Privacy Policy
Last updated: January 21, 2026
1. Data Controller
Pauhu Oy ("we", "us") is the data controller for personal data processed through this service.
Contact: privacy@pauhu.eu
2. Data We Collect
| Category | Data | Purpose |
|---|---|---|
| Account | Email, name, company | Service delivery |
| Payment | Billing address, VAT ID | Invoicing (via Stripe) |
| Usage | API calls, downloads | Service improvement |
| Technical | IP address, browser | Security |
3. Legal Basis (GDPR Art. 6)
- Contract: Processing necessary for service delivery
- Legal obligation: Tax and accounting requirements
- Legitimate interest: Security and fraud prevention
4. Data Retention
- Account data: Duration of account + 2 years
- Payment records: 7 years (Finnish accounting law)
- Usage logs: 90 days
5. Data Sharing
We share data only with:
- Stripe: Payment processing (US, EU SCCs)
- Cloudflare: Infrastructure (EU data center)
- Hetzner: LDS Connector hosting (Helsinki, Finland)
All processors are bound by data processing agreements.
6. Data Location
All data is processed within the European Union. Our primary infrastructure is in Finland (Cloudflare EU, Hetzner Helsinki).
7. Your Rights (GDPR)
- Access your personal data
- Rectify inaccurate data
- Erase data ("right to be forgotten")
- Port data to another service
- Object to processing
- Lodge complaint with supervisory authority
To exercise these rights, contact privacy@pauhu.eu.
8. Cookies
We use only essential cookies for:
- Session management
- Security (CSRF protection)
No tracking or advertising cookies.
9. Supervisory Authority
Finnish Data Protection Ombudsman
tietosuoja.fi
tietosuoja@om.fi
Pauhu Oy
Helsinki, Finland
EU jurisdiction