Home
Discover
Data sources
Data definitions
Manage
My applications
My data sources
My groups
Access control keys
Support
Developer resources
System status
Community Slack
Privacy policy
Terms of Service
/
Privacy Policy

Privacy Policy for IOXIO® services

Last updated: 2024-12-11

This Privacy Policy describes how IOXIO Ltd and its affiliates collect and use your Personal Data in connection with IOXIO® services ("Services"). It also informs you about your privacy rights and how the law protects you. By using the Services, you agree to the collection and use of information as described in this Privacy Policy.

1. About IOXIO

IOXIO Ltd is a registered company in Finland with:

  • Business ID: 2464491-9
  • Official Address: Keilaranta 3 A 305, 02150 ESPOO, FINLAND

For any questions or requests regarding this Privacy Policy, please contact us at [email protected]

2. Interpretation and Definitions

Interpretation

Words with initial capital letters have defined meanings under the following conditions. These definitions apply regardless of whether the words appear in singular or plural.

Definitions

  • Account: A unique account created for you to access our Services or parts of our Services
  • Company (referred to as "We," "Us," or "Our" in this Privacy Policy): Refers to IOXIO Ltd, Keilaranta 3 A 305, 02150 ESPOO, FINLAND.
  • Device: Any device that can access the Service, such as a computer, cellphone, or digital tablet.
  • Personal Data: Any information that relates to an identified or identifiable individual.
  • Service: All software programs and associated features provided by IOXIO Ltd, as well as our support services.
  • Service Provider: A natural or legal person who processes data on behalf of the Company.
  • Usage Data: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (e.g., page visit duration).
  • You: The individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service.

3. Collecting and Using Your Personal Data

3.1 Types of Data Collected

Personal data

While using our Services, we may ask you to provide certain personally identifiable information, which may include but is not limited to:

  • Email address
  • Phone number
  • First name and last name
  • Organization name
  • Payment information
Usage Data and Cookies

We collect data automatically when you use our Services, including:

  • IP address
  • Browser type and version
  • Pages visited and time spent on them
  • Diagnostic and technical data to improve the Service
  • Internal application logs, which contain necessary information for the operation of the Services, monitoring and diagnosis of problems

The cookies we use and their purposes are:

  • access_token and id_token: Used to identify you and manage access permissions after you choose to log in on the Service.
  • __cfduid: We use Cloudflare to enhance the performance and security of our service. This cookie is used by Cloudflare to detect and block malicious visitors.

Stripe additionally uses cookies to provide you payment services. Check the Stripe Cookies Policy for details.

Other Personal Data use

When you contact us via social media, email, our support system, or other means we will have your contact information. We only use this to communicate back to you.

Your payment information is collected and processed by our payment processor, as required to complete your payments, or payouts to you. We do not receive your card details, and only store the necessary information about the transactions for our accounting, and to determine your access to our Services. Check the Stripe Privacy Policy for detailed information.

We use Plausible Analytics for a privacy-focused tracking service that gives us enough data to check e.g. effectiveness of our marketing campaigns and roughly what areas of the world our visitors are coming from, and what parts of the Service are popular. Check the Plausible Data Policy for detailed information.

We use Cidaas identity management for user authentication and login capabilities on our Service. Check the Cidaas Privacy Policy for detailed information.

Additionally we use Cloudflare to optimize the performance of our website. They gather some data about traffic through their systems, including to our Service. Check the Cloudflare Privacy Policy for detailed information on how they use the data.

How We Use Cookies

We use cookies only for necessary functions required to provide the Services. These cookies and local storage mechanisms support essential operations, such as authentication and secure user access. We do not use cookies for tracking your activity outside our Services.

3.2 Use of Your Personal Data

We may use Personal Data for the following purposes:

  • To provide and maintain the Service: Ensuring functionality, reliability, and monitoring.
  • To manage your Account: Facilitating your registration and access as a registered user.
  • For performance of a contract: Supporting any agreements for products or services you purchase.
  • To contact you: For notifications about updates, security issues, or other essential communications, as well as to respond to you over social media.
  • To manage your requests: Assisting with inquiries and providing customer support.
  • For business transfers: Evaluating or completing corporate transactions like mergers or acquisitions.
  • For other purposes: Improving the Service through analysis, identifying trends, and evaluating the effectiveness of features.

Our "lawful basis" required by EU data protection law includes:

  • Performing the actions laid out in our contract we have with you when you use the Services: In certain circumstances, we need your personal data to comply with our obligation to deliver the Services.
  • To comply with legal and accounting requirements: Sometimes the law or our accountants require us to collect and use your data for example to follow the tax regulation.
  • Our legitimate interests - good and fair reasons to use your data in ways that do not hurt you, your rights, or your interests. This includes things like our legitimate interest to guarantee and continuously improve on the safety, security, and performance of the Services.

4. Sharing Your Personal Data

Since social functions are not at the core of IOXIO® Services, neither is Personal Data at the core of our business. IOXIO Ltd does not rent, sell, or share your Personal Data, or otherwise give access to your Personal Data to anyone unless to explicitly perform the actions and functions mentioned in the Terms of Service and this document.

We may share your data in the following ways:

  • IOXIO Ltd Staff: We may share your Personal Data with anyone directly involved in the operation of IOXIO® Services, including our affiliates, employees, affiliates, subsidiaries, and parents, when it is reasonably necessary or desirable for us to disclose your data in order to carry out the data processing purposes required from us.
  • Agents: We may employ other companies and people to perform tasks on our behalf in certain circumstances, and need to share your information with them to provide products or services to you. This may include things like delivery of mail or email, data analysis, marketing, processing payments, and customer service. Unless explicitly mentioned otherwise, the agents DO NOT have any right to use your Personal Data that we share with them beyond what is necessary for them to perform their required functions.
  • Statistical and aggregate data: We may provide collected statistical analysis and aggregated information about how our users, collectively, use our site. This data is typically used to better understand our users and provide you with the optimal experience, or improve our marketing. This data does not contain personally identifying information.
  • With other users of IOXIO® Services: When you publish data on IOXIO® Services it is for the explicit purpose of other users using it, and we may share your Personal Data with other users to a necessary degree for them to use our Services in the desired manner. We may also share your GDPR and technical contact information for you to provide support to other users of our Services.
  • Business transfers: In case IOXIO Ltd or a substantial amount of its assets were acquired, or IOXIO Ltd to go through a merger, go out of business or declare bankruptcy, customer information is one of the assets that is transferred or acquired by a third party. By using our Services you acknowledge that such transfers may occur, and that your Personal Data may be continued to be used by any acquirer of IOXIO Ltd assets.
  • Protection of IOXIO Ltd or its services, and complying with the law: We may be required to disclose Personal Data to comply with the law or law enforcement, to prevent abuse and fraud on IOXIO® Services, protect our legal rights, property, or the safety of IOXIO Ltd, its staff, users, and others. We reserve the right to disclose information when we believe doing so is reasonably necessary in these kinds of scenarios.
  • Your explicit consent: When your Personal Data may be shared with 3rd parties for other purposes, you will be notified of it and you will be able to choose whether or not you want to share your information.

5. Retention of Your Personal Data

We retain Personal Data only as long as necessary for:

  • Legal compliance (e.g., tax or regulatory requirements).
  • Service functionality and user support.
  • Resolving disputes and enforcing agreements.

Usage Data is generally retained for shorter periods, except where it enhances security or supports Service improvements.

6. Transfer of Your Personal Data

IOXIO is a Finnish company, and Finland is a member of the European Union. IOXIO strives to store all its data within the EU, and avoids storing data outside of the EU where possible, however in certain scenarios some Personal Data may be in other countries, such as the United States. When your Personal Data is transferred to those countries, it is protected as described in this Privacy Policy. An example of such a transfer would be in the case of Stripe - our payment provider.

Handling of your Personal Data by Stripe is still regulated by, e.g. the EU GDPR.

If you feel we're needlessly transferring your data abroad and have better solutions to recommend to us, please let us know, we're always looking to improve.

7. Disclosure of Your Personal Data

7.1 Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred with prior notification.

7.2 Legal Obligations

We may disclose your Personal Data to comply with legal requirements or in response to lawful requests from authorities.

7.3 Other Legal Requirements

Disclosure may occur to:

  • Protect our rights or property.
  • Prevent misuse or investigate wrongdoing.
  • Ensure the safety of users and the public.

8. Security of Your Personal Data

We at IOXIO are pretty passionate about security. We follow the best practices for protecting the data we collect and maintain, including e.g. encryption of traffic over the internet, but where possible we go the extra step and ensure that we do not store unnecessary and potentially damaging information about our users, and that additional technical means are in place to ensure safety of your data.

We store our data and host our services using European infrastructure whenever possible, in secure data centers with strong physical and electronic security measures in place. We limit unnecessary access to your data, and do not store it for longer than necessary. Since we use common cloud hosting services for cost-efficiency, their ultimate owners are U.S. based entities which means there is some risk that U.S. based entities and agencies may gain access to some or all of your data on the Service. We are continuously evaluating alternatives for services that allow us to reduce dependency on U.S. based entities that are not fully trustworthy.

Ultimately no level of security is perfect, and any security system is as weak as its weakest link. In the case of Personal Data it is often your personal account credentials, and it is up to you to ensure that you use unique and strong passwords on e.g. your email service, as well as two-factor authentication where possible to prevent unauthorized access to your account.

There may also be other failures in the security ranging from bugs, hardware failure, unauthorized entry, and other things. In such events we strive to ensure any failures in our security are promptly fixed, and reasonable notifications are sent out as soon as possible.

9. Children's Privacy

Our Services are not intended for individuals under 13. People under the age of 16 are not permitted to create accounts on our Services without consent from their legal guardian. We do not knowingly collect data from children. If a parent or guardian believes their child has provided us with Personal Data, please contact us to facilitate removal.

10. Links to Other Websites

Our Services may link to external sites. We are not responsible for the content or privacy practices of third-party sites. We encourage you to review their privacy policies before interacting.

11. Your Rights Under GDPR

As a user in the European Union, you have the following rights:

  • Access: Request access to your Personal Data.
  • Correction: Request corrections to inaccurate or incomplete data.
  • Deletion: Request deletion of your data (subject to legal obligations).
  • Restriction: Restrict the processing of your data.
  • Objection: Object to the processing of your data for specific purposes.
  • Data Portability: Request a copy of your data in a structured format.

You may log into our Service and edit your Personal Data as necessary, but if you require assistance with these rights, contact us at [email protected]

You also have the right to lodge a complaint with a supervisory authority: https://edpb.europa.eu/about-edpb/board/members_en

12. Changes to this Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page, with the "Last updated" date revised. Significant changes will be communicated via any reasonable means, such as email or notifications on the Service.

For any questions, contact us at [email protected]