Privacy Policy
Last updated: February 8, 2026
Your privacy is important to us. This Privacy Policy explains how Suomify collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR).
1. Data Controller
Suomify is the data controller for your personal data. For any privacy-related inquiries, contact us at:
- Email: support@email.suomify.fi
- Location: Helsinki, Finland
2. Data We Collect
2.1 Information You Provide
- Account information: Name, email address, password (encrypted)
- Profile data: YKI level, language preferences, timezone
- Learning content: Writing submissions, speaking recordings, exercise responses
- Payment information: Processed securely by Stripe (we do not store card details)
2.2 Information Collected Automatically
- Usage data: Exercise completion, progress, login times
- Device information: Browser type, operating system, IP address
- Analytics data: Page views, interactions, session recordings, heatmaps (via Google Analytics and Microsoft Clarity)
- Cookies: Essential cookies for authentication and preferences, and analytics cookies (see Section 10)
3. Legal Basis for Processing
We process your data based on:
- Contract performance: To provide the Service you requested
- Legitimate interests: To improve our Service and prevent abuse
- Consent: For marketing communications (you can withdraw anytime)
- Legal obligations: To comply with applicable laws
4. How We Use Your Data
We use your personal data to:
- Provide and personalize the learning experience
- Process AI-powered evaluations and feedback
- Track your learning progress and achievements
- Process payments and manage subscriptions
- Send important service notifications
- Improve the Service and develop new features
- Prevent fraud and ensure security
5. AI Processing
Your learning content (writing submissions, speaking recordings) is processed by AI systems to provide feedback and evaluations:
- Anthropic Claude: Processes text for AI feedback and content generation
- ElevenLabs: Processes audio for speech-to-text and text-to-speech
This processing is necessary for contract performance. AI providers process data as sub-processors under strict confidentiality agreements.
6. Third-Party Services
We share data with trusted third parties who help us operate:
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | USA (Privacy Shield) |
| AWS | Hosting, email delivery | EU (Frankfurt) |
| Anthropic | AI content generation | USA (DPA) |
| ElevenLabs | Audio processing | USA (DPA) |
| Google Analytics | Website analytics and usage statistics | USA (DPF) |
| Microsoft Clarity | Session recordings and heatmaps | USA (DPA) |
| Cloudflare | Bot protection (Turnstile CAPTCHA) | USA (DPA) |
All providers are bound by data processing agreements ensuring GDPR compliance.
7. Data Retention
- Account data: Retained while your account is active, deleted within 30 days of account deletion
- Learning content: Retained for service improvement; deleted upon request
- Payment records: Retained for 7 years as required by Finnish tax law
- Usage logs: Retained for 90 days for security purposes
8. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a portable format
- Restriction: Limit how we use your data
- Objection: Object to processing based on legitimate interests
- Withdraw consent: For consent-based processing
To exercise these rights, contact us at support@email.suomify.fi. We will respond within 30 days.
9. Account Deletion
You can delete your account at any time from your Profile settings. Upon deletion:
- Your account and personal data will be permanently deleted
- Learning history and exercises will be removed
- Subscription will be cancelled (no refunds for remaining periods)
- This action cannot be undone
10. Cookies and Tracking Technologies
10.1 Essential Cookies
Required for the Service to function:
- Authentication: Keeping you logged in securely
- Preferences: Remembering your language and settings
- Security: Protecting against CSRF attacks
10.2 Analytics Cookies
We use analytics tools to understand how visitors use the Service and to improve the user experience:
- Google Analytics 4: Collects anonymized data about page views, user interactions, and site performance. Google may set cookies such as
_gaand_ga_*. See Google's Privacy Policy. - Microsoft Clarity: Records anonymized session replays and generates heatmaps to help us understand user behavior on the site. Clarity may set cookies such as
_clckand_clsk. Personal data (such as text inputs) is masked by default. See Microsoft's Privacy Statement.
Analytics data is collected based on our legitimate interest in improving the Service (GDPR Art. 6(1)(f)). We do not use advertising cookies. You can manage or disable analytics cookies via your browser settings or by using browser extensions such as Google Analytics Opt-out Browser Add-on.
10.3 Bot Protection
We use Cloudflare Turnstile to protect certain forms (such as registration) from automated abuse. Turnstile may process your IP address and browser characteristics to distinguish humans from bots. This is an invisible CAPTCHA — no user interaction is required. See Cloudflare's Privacy Policy.
11. Data Security
We protect your data with:
- Encryption in transit (HTTPS/TLS)
- Encrypted password storage (bcrypt)
- Secure cloud infrastructure (AWS)
- Regular security audits
- Access controls and monitoring
12. International Transfers
Some of our service providers are located outside the EU. We ensure appropriate safeguards through:
- EU-US Data Privacy Framework (Stripe)
- Standard Contractual Clauses (other providers)
- Data Processing Agreements with all providers
13. Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.
14. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service. Continued use after changes constitutes acceptance.
15. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
Finnish Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki
tietosuoja@om.fi
+358 29 566 6700
16. Contact Us
For privacy-related questions or to exercise your rights:
- Email: support@email.suomify.fi
By using Suomify, you acknowledge that you have read and understood this Privacy Policy. Your use of the Service constitutes acceptance of these data practices.