KaamosAI

Privacy Policy

Last Updated: June 10, 2025

Kaamos AI Oy (“we”, “us”, or “our”) operates the kaamos.ai website and related services (the “Service”). This policy explains how we collect, use, and protect your personal data under the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, and applicable Finnish law.

1. Roles Regarding Your Data

Kaamos AI Oy (Business ID: 3537483-8, Finland) is responsible for deciding how your personal data is handled when you interact with us directly.

Contact: privacy@kaamos.ai

Clarification on Data Handling Roles: This privacy policy applies when Kaamos AI determines the purpose and means of processing your personal data (acting as a data controller). If you use our Service as part of a business relationship, your employer or another organization may determine the purpose and means of processing, and Kaamos AI acts solely as a data processor, processing your data according to their instructions. In these cases, your employer or the relevant organization is responsible for ensuring that your data is processed lawfully and appropriately.

2. How and Where We Get Your Data

A. Information You Provide Directly

  • Contact and Account Information: Name, email address, phone number, username, and password (if you create an account).
  • Communications: Messages, support requests, or feedback you send us.
  • Payment Details: If you make a payment, your payment information will be collected by our payment processor.

B. Information Collected Automatically

  • Usage and Technical Data: IP address, device and browser type, operating system, pages visited, timestamps, session length, and clickstream data.
  • Cookies and Similar Technologies:
    • Essential cookies: Used for basic site functions (no consent required).
    • Analytics and marketing cookies: Used only with your explicit consent.
  • Logs: Server logs, error logs, and other diagnostic data.

C. Information from Third Parties

  • From Organizations: Your employer or business partner may provide us with your data.
  • From Public Sources: We may collect information from public records, such as trade registers or company websites.
  • From Authorities: We may receive data from government agencies, courts, or similar institutions.
  • From Third-Party Data Providers: We may obtain professional contact details (e.g., name, business email, job title) from trusted third-party providers who lawfully collect and share such data from publicly available sources or other compliant means.
  • From Our Own Analysis: We may generate insights or compile information based on data we already have.

3. Purposes of Processing and Legal Bases

We process your personal data for the following purposes and on the following legal bases:

Service Delivery and Account Management

Purposes: To provide, maintain, and improve our Service; to create and manage your account; to authenticate users; to process payments; and to provide customer support.

Legal basis: Contractual necessity (necessary to fulfill our agreement with you).

Business Development and Lead Generation

Purposes: To identify potential business clients and establish professional relationships using data obtained from third-party providers.

Legal basis: Legitimate interests (to grow our business while ensuring compliance with GDPR).

Security Monitoring and Incident Response

Purposes: To detect, prevent, and respond to security incidents, fraud, and unauthorized access; to ensure the integrity and security of our systems and data.

Legal basis: Legitimate interests (to protect our business and your data).

Marketing Communications

Purposes: To send you promotional materials, newsletters, and other marketing communications.

Legal basis: Consent (where you have given your explicit consent).

Analytics and Service Improvement

Purposes: To analyze usage trends, optimize our Service, develop new features, and improve user experience.

Legal basis: Legitimate interests (for internal analytics and service improvement) or consent (for more advanced analytics or marketing-related analytics).

Legal and Regulatory Compliance

Purposes: To comply with applicable laws, regulations, and official requests.

Legal basis: Legal obligation.

We process your personal data only for the purposes described above and do not use it for incompatible purposes. We collect only the minimum amount of data necessary for each purpose.

4. Sharing and Transferring Your Data

  • With Service Providers: We may share your data with trusted service providers who help us operate our Service, always under strict data processing agreements (DPAs) that require confidentiality, data protection, and compliance with our instructions.
  • With Business Partners: We may share your data with business partners only with your explicit consent or as necessary to deliver specific features or services you request.
  • With Authorities: We may disclose your data when required by law, regulation, or to protect our rights, property, or safety.
  • Internationally: Your data may be transferred outside the EU/EEA. When this occurs, we implement approved safeguards—such as Standard Contractual Clauses or adequacy decisions by the European Commission—to ensure your data remains protected.
  • During Business Transactions: If our company undergoes a merger, acquisition, or reorganization, your data may be transferred as part of that process. We will notify you of any such transfer if required by law or if your rights are materially affected.

5. How Long We Keep Your Data

We retain your personal data only as long as necessary for the purposes described in this policy. For most data, such as contact form submissions and analytics, we retain information for no longer than 12 months. Some data, such as records required for legal or accounting purposes, may be retained longer as required by law.

6. Your Rights Over Your Data

You have several rights regarding your personal data:

  • Right to Be Informed: You have the right to be informed about how we collect, use, and share your personal data.
  • Access: You can ask us what information we hold about you.
  • Correction: You can request corrections to inaccurate or incomplete data.
  • Deletion: You can ask us to delete your data if it is no longer needed or if you withdraw consent.
  • Restriction: You can request that we limit how we use your data in certain circumstances.
  • Objection: You can object to certain types of processing, including direct marketing.
  • Data Portability: You can ask for a copy of your data in a structured, machine-readable format.
  • Withdraw Consent: You can withdraw your consent to processing at any time, where processing is based on consent.
  • Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing.
  • Lodge a Complaint: You have the right to file a complaint with the relevant data protection authority.

To exercise these rights, contact us at privacy@kaamos.ai. We may ask for additional information to verify your identity. We will respond within one month, but may extend this period by up to two additional months for complex requests.

7. Keeping Your Data Secure

We use industry-standard technical and organizational measures to protect your data, including encryption, access controls, and regular security reviews. Access to personal data is restricted to authorized personnel only, and we provide ongoing training to our staff on data protection. If a data breach occurs that affects your rights, we will notify you as required by law and take appropriate steps to mitigate any impact.

8. Cookies and Tracking Technologies

We do not currently use cookies or similar tracking technologies. This notice will be updated to reflect any changes in our practices to ensure continued compliance with data protection laws.

9. Protecting Children's Data

We do not knowingly collect data from individuals under 18. If you believe we have inadvertently collected data from a child, please let us know.

10. Links to Other Websites

Our Service may contain links to other websites. We are not responsible for their privacy practices.

11. Updates to This Policy

We may update this policy from time to time. Significant changes will be communicated to you by email or through a notice on the Service. The latest version will always be available on our website. By continuing to use the Service after changes take effect, you accept the updated policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

12. Governing Law and Jurisdiction

This Privacy Policy, and any disputes or claims arising out of or in connection with it, shall be governed by and construed in accordance with the laws of Finland, excluding its conflict of law provisions. You irrevocably agree that the courts of Finland shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Privacy Policy or its subject matter.

13. How to Contact Us

For any questions or to exercise your rights, contact us at:

privacy@kaamos.ai

Relevant Supervisory Authority:
The Data Protection Ombudsman's Office