Privacy Policy
Last updated: January 29, 2026
This privacy policy describes how personal data is processed in the Sivu.me online service ("Service"). The Service is provided by Intoloop Oy ("Data Controller"). The Data Controller processes personal data in accordance with the EU General Data Protection Regulation (EU 2016/679, "GDPR") and other applicable legislation.
1. Data Controller
Intoloop Oy
Business ID: 2283473-5
Address: Papinkatu 21 LH 34, 33200 Tampere, Finland
Email: tuki@intoloop.com
2. Scope
This privacy policy applies to users of the Service, potential users, and persons contacting the Data Controller regarding the Service.
3. Personal Data Processed
The Data Controller processes only personal data necessary for the Service.
3.1 User Account Data
- Name (if provided)
- Email address
- Username
- Secure password hash (no plain text password)
3.2 Service Usage Data
- Metadata of created websites and content
- Domain and publishing settings
- Login and usage timestamps
- Technical log data (e.g., IP address, browser, and device information)
3.3 Payment and Subscription Data
- Subscription type and validity
- Billing period and payment status
Note: The Data Controller does not process or store payment card details. Payments are processed by an authorized payment service provider (Stripe) in accordance with their own terms and privacy policies.
3.4 Customer Support and Communication
- Content of communications
- Information related to support requests
- Time and channel of communication
4. Purposes and Legal Basis for Processing
Personal data is processed for the following purposes and on the following legal bases (GDPR Art. 6):
| Purpose | Legal Basis |
|---|---|
| Creation and management of user account | Performance of contract |
| Provision and maintenance of the Service | Performance of contract |
| Management of payments and subscriptions | Contract / Legal obligation |
| Customer support and communication | Legitimate interest |
| Service development and security | Legitimate interest |
| Marketing and reference use | Legitimate interest or Consent |
The Data Controller always evaluates the balance between legitimate interest and the rights of the data subject.
5. AI-Assisted Functions
The Service may contain AI-assisted functions for content creation. Content entered into the Service by the User is processed solely for the purpose of providing the Service and enabling technical functionality.
User content is not used to train general AI models by Sivu.me, nor does Sivu.me disclose content to third parties for training purposes without the User's express consent.
The User is responsible for reviewing AI-generated content before publishing it.
6. Data Retention Period
Personal data is retained only as long as necessary for the purposes described in this privacy policy.
- User account data: For the duration of the account's validity.
- Billing and accounting material: For the period required by law.
- Support requests: For the duration of processing and a reasonable follow-up period.
Upon termination of the user account and agreement:
- Data is retained for 30 days,
- After which it is permanently deleted, unless legislation requires longer retention.
7. Data Location and Transfers
Personal data is processed and stored within the EU/EEA area:
- Server infrastructure: Finland
- Database: Germany
Personal data is not transferred outside the EU/EEA area without lawful safeguards.
8. Data Disclosures and Processors
Personal data is not sold or disclosed to third parties for marketing purposes.
Data may be processed by carefully selected service providers (data processors) acting on behalf of the Data Controller. These include:
- Hosting and cloud service providers (servers and database)
- Payment service providers (Stripe)
- Customer relationship management and communication systems (Customer.io)
- Email services (transactional messages: Resend)
- Customer support systems
Data processing agreements (DPA) in accordance with the GDPR have been concluded with all processors, and they are committed to processing data confidentially and solely for the purpose of providing the service. Service providers have been selected so that the processing and storage of personal data take place primarily within the EU/EEA.
9. Cookies and Similar Technologies
The Service uses only technically necessary cookies (session cookies) that enable logging in, maintaining the session, and the secure use of the Service.
These cookies do not collect information for marketing purposes and are not used to track User activity outside the Service. Because the cookies are essential for the operation of the service, their use does not require separate consent, and no cookie banner is used in the Service.
10. Rights of the Data Subject
The data subject has the right to:
- access their own personal data,
- request rectification of incorrect data,
- request erasure of data within the limits of applicable legislation,
- restrict the processing of personal data,
- object to processing based on legitimate interest,
- transfer data from one system to another,
- withdraw consent at any time if processing is based on consent.
Requests should be sent to tuki@intoloop.com. The Data Controller will respond to requests without undue delay.
11. Security
The Data Controller implements appropriate technical and organizational measures to protect personal data, including:
- encrypted data transfer,
- access control restrictions,
- backups,
- logging and monitoring.
12. Right to Complain
The data subject has the right to lodge a complaint with the Office of the Data Protection Ombudsman if they consider that the processing of personal data violates data protection legislation.
13. Changes to this Privacy Policy
The Data Controller may update this privacy policy as the Service develops or legislation changes. The current version is always available in the Service.