Privacy Policy

    Last updated: January 2025

    1. Data Controller

    Aimiten Oy ("Valuefy")
    Business ID: 3367218-8
    Address: Helsinki, Finland
    Email: [email protected]

    2. Information We Collect

    2.1 Information You Provide

    • Company name and country for valuation
    • Email address for report delivery
    • Payment information (processed by Stripe, not stored by us)

    2.2 Information from Third-Party Sources

    To generate accurate valuations, we collect publicly available business data from:

    • Official business registers (YTJ, Companies House, Allabolag, etc.)
    • Public financial databases
    • Company websites and public reports

    Note: We only access publicly available information.

    2.3 Automatically Collected Information

    • Session data (stored locally in your browser)
    • Basic analytics (if you accept cookies)

    3. Legal Basis for Processing (GDPR Article 6)

    • Contract performance: To deliver your paid valuation report
    • Legitimate interests: To collect public business data for analysis
    • Legal obligation: To maintain tax and accounting records
    • Consent: For marketing communications (if applicable)

    4. How We Use Your Information

    • Generate your business valuation report using AI analysis
    • Send the report to your email
    • Process payment securely via Stripe
    • Provide customer support
    • Comply with legal obligations
    • Improve our service (anonymized data only)

    5. Automated Decision-Making

    Our service uses AI (Google Gemini) to analyze business data and generate valuations. This involves automated processing of financial information. You have the right to:

    • Request information about the logic involved
    • Contest the valuation results
    • Request human intervention

    6. Data Sharing

    We share your data only with:

    • Stripe: For secure payment processing
    • Google Cloud: For AI analysis (anonymized data)
    • Supabase: For secure data storage (EU servers)
    • Legal authorities: When required by law

    We do NOT sell your personal data.

    7. Data Retention

    • Report data: Deleted 90 days after generation
    • Payment records: 7 years (legal requirement)
    • Email address: Until you request deletion
    • Public business data: Refreshed periodically

    8. Data Security

    We implement appropriate technical and organizational measures:

    • SSL/TLS encryption for all data transfers
    • Encrypted storage on EU-based servers
    • Access controls and authentication
    • Regular security audits
    • Incident response procedures

    9. Your Rights (GDPR)

    You have the right to:

    • Access: Request a copy of your personal data
    • Rectification: Correct inaccurate data
    • Erasure: Request deletion ("right to be forgotten")
    • Restriction: Limit processing of your data
    • Portability: Receive your data in a portable format
    • Object: Object to certain processing activities
    • Withdraw consent: At any time (where applicable)

    To exercise these rights, email: [email protected]

    10. Data Breach Notification

    In case of a data breach that poses risk to your rights and freedoms, we will:

    • Notify authorities within 72 hours
    • Notify affected users without undue delay
    • Provide information about the breach and mitigation steps

    11. International Transfers

    Your data is primarily processed within the EU. If transferred outside the EU (e.g., for AI processing), we ensure appropriate safeguards through:

    • Standard contractual clauses
    • Adequacy decisions
    • Your explicit consent (where required)

    12. Cookie Policy

    12.1 What Are Cookies

    Cookies are small text files stored on your device when you visit our website. We use cookies and similar technologies (like sessionStorage) to enhance your experience.

    12.2 Types of Cookies We Use

    Essential Cookies (Always Active)

    • Session Storage: Temporarily stores form data to prevent loss during payment
    • Security Cookies: Helps protect against fraud and maintain secure connections

    Functional Cookies

    • Theme Preference: Remembers your selected theme (dark/warm/nature)
    • Language Settings: Stores your language preference (if applicable)

    Analytics Cookies (With Consent)

    • Google Analytics: Helps us understand how visitors use our site
    • Performance Monitoring: Tracks site speed and error rates

    12.3 Third-Party Cookies

    Our payment processor (Stripe) may set cookies for:

    • Fraud prevention
    • Payment processing
    • Security purposes

    12.4 Managing Cookies

    You can control cookies through:

    • Browser Settings: Most browsers allow you to refuse or delete cookies
    • Our Cookie Banner: Choose which non-essential cookies to accept
    • Device Settings: Mobile devices have additional privacy controls

    Note: Blocking essential cookies may prevent you from using our Service.

    12.5 Cookie Duration

    • Session Storage: Deleted when you close your browser
    • Theme Preference: Persists until you clear browser data
    • Analytics: Varies (typically 1-2 years)

    12.6 Updates to Cookie Policy

    We may update our cookie usage. Significant changes will be notified via our cookie banner.

    13. Children's Privacy

    Our service is not intended for individuals under 16. We do not knowingly collect data from children.

    14. Changes to This Policy

    We may update this policy. Significant changes will be notified via email or website notice.

    15. Supervisory Authority

    You have the right to lodge a complaint with:

    Finnish Data Protection Ombudsman
    Website: www.tietosuoja.fi
    Email: [email protected]

    16. Contact Us

    For privacy questions or to exercise your rights:

    Aimiten Oy
    Email: [email protected]
    Response time: Within 48 hours

    ← Back to Home