Legal

Privacy Policy

How FITIONLED Oy collects, uses, and protects your data when you use Clafk. Plain English, with the GDPR specifics where they matter.

Effective date 2026-05-01 Last updated 2026-05-01 Provided by FITIONLED Oy
Questions? security@clafk.com

1. About This Policy

This Privacy Policy explains how FITIONLED Oy, the company that owns and operates Clafk, collects, uses, and protects personal data when you use our Service.

We comply with the EU General Data Protection Regulation (GDPR) and applicable Finnish data protection laws.

By using Clafk, you acknowledge and accept the practices described in this Policy.

2. Who We Are

FITIONLED Oy is a company registered in Finland.

For the purposes of GDPR:

  • We act as the Data Controller for account-related personal data such as names, email addresses, and billing information.
  • We act as the Data Processor for content processed through Clafk, including emails, uploaded documents, and knowledge base content.

For privacy-related matters, you can contact us at:

Email: security@clafk.com

3. Data We Collect

We may collect the following categories of personal data:

  • Contact information, such as your name, email address, company name, and role.
  • Account information, including login credentials and preferences.
  • Billing information, such as billing address and payment details processed by our payment providers.
  • User Content, including emails, documents, and information connected or uploaded to Clafk.
  • Usage information about how you interact with the Service.
  • Technical information such as IP address, browser type, device information, and operating system details.

We may also create aggregated or anonymised data that can no longer identify individuals. This information may be used for lawful business and analytics purposes.

4. How We Collect Data

We collect personal data:

  • Directly from you when you create an account, contact us, or use the Service.
  • Automatically through cookies, logs, and similar technologies when you interact with Clafk or our website.
  • From third-party providers, such as Google or Microsoft, when you connect external services to Clafk.

5. Why We Use Your Data

We process personal data only where permitted by applicable law. We use data to:

  • Provide, operate, and maintain the Service.
  • Process payments and manage subscriptions.
  • Communicate with you regarding support, updates, and account-related matters.
  • Improve and develop Clafk and its features.
  • Meet legal and regulatory obligations.
  • Detect, prevent, and investigate fraud, abuse, and security issues.

Our legal bases for processing include:

  • Performance of a contract.
  • Legitimate business interests.
  • Compliance with legal obligations.
  • Consent, where required by law.

6. AI Processing

Clafk uses artificial intelligence to categorize emails and generate draft replies.

To provide these features, content processed through Clafk, including email content, knowledge base materials, and related metadata, may be shared with trusted AI service providers solely for the purpose of delivering the Service.

  • We do not permit AI providers to use your content for model training.
  • AI providers operate under contractual no-training terms and retention limited to no more than 30 days for safety and abuse review.
  • AI processing is performed only to provide Clafk functionality requested by you.

7. Sharing Your Data

We share personal data only with parties that help us operate and provide the Service, including:

  • Hosting, infrastructure, payment, and AI service providers.
  • Public authorities where disclosure is legally required.
  • Successors or acquiring entities in the event of a merger, acquisition, restructuring, or sale of our business.

All third parties are required to process data securely and only according to our instructions and applicable data protection laws.

We do not sell your personal data.

8. International Data Transfers

Some service providers used by Clafk may process data outside the European Economic Area (EEA), including in the United States.

Where international transfers occur, we use safeguards approved under GDPR, such as Standard Contractual Clauses (SCCs), to protect personal data.

9. Data Retention

We retain personal data only for as long as necessary to:

  • Provide and maintain the Service.
  • Comply with legal, tax, accounting, and regulatory obligations.
  • Resolve disputes and enforce agreements.

When personal data is no longer required, we delete or anonymise it securely. Anonymised information may be retained indefinitely.

You may request deletion of your personal data at any time, subject to applicable legal requirements.

10. Security

We implement appropriate technical and organisational safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

Access to personal data is restricted to individuals who require it to provide or support the Service.

While we work to maintain strong security practices, no system can be guaranteed to be completely secure. You are responsible for maintaining the confidentiality of your account credentials.

If we become aware of a data breach affecting your personal data, we will notify you and relevant authorities where required by law.

11. Your Rights

If you are located in the EU or EEA, you may have the following rights under GDPR:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data.
  • Restrict or object to certain processing activities.
  • Receive your data in a portable format.
  • Withdraw consent where processing is based on consent.
  • File a complaint with a supervisory authority.

To exercise your rights, contact security@clafk.com.

We aim to respond to requests within 30 days where required under applicable law.

You may also contact the Office of the Data Protection Ombudsman regarding data protection concerns.

12. Cookies

Clafk uses cookies and similar technologies for authentication, security, and improving the user experience.

You can control cookies through your browser settings. Disabling cookies may affect certain functionality of the Service.

13. Children’s Privacy

Clafk is intended for business and professional use and is not designed for individuals under the age of 18.

We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time.

The “Last Updated” date indicates the latest version. Continued use of the Service after updates become effective constitutes acceptance of the revised Policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

FITIONLED Oy
Emailsecurity@clafk.com
Supportsupport@clafk.com
Websitehttps://clafk.com