Privacy Policy

1. Data We Collect

We collect the following categories of personal data:

1.1 Personal Information

• Your name and contact details (email, phone number, residence address)
• Company and organization information
• Your role within organizations (owner, manager, worker, customer, resident)

1.2 Construction Project Data

• Project details, descriptions, and specifications
• Task assignments, updates, and progress reports
• Time entries and work logs
• Building and residence information (including property addresses used to route maintenance and project requests)
• Resource and attachment data

1.3 Communication Data

• WhatsApp messages and conversations
• Media attachments (images, documents, audio files)
• AI conversation history and function calls
• User state and conversation flow data

1.4 Technical Data

• IP address, browser type, and device information
• Website usage and navigation patterns
• System logs and error reports

2. Why We Process Your Data

We process personal data for the following purposes:

2.1 Construction Management Services

• Managing construction projects, tasks, and assignments
• Tracking time entries, progress updates, and work logs
• Processing building and residence information
• Managing organization memberships and user roles
• Storing and processing project-related media attachments

2.2 AI-Powered Communication

• Processing WhatsApp messages and conversations
• Maintaining conversation history and user state
• Executing AI function calls and responses
• Providing intelligent construction management assistance

2.3 Service Improvement

• Analyzing usage patterns to improve platform functionality
• Enhancing AI conversation capabilities
• Optimizing user experience and interface design

2.4 Legal and Business Operations

• Comply with legal obligations and regulations
• Establish and maintain business relationships
• Respond to inquiries and service requests
• Ensure platform security and prevent fraud

2.5 Address Data and Maintenance Requests

We collect and store address information to map resident requests to the correct building and project. This allows us to assign maintenance tickets to the right contractors or property managers, ensuring timely and accurate service handling.

Addresses are used only for project identification and service delivery purposes and are not shared publicly.

3. Legal Basis for Processing

We process your personal data based on:

• Contract performance: To fulfill our obligations when providing services, including when processing residents’ maintenance requests or delivering services
• Legitimate interests: To respond to inquiries, operate and secure our services, support ongoing projects, and process address data to coordinate repairs and maintenance on behalf of property owners or managers (balanced against your rights)
• Consent: When you voluntarily provide information through forms or communications (you may withdraw consent at any time)
• Legal obligation: To comply with applicable laws and regulations

4. WhatsApp Communication Consent

When you initiate contact with us via WhatsApp:

• You provide consent to receive follow-up messages from us on WhatsApp
• We will only send messages related to your inquiry and our construction management services
• You can opt out of WhatsApp communications at any time by replying "STOP" or blocking our number
• We respect opt-out requests promptly and will not send further messages
• Your WhatsApp messages with us are also subject to WhatsApp's terms of service and privacy policy

5. Data Storage and Retention

Your data is stored securely using GDPR-aligned providers including:

• Fly.io (application hosting, EU region)
• Supabase (database and storage, EU region)
• Twilio (WhatsApp communication processing)
• Resend (transactional email)

5.1 Data Retention Periods

• Construction Project Data: Retained for 7 years after project completion for legal and business purposes
• Communication Data: WhatsApp messages and AI conversation records retained for up to 12 months after the end of the related project or inquiry, then automatically deleted or anonymized unless required for ongoing legal or contractual obligations
• Media Attachments: Project-related media retained for up to 24 months after project completion unless legal retention applies
• User Accounts: Account data retained until account deletion or 3 years of inactivity
• Technical Logs: System logs retained for 1 year for security and debugging purposes

We may retain data longer if required by law, regulation, or legitimate business needs. You can request data deletion at any time, subject to legal obligations.

6. Data Sharing

We do not sell your personal data. We may share it:

• With service providers who help us operate our business (under data protection agreements)
• When required by law or to protect our legal rights
• With your explicit consent

7. Your Rights Under GDPR

Under the EU General Data Protection Regulation (GDPR) and Finnish Data Protection Act (Tietosuojalaki), you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured format
• Object: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent
• Lodge a complaint: With the Finnish Data Protection Authority (Tietosuojavaltuutetun toimisto)

7.1 How to Make a Data Request

To exercise your rights (including data deletion), contact us at christian.ahlstrom@renocount.com. We will confirm receipt and respond within 30 days. We may request additional information to verify your identity.

8. Cookies and Analytics

Our website may use cookies and similar technologies to:

• Ensure proper website functionality
• Analyze website usage (we aim to use aggregated or anonymized data where possible)
• Improve user experience

You can control cookie settings through your browser preferences. Where required, we obtain your consent via a cookie banner.

9. Updates to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

10. Automated Decision-Making

We do not make decisions producing legal or similarly significant effects on you that are based solely on automated processing, including profiling. Where we use AI features to assist communication or workflows, a human remains involved in outcomes that affect your rights.

11. Data Protection and Security

We implement technical and organizational measures in accordance with Article 32 GDPR, including encryption in transit and at rest where applicable, role-based access controls, least-privilege principles, secure development practices, and regular access reviews.

12. International Data Transfers

Some service providers (e.g., messaging or email providers) may process data outside the EU/EEA. Where such transfers occur, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, to ensure an adequate level of protection.

13. Processing of Residents’ Personal Data

Where we process residents’ contact details or addresses as part of a project, we act either as:

• Data controller when we collect the data directly for our own service purposes
• Data processor when acting on behalf of a client (e.g., contractor or property manager)

When acting as a processor, we process data only under documented instructions of the controller and in accordance with a Data Processing Agreement.

14. Children’s Data

Our services are not directed to children. We do not knowingly collect personal data of individuals under 16. If you believe a child has provided personal data, please contact us so we can delete it.