Privacy Policy

Last modified: 20 March 2026

10Lines OÜ, an Estonian private limited company (“10Lines”, “we”, “us”, or “our”), develops and provides autonomous pavement marking robots, operating software, and related platform services (collectively, the “Services”). We provide our Services to business customers (each, a “Customer”), whose employees, contractors, and authorized personnel (“End Users”) may create accounts and access the Services on the Customer's behalf.

This Privacy Policy (“Privacy Policy”) describes how we collect, use, disclose, and protect personal information of End Users in connection with the Services. It applies to personal information we process about End Users regardless of where they are located.

10Lines’ Role

1. This Privacy Policy covers the processing activities for which 10Lines acts as a data controller, such as account registration, service improvement, communications with the End Users, and compliance with its own legal obligations.
2. Where 10Lines acts as a data processor acting on behalf of the Customer, who is the data controller for processing, the processing of End User personal information is governed by the Customer’s own privacy policy and by the Data Processing Agreement between 10Lines and the Customer.

Personal Information We Collect

We collect personal information directly from End Users when they register for an account or interact with the Services. In some cases, we may also receive End User information from the Customer. We collect only the limited categories of personal information necessary to create and manage End User accounts:

1. Account information: first and last name, phone number, and business email address, provided when an End User account is created.
2. Limited usage and technical data: IP address, browser type, operating system, timestamps, session duration, and interaction data collected automatically when you access the Services.
3. Communications: any information you include when you contact us for support or with inquiries.

We do not intentionally collect sensitive personal information such as government-issued identifiers, financial account data, biometric data, precise geolocation, health information, or information revealing racial or ethnic origin, religious beliefs, or sexual orientation.

How We Use Your Personal Information

We use the personal information described above for the following purposes:

1. To create and authenticate End User accounts and provide access to the Services.
2. To operate, maintain, and improve the Services.
3. To communicate with End Users about their accounts, service updates, and support requests.
4. To detect, prevent, and investigate fraud, security incidents, and unauthorized access.
5. To enforce our agreements and comply with applicable legal and regulatory obligations.

We do not use End User personal information for targeted advertising, behavioral profiling that produces legal or similarly significant effects, or for training machine learning models without the Customer's prior written consent.

Legal Bases for Processing

Where the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) applies, we process personal information of End Users on the following legal bases:

1. Performance of a contract: processing necessary to provide the Services to the Customer and enable End User account access.
2. Legitimate interests: processing for security, fraud prevention, and service improvement, where such interests are not overridden by your rights and freedoms.
3. Legal obligation: processing required to comply with applicable law.
4. Consent: where we rely on consent for a specific processing activity, you may withdraw it at any time without affecting the lawfulness of prior processing.

Disclosure of Personal Information

We do not sell personal information. We do not disclose personal information to third parties for their own direct marketing purposes. We may share personal information in the following circumstances:

1. Service providers (sub-processors): We engage third-party service providers to support the operation of our Services, including cloud hosting and infrastructure providers (such as Amazon Web Services), security and monitoring services, and analytics providers. These providers access personal information only as necessary to perform services on our behalf and are contractually required to protect it.
2. The Customer: As a Service provider, we operate under contract with the Customer, whose End User you are. The Customer may have access to account data and usage data relating to their authorized End Users.
3. Legal and regulatory compliance: We may disclose personal information if required to do so by law, court order, or regulatory authority, or if we reasonably believe disclosure is necessary to protect our rights, the rights of users, or the safety of others.
4. Business transfers: In connection with a merger, acquisition, reorganization, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction, subject to the protections of this Privacy Policy.

International Data Transfers

1. Our servers and primary processing infrastructure are located in the United States. If you access the Services from outside the United States, your personal information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction.
2. For End Users in the EEA, transfers of personal information to the United States are conducted in accordance with applicable data protection law, including through the use of Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms that ensure an adequate level of protection for your personal information.

Data Retention

1. We retain personal information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Privacy Policy, and comply with applicable legal, regulatory, accounting, and reporting obligations. When personal information is no longer needed, we will delete it, anonymize it, or securely isolate it pending deletion (for example, where it is stored in backup archives).
2. End Users whose accounts are deactivated by the Customer, or who are removed from the Services, will have their personal information deleted or anonymized within a reasonable period, unless retention is required by law or to enforce 10Lines’ rights.

Data Security

1. We implement reasonable administrative, technical, and organizational measures designed to protect personal information from unauthorized access, use, alteration, or disclosure. These measures include access controls, encryption of data in transit, and regular security assessments.
2. No system or transmission over the internet is completely secure. You are responsible for maintaining the confidentiality of any account credentials provided to you. If you believe your account credentials have been compromised, please contact us immediately.

Your Privacy Rights

1. U.S. Residents. Depending on your state of residence, you may have the following rights with respect to your personal information:
   1. Right to know: request confirmation that we process your personal information and obtain access to the categories of personal information we hold about you.
   2. Right to access and data portability: request a copy of your personal information in a portable format.
   3. Right to correction: request that we correct inaccurate personal information.
   4. Right to deletion: request that we delete your personal information, subject to applicable legal exceptions.
   5. Right to opt out: opt out of any sale or sharing of personal information, targeted advertising, or profiling in furtherance of decisions with legal or similarly significant effects. We do not engage in any of these activities.
2. EEA Residents. If you are located in the EEA, you have the following rights under the GDPR:
   1. Right of access: request confirmation of and access to your personal information.
   2. Right to rectification: request correction of inaccurate personal information.
   3. Right to erasure: request deletion of your personal information where we have no legitimate basis to retain it.
   4. Right to restriction of processing: request that we restrict certain processing of your personal information.
   5. Right to data portability: receive your personal information in a structured, commonly used, machine-readable format.
   6. Right to object: object to processing based on legitimate interests or for direct marketing purposes.
   7. Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.
   8. Right to lodge a complaint: lodge a complaint with your national data protection supervisory authority.
   9. Right not to be subject to any automated individual decision-making, including profiling: We do not carry out solely automated decision-making that produces legal or similarly significant effects concerning End Users.
3. Exercising Your Rights. To exercise any of the rights described in this Section, please contact us using the contact information in Section 13. We may require reasonable verification of your identity before responding. We will respond within the timeframe required by applicable law. Where we process personal information on behalf of a Customer, you should direct your request to the Customer.

Cookies and Similar Technologies.

1. The Services may use cookies and similar technologies to support basic functionality, authentication, and analytics. To learn more about cookies, visit www.aboutcookies.org.
2. Under the GDPR, essential cookies (required for authentication and core functionality) are set on the basis of contract performance or legitimate interest and do not require consent. All other cookies are set only with your prior consent. You may withdraw consent or manage your cookie preferences at any time through the privacy settings within the Services, or by contacting us at support@10linesrobots.com; however, disabling certain cookies may affect the functionality of the Services.
3. We use the following cookies:

   Name	Provider	Purpose	Type	Duration
   access_token / JWT	10Lines	Authentication: Identifies your login session.	Essential	1 hour
   refresh_token	10Lines	Security: Renews your login session.	Essential	12 hours
   csrftoken	10Lines	Security: Prevents CSRF attacks.	Essential	1 year
   __stripe_mid	Stripe	Fraud: Identifies the device for security.	Essential	1 year
   __stripe_sid	Stripe	Fraud: Tracks a single payment session.	Essential	30 minutes
   SID / HSID	Google	Security: Google account authentication.	Essential	2 years
   AEC	Google	Security: Anti-spam/Verification.	Essential	6 months
   NID	Google	Maps/Calendar: Stores user preferences.	Functional	6 months
   qbo_session	QuickBooks	Integration.	Functional	Session

Minors. The Services are intended for use by adults acting on behalf of business Customers. We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have collected personal information from a minor, we will take steps to delete it promptly.

Changes to This Privacy Policy. We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or applicable law. We will indicate the date of the most recent update at the top of this Policy. For material changes affecting how we collect, use, or disclose personal information, we will provide advance notice through the Services or by email where required by law. Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised Policy.

Contact Information. If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, or if you wish to exercise your privacy rights, please contact us at:

10Lines OÜ
Harju maakond, Saku vald, Tänassilma küla, Kokasauna põik 1-8, 76406, Estonia
Email: support@10linesrobots.com
Website: https://10linesrobots.com