Privacy Policy

Last updated: 3 March 2026

Auttaa AI Oy ("Auttaa", "we", "us", or "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Auttaa AI Oy
Email: privacy@auttaa.ai
Website: www.auttaa.ai

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Data You Provide Directly

  • Contact information: name, email address, phone number, company name, and job title — when you complete a contact form, request a demo, or subscribe to our newsletter.
  • Account information: login credentials if you create an account on our platform.
  • Communication data: any information you provide in correspondence with us.

2.2 Data Collected Automatically

  • Usage data: pages visited, time spent on pages, click patterns, and referring URLs.
  • Device data: browser type, operating system, screen resolution, and device identifiers.
  • IP address: used for security, fraud prevention, and approximate geolocation (country/city level).

2.3 Data From Third-Party Sources

  • Publicly available business information from LinkedIn or similar professional networks.
  • Information provided by our partners or customers in connection with our services.

3. How We Use Your Data

We process your personal data for the following purposes:

Purpose Legal Basis (GDPR Art. 6)
Responding to enquiries and providing demos Legitimate interest / Pre-contractual measures
Providing and improving our services Performance of contract
Sending marketing communications (with consent) Consent
Website analytics and performance monitoring Legitimate interest
Compliance with legal obligations Legal obligation
Security and fraud prevention Legitimate interest

4. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience. These include:

  • Essential cookies: required for the website to function (e.g., session management).
  • Analytics cookies: help us understand how visitors use our site (e.g., Google Analytics). These are only set with your consent.
  • Marketing cookies: used to deliver relevant advertising. These are only set with your consent.

You can manage your cookie preferences at any time using the cookie consent banner on our website, or by adjusting your browser settings.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with:

  • Service providers: cloud hosting (Vercel, Supabase), analytics (Google Analytics, Ahrefs), and email services — who process data on our behalf under appropriate data processing agreements.
  • Professional advisors: legal, accounting, or audit professionals as required.
  • Legal authorities: where required by law or to protect our legal rights.

6. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding corporate rules of the service provider

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact form enquiries: 24 months from last interaction.
  • Customer/contract data: duration of the contract plus 6 years (for legal and accounting purposes).
  • Marketing consent records: until you withdraw consent.
  • Analytics data: 14 months (anonymised/aggregated data may be retained longer).

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access: request a copy of the data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your data ("right to be forgotten").
  • Right to restrict processing: request limitation on how we use your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at privacy@auttaa.ai. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Staff training on data protection

10. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities can be found on the European Data Protection Board website.

13. Contact Us

For any questions or concerns about this privacy policy or our data practices, please contact:

Data Protection Contact
Auttaa AI Oy
Email: privacy@auttaa.ai
Web: www.auttaa.ai