Privacy Policy

Last updated /

Nov 17, 2025

1. About This Policy

This Privacy Policy explains how Finata Oy ("we," "us," or "our") collects, uses, processes, and protects your personal data when you use our website and AI Financial Controller & Financial Data Automation services (the "Service").

We are committed to protecting your privacy and ensuring transparency about how we handle your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Who We Are

Data Controller: Finata Oy
Business Address: Kaivokatu 10 A 705, 00100 Helsinki, Finland
Contact Email: hello@control.dev
Services: AI Financial Controller & Financial Data Automation for businesses

3. What Personal Data We Collect

We collect and process the following categories of personal data:

Contact Information: Email addresses provided through our website contact forms

Communication Data: Information contained in communications you send to us

Usage Data: Information about how you interact with our Service (when logged in)

Website Analytics Data: When you consent to analytics cookies, we collect:

  • Pages visited and time spent on pages

  • Device type, browser type, and operating system

  • Approximate location (country/city level based on IP address)

  • Referral source (how you arrived at our website)

  • Click and navigation patterns

  • Screen resolution and device information

Technical Data: IP addresses (collected by Google Analytics and anonymized where possible)

4. Cookies and Tracking Technologies

4.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us understand how visitors use our site and improve your experience.

4.2 Types of Cookies We Use

Strictly Necessary Cookies

  • Purpose: Essential for the website to function properly (e.g., cookie consent preferences)

  • Legal Basis: Legitimate interest

  • Duration: Session or up to 1 year

  • No consent required

Analytics Cookies (Google Analytics)

  • Purpose: Help us understand how visitors interact with our website

  • Provider: Google LLC

  • Legal Basis: Your consent

  • Duration: Up to 24 months

  • Can be disabled via cookie settings

4.3 Google Analytics

We use Google Analytics to analyze website traffic and user behavior. Google Analytics uses cookies to collect information about your use of our website. This information includes:

  • Pages you visit

  • Time spent on pages

  • How you arrived at our site

  • General location information

  • Device and browser information

Data Sharing: The information collected by Google Analytics is transmitted to and stored by Google on servers that may be located outside the European Economic Area, including in the United States.

Google's Use of Data: Google will use this information to evaluate your use of our website, compile reports on website activity, and provide other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

IP Anonymization: We have enabled IP anonymization in Google Analytics, which means Google will truncate/anonymize the last octet of your IP address within EU member states.

More Information:

  • Google Analytics Terms of Service: https://marketingplatform.google.com/about/analytics/terms/

  • Google Privacy Policy: https://policies.google.com/privacy

  • Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout

4.4 Managing Your Cookie Preferences

You can manage your cookie preferences at any time by:

Cookie Settings: Click the cookie settings link in our website footer to update your preferences

Browser Settings: Most browsers allow you to refuse or accept cookies through their settings. Please note that disabling strictly necessary cookies may affect website functionality.

Google Analytics Opt-Out: Install the Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout

Do Not Track: We respect Do Not Track signals where technically feasible.

5. How We Collect Your Personal Data

We collect your personal data in the following ways:

Website Forms: When you voluntarily submit your email address through contact forms on our website

Direct Communication: When you contact us via email or other communication channels

Service Usage: When you use our Service as a registered user

Cookies and Tracking: When you visit our website and have consented to analytics cookies

Automated Collection: Some data is collected automatically when you interact with our website (with your consent for non-essential data)

6. Why We Process Your Personal Data

We process your personal data for the following purposes:

Legal Basis: Consent

Analytics and Website Improvement: To understand how visitors use our website, identify technical issues, and improve user experience through Google Analytics (you can withdraw consent at any time)

Legal Basis: Legitimate Interest

Marketing Communications: To send you information about our services, updates, and relevant business content

Business Development: To understand market needs and improve our services

Legal Basis: Contract Performance

Service Delivery: To provide our AI Financial Controller & Financial Data Automation services

Customer Support: To respond to your inquiries and provide technical support

Account Management: To manage your account and access to our Service

Legal Basis: Legal Obligation

Compliance: To comply with applicable legal and regulatory requirements

7. How We Share Your Personal Data

We may share your personal data with the following categories of third parties:

Analytics Providers: Google LLC (Google Analytics) for website analytics purposes, with your consent

Technology Service Providers: We use standard office tools and AI services to operate our business and deliver our Service

Cloud Infrastructure: Your data is processed and stored using Google Cloud Platform (GCP) services

AI Service Providers: When you use AI features in our Service, your data may be processed by third-party AI providers outside the EU/EEA (see Section 9 for more details)

We do not sell, rent, or otherwise commercialize your personal data to third parties.

8. Where Your Data Is Processed

Your personal data is primarily processed and stored within the European Union using Google Cloud Platform infrastructure. We operate services in the EU and USA.

Google Analytics Data: When you consent to analytics cookies, your data may be transferred to and processed by Google LLC in the United States. Google participates in the EU-U.S. Data Privacy Framework, and we have implemented appropriate safeguards including Standard Contractual Clauses to protect your data during international transfers.

9. AI Features and International Data Transfers

Important Notice About AI Features:

  • AI features in our Service are disabled by default

  • If you choose to enable AI features, your data may be transferred to third-party AI service providers located outside the European Union and European Economic Area

  • Before enabling AI features, you will receive explicit warnings and must provide informed consent

  • You can disable AI features at any time to stop such data transfers

  • When AI features are enabled, appropriate safeguards are implemented in accordance with GDPR requirements

10. How Long We Keep Your Data

We retain your personal data for the following periods:

Contact Information: Until you request deletion or unsubscribe from communications

Service Data: For the duration of our business relationship and as required for legal compliance

Communications: Typically for 3 years unless longer retention is required for legal or business purposes

Cookie Data: Analytics cookies expire after 24 months; you can delete them at any time through your browser settings

Google Analytics Data: We have configured Google Analytics to retain user and event data for 14 months

11. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access: Request information about the personal data we hold about you

Right to Rectification: Request correction of inaccurate personal data

Right to Erasure: Request deletion of your personal data in certain circumstances

Right to Restrict Processing: Request limitation of processing in certain circumstances

Right to Data Portability: Request transfer of your data in a structured, machine-readable format

Right to Object: Object to processing based on legitimate interest or for direct marketing

Right to Withdraw Consent: Where processing is based on consent (such as analytics cookies or AI features), you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (see Section 15)

To exercise any of these rights, please contact us at hello@control.dev.

12. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:

  • Secure data storage using industry-standard cloud infrastructure

  • Access controls and authentication measures

  • Regular security assessments and updates

  • Staff training on data protection requirements

  • Encryption of data in transit and at rest where appropriate

13. Marketing Communications

If you have provided your email address, we may send you marketing communications about our services. You can:

  • Unsubscribe at any time using the link in our emails

  • Contact us at hello@control.dev to opt out

  • Update your communication preferences

14. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will delete such information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date

  • Sending you an email notification (where we have your email address)

  • Displaying a prominent notice on our website

Your continued use of our website and Service after such changes constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

Email: hello@control.dev
Address: Finata Oy, Kaivokatu 10 A 705, 00100 Helsinki, Finland

17. Supervisory Authority

If you believe we have not handled your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint with your local data protection supervisory authority.

For Finland, this is:
Office of the Data Protection Ombudsman
Website: tietosuoja.fi
Email: tietosuoja@om.fi

Cookie Policy Details

Current Cookies in Use

Cookie Name

Provider

Purpose

Duration

Type

_ga

Google Analytics

Distinguishes unique users

2 years

Analytics

ga*

Google Analytics

Maintains session state

2 years

Analytics

_gid

Google Analytics

Distinguishes unique users

24 hours

Analytics

cookie_consent

Finata Oy

Stores cookie consent preferences

1 year

Necessary

This list may be updated as our use of cookies evolves.

On this page