Privacy Notice (Yscale Oy)
Last updated: [17.1.2025]
This Privacy Notice explains how Yscale Oy (“Yscale”, “we”, “us”) processes personal data when you visit our websites, request access, communicate with us, or use our services (including Yscale Flow and Yscale Pulse).
1. Controller and contact details
Controller: Yscale Oy
Business ID: [3590695-3]
Address: [Antinkatu 3 D, 00100 Helsinki]
Email: [lucas.kuisma@yscale.fi]
2. Scope
This notice covers processing of personal data in connection with:
Our websites (e.g., yscale.fi)
Access requests, pilot programs, demos, and inquiries
Sales, onboarding, and customer support communications
Use of Yscale Flow and Yscale Pulse (if/when you are a user)
Events, marketing communications, and newsletters (if you subscribe)
3. Personal data we process
Depending on your interaction with Yscale, we may process:
A) Data you provide
Contact details (name, email, phone number)
Company details (company name, role/title, industry)
Content of your messages (forms, emails, chat messages, meeting notes)
Access request information (use case, tools in your stack, requirements)
B) Data generated through website use
Device and usage data (IP address, browser type, pages viewed, timestamps)
Cookie identifiers and analytics events (see section 10)
C) Data processed in the services (Flow / Pulse)
If you use our services, we may process:
Account and authentication data (user ID, email, role/permissions)
Activity and audit data (actions requested, approvals/rejections, timestamps)
Content you input into Flow (commands, prompts, uploaded text/documents)
Outputs created within the service (drafts, reports, summaries)
Integration metadata (e.g., connected tools, connection status)
Important: If you connect external systems (e.g., email, CRM, documents), data from those systems may be processed according to your configuration and instructions.
4. Purposes and legal bases
We process personal data for the purposes below and on the following legal bases under the GDPR:
A) Providing and operating the services
Purpose: Account creation, authentication, service delivery, approvals, auditability, and platform functionality
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)) and/or legitimate interests (Art. 6(1)(f))
B) Responding to inquiries, access requests, and support
Purpose: Handling requests, pilot onboarding, customer support, communications
Legal basis: Legitimate interests (Art. 6(1)(f)) or contract steps (Art. 6(1)(b))
C) Improving product quality, security, and reliability
Purpose: Debugging, monitoring, service performance, fraud prevention, security controls
Legal basis: Legitimate interests (Art. 6(1)(f))
D) Marketing communications (where applicable)
Purpose: Sending updates, invitations, and content
Legal basis: Consent (Art. 6(1)(a)) where required, or legitimate interests (Art. 6(1)(f)) for B2B communications as permitted by applicable law
You can opt out at any time.
E) Legal compliance
Purpose: Accounting, compliance, responding to lawful requests, enforcing rights
Legal basis: Legal obligation (Art. 6(1)(c)) and/or legitimate interests (Art. 6(1)(f))
5. Data minimization and governance (Human-in-the-Loop)
Yscale Flow is designed to support approval-gated workflows and controlled execution. You can configure permissions and approval steps so that actions and updates require human review before syncing to other systems.
6. Data sharing and recipients
We may share personal data with:
Service providers / processors (e.g., hosting, analytics, email delivery, CRM, customer support tools) acting under data processing agreements
Integration partners when you enable integrations (data is shared according to your configuration)
Professional advisors (legal, accounting) where necessary
Authorities if required by law
We do not sell personal data.
7. International transfers
We aim to process and store data in the European Economic Area (EEA). If we transfer personal data outside the EEA, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses and supplementary measures where required.
8. Retention periods
We retain personal data only as long as necessary for the purposes described:
Website analytics: typically [e.g., 14–26 months] depending on configuration
Access requests and inquiries: typically [e.g., 12–24 months] after last interaction
Customer account and service data: for the duration of the customer relationship and a reasonable period thereafter
Legal and accounting records: as required by applicable law
Exact retention may vary depending on legal obligations and your service configuration.
9. Security
We implement appropriate technical and organizational measures to protect personal data, including access controls, logging, and safeguards suited to the nature of the data and the risks of processing. No method of transmission or storage is completely secure, but we work to maintain a high standard of protection.
10. Cookies and analytics
We may use cookies and similar technologies for:
Essential functionality
Performance and analytics
Improving user experience
You can manage cookies through your browser settings and, where implemented, our cookie banner/preferences.
Analytics tools (if used): [e.g., Google Analytics / Plausible / PostHog]
(Replace with your actual tools.)
11. Your rights
Subject to applicable law, you may have the right to:
Access your personal data
Rectify inaccurate data
Delete data (“right to be forgotten”)
Restrict processing
Object to processing based on legitimate interests
Data portability (where processing is based on contract or consent)
Withdraw consent (where processing is based on consent)
To exercise your rights, contact us at [privacy@yscale.fi
].
12. Complaints
If you believe our processing violates data protection law, you have the right to lodge a complaint with your local supervisory authority.
In Finland, this is the Office of the Data Protection Ombudsman.
13. Updates to this notice
We may update this Privacy Notice from time to time. The latest version will always be available on our website with the “Last updated” date.
