time, without affecting prior processing

To exercise these rights: privacy@samarkandindustries.com. We will acknowledge within 72 hours and respond within 30 days (extendable by 2 months for complex requests).

EEA users may also lodge a complaint with their national supervisory authority. A list is available at edpb.europa.eu.

10. Cookies

eupeak.io uses only essential cookies required for authentication and session management on developer.eupeak.io. We do not use advertising cookies or third-party tracking pixels. See our Cookie Policy at developer.eupeak.io/cookies.

11. Contact

Privacy Officer — Samarkand OÜ
Email: privacy@samarkandindustries.com

12. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always available at developer.eupeak.io/privacy. Registered users will be notified by email of material changes at least 30 days before they take effect.