Section 00
PRIVACY POLICY Last updated January 26, 2026
Your data,
on the record.
How we collect, use, and protect your information — written to be read, not just lawyered through. Your rights, our sub-processors, what we keep and for how long.
Section 01
INTRODUCTION Who we are
The legal entity behind the platform.
SISUiQ OY (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
Section 02
COLLECTION What we gather
Information you give us, plus what the platform observes.
We collect information you provide directly to us, including:
- 01Account information — name, email, organization
- 02Usage data and analytics
- 03Documents and content you upload
- 04Communication preferences
Section 03
USE What we do with it
Operating the service. Nothing more, nothing less.
We use the information we collect to:
- 01Provide, maintain, and improve our services
- 02Process transactions and send related information
- 03Send technical notices and support messages
- 04Respond to your comments and questions
- 05Analyze usage patterns to improve user experience
Section 04
SUB-PROCESSORS GDPR Article 28
Who else touches your data — and under what contract.
In accordance with GDPR Article 28, we maintain a list of sub-processors who process personal data on our behalf. Your data is shared only to deliver the service and is governed by Data Processing Agreements (DPAs):
- 01OpenAI— LLM inference and embeddings (OpenAI API DPA; your data is not used to train public models).
- 02Vector database provider — semantic search infrastructure
- 03Cloud infrastructure provider — application hosting and compute
- 04Managed database provider — relational data storage
We notify customers of any changes to our sub-processor list at least 30 days in advance. For a machine-readable version, contact [email protected].
Section 05
SECURITY How we protect it
Encryption at rest. Encryption in transit. Defence in depth.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption at rest and in transit, regular security assessments, and strict access controls.
See our security page for the full list of controls.
Section 06
RETENTION How long we keep it
Only as long as we need it. Deletable on request.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. You may request deletion of your data at any time.
Section 07
YOUR RIGHTS GDPR / CCPA
The data is yours. These tools make that real.
Depending on your location, you may have the right to:
- 01Access your personal data
- 02Correct inaccurate data
- 03Request deletion of your data
- 04Object to processing of your data
- 05Data portability
Exercise your rights
These actions require an authenticated account. If you encounter issues, email [email protected] to exercise your rights manually.
Section 08
COOKIES What is set in your browser
Essentials only. No advertising, no tracking pixels.
We use essential cookies to maintain your session and preferences. These are strictly necessary for the platform to function and cannot be disabled.
- 01Session cookies — authenticate your login and maintain your session
- 02Preference cookies — remember your settings (theme, language)
We do not use third-party advertising or tracking cookies. We do not sell or share cookie data with third parties. If we introduce optional analytics cookies in the future, we will update this policy and request your explicit consent.
Section 09
CONTACT