Privacy Policy

1. Data We Collect

We collect the following categories of personal data:

1.1 Personal Information

• Your name and contact details (email, phone number, residence address)
• Company and organization information
• Your role within organizations (owner, manager, worker, customer, resident)

1.2 Service Interaction Data

• FAQ topics, requests, and response context
• Email draft content and related metadata
• Web-chat widget and phone bot interaction records
• Service context information needed to route and handle requests
• Resource and attachment data

1.3 Communication Data

• Messages and conversations processed through connected communication channels
• Media attachments (images, documents, audio files)
• AI conversation history and function calls
• User state and conversation flow data

1.4 Technical Data

• IP address, browser type, and device information
• Website usage and navigation patterns
• System logs and error reports

2. Why We Process Your Data

We process personal data for the following purposes:

2.1 FAQ and Communication Services

• Generating and improving FAQ responses and related communications
• Creating and refining email drafts on your behalf
• Operating web-chat widget and phone bot interactions
• Processing service context information required for request handling
• Managing organization memberships and user roles
• Storing and processing communication-related media attachments

2.2 AI-Powered Communication

• Processing messages and conversations from connected channels
• Maintaining conversation history and user state
• Executing AI function calls and responses
• Providing intelligent FAQ and communication assistance

2.3 Service Improvement

• Analyzing usage patterns to improve platform functionality
• Enhancing AI conversation capabilities
• Optimizing user experience and interface design

2.4 Legal and Business Operations

• Comply with legal obligations and regulations
• Establish and maintain business relationships
• Respond to inquiries and service requests
• Ensure platform security and prevent fraud

2.5 Service Routing Data

We process only the minimum service routing data required to map requests to the correct workflow and responsible team, ensuring timely and accurate service handling.

We do not maintain long-term building/residence information as part of our standard service data model.

3. Legal Basis for Processing

We process your personal data based on:

• Contract performance: To fulfill our obligations when providing services, including processing service requests and delivering agreed functionality
• Legitimate interests: To respond to inquiries, operate and secure our services, support ongoing projects, and coordinate service routing data (balanced against your rights)
• Consent: When you voluntarily provide information through forms or communications (you may withdraw consent at any time)
• Legal obligation: To comply with applicable laws and regulations

4. Data from Third Parties

Data Received from Connected Email Services: When you authenticate via Microsoft (Outlook/Exchange) or Google (Gmail), we receive and process account data solely to provide drafting and answering services. Access is based on OAuth 2.0 tokens; we do not store your account passwords. We do not use this data for advertising, nor do we sell this data to third parties.

5. Data Storage and Retention

Your data is stored securely using GDPR-aligned providers including:

• Fly.io (application hosting, EU region)
• Supabase (database and storage, Stockholm EU region)
• Twilio (service communication infrastructure)
• Resend (transactional email)

6.1 Data Retention Periods

• Construction Project Data: Retained for 7 years after project completion for legal and business purposes
• Communication Data: Message and AI conversation records retained for up to 12 months after the end of the related project or inquiry, then automatically deleted or anonymized unless required for ongoing legal or contractual obligations
• Media Attachments: Project-related media retained for up to 24 months after project completion unless legal retention applies
• User Accounts: Account data retained until account deletion or 3 years of inactivity
• Technical Logs: System logs retained for 1 year for security and debugging purposes

We may retain data longer if required by law, regulation, or legitimate business needs. You can request data deletion at any time, subject to legal obligations.

6. Data Sharing

We do not sell your personal data. We may share it:

• With service providers who help us operate our business (under data protection agreements)
• When required by law or to protect our legal rights
• With your explicit consent

7. Your Rights Under GDPR

Under the EU General Data Protection Regulation (GDPR) and Finnish Data Protection Act (Tietosuojalaki), you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured format
• Object: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent
• Lodge a complaint: With the Finnish Data Protection Authority (Tietosuojavaltuutetun toimisto)

7.1 How to Make a Data Request

To exercise your rights (including data deletion), contact us at christian.ahlstrom@renocount.com. We will confirm receipt and respond within 30 days. We may request additional information to verify your identity.

8. Cookies and Analytics

Our website may use cookies and similar technologies to:

• Ensure proper website functionality
• Analyze website usage (we aim to use aggregated or anonymized data where possible)
• Improve user experience

You can control cookie settings through your browser preferences. Where required, we obtain your consent via a cookie banner.

9. Updates to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

10. Automated Decision-Making

We do not make decisions producing legal or similarly significant effects on you that are based solely on automated processing, including profiling. Where we use AI features to assist communication or workflows, a human remains involved in outcomes that affect your rights.

11. Data Protection and Security

We implement technical and organizational measures in accordance with Article 32 GDPR, including HTTPS/TLS encryption in transit and encryption at rest where applicable, role-based access controls, least-privilege principles, secure development practices, and regular access reviews.

12. International Data Transfers

Some service providers (e.g., messaging or email providers) may process data outside the EU/EEA. Where such transfers occur, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, to ensure an adequate level of protection.

13. Processing Roles and Responsibilities

Depending on the service context, we may act either as:

• Data controller when we collect personal data directly for our own service purposes
• Data processor when acting on behalf of a client under documented instructions

When acting as a processor, we process data only under documented instructions of the controller and in accordance with a Data Processing Agreement.

14. Children’s Data

Our services are not directed to children. We do not knowingly collect personal data of individuals under 16. If you believe a child has provided personal data, please contact us so we can delete it.