Privacy Policy

Last updated: 2026-02-17

1. Data Controller

Legal entity: [COMPANY LEGAL NAME]
Business ID: [BUSINESS ID]
Address: [POSTAL ADDRESS]
Contact email: [PRIVACY EMAIL]

If we have appointed a Data Protection Officer, contact details will be listed here.

2. Scope

This Privacy Policy explains how we process personal data when users access and use the perukirja.io probate workflow service.

3. Categories of Personal Data

We process the following categories, depending on user activity:

3.1 Account and authentication data

  • Name
  • Email address
  • Password hash and authentication records
  • Session data, including session token, IP address, user agent, and session expiry data
  • Email verification and password reset token records

3.2 Case and probate data entered by users

  • Deceased person details (e.g. name, personal ID, date of death, domicile)
  • Shareholder/heir details (e.g. name, personal ID, contact details, status flags)
  • Spouse-related details (where applicable)
  • Asset and debt records (including metadata fields entered by users)
  • Structured form responses for process steps
  • Meeting and trustee details (including personal identifiers where entered)
  • Personal notes created by users
  • Document checklist status (which required documents are marked as checked)

3.3 Chat and AI interaction data

  • User chat prompts
  • Assistant replies
  • Related metadata (model identifier, token usage, citations/grounding metadata)
  • Message quality flags and optional user comments on flagged messages

3.4 Service usage and operational data

  • Per-case daily token/cost tracking for AI budget/rate limiting
  • Standard technical logs required for service security and operation

4. Purposes and Legal Bases

We process personal data for the following purposes:

  1. Account creation, login, and security controls
    Legal basis: Contract performance; legitimate interests (security and fraud prevention).
  2. Delivering the probate workflow service and storing user-entered case data
    Legal basis: Contract performance.
  3. Sending transactional emails (verification, password reset)
    Legal basis: Contract performance; legitimate interests (account security).
  4. AI assistant functionality and chat history
    Legal basis: Contract performance.
  5. Abuse prevention, rate limiting, and security monitoring
    Legal basis: Legitimate interests.
  6. Legal compliance, dispute handling, and recordkeeping
    Legal basis: Legal obligation and legitimate interests, as applicable.

5. Data Sources

  • Directly from users through forms, account flows, and chat interactions.
  • Automatically from device/request metadata during authentication and service use.

6. Recipients and Processors

We use third-party processors to provide parts of the service. Current processors identified in the implementation:

  • Better Auth infrastructure components (authentication/session framework use)
  • Google Gemini (AI processing)
  • Resend (transactional email delivery)
  • Hosting/infrastructure providers: [TO BE CONFIRMED]
  • Database provider: [TO BE CONFIRMED]

We use appropriate data processing agreements with processors where required.

7. International Transfers

Where a processor is located outside the EEA or may process data outside the EEA, we use GDPR-compliant transfer mechanisms (for example Standard Contractual Clauses), where required.

Processor-by-processor transfer details must be documented before publication.

8. Retention

Data is retained only as long as necessary for the purposes described above, subject to legal obligations. Retention schedule to finalize before publication:

  • Account/profile data: [DEFINE PERIOD OR ACCOUNT LIFECYCLE RULE]
  • Session/auth logs and security records: [DEFINE PERIOD]
  • Case data and related notes/forms/chat: [DEFINE PERIOD]
  • Email verification/reset records: [DEFINE PERIOD]
  • AI usage tracking records: [DEFINE PERIOD]
  • Backup retention windows: [DEFINE PERIOD]

9. Data Subject Rights

Subject to applicable law, users may request:

  • Access to personal data
  • Rectification
  • Erasure
  • Restriction of processing
  • Objection to processing based on legitimate interests
  • Data portability (where applicable)
  • Withdrawal of consent where processing is consent-based

Users also have the right to lodge a complaint with a supervisory authority.

10. Security Measures

We apply technical and organizational measures appropriate to risk, including:

  • Authenticated access controls and case ownership checks
  • CSRF/origin protections on API endpoints
  • Input validation and schema enforcement
  • Security headers and transport protections
  • Controlled integration access to third-party services

No system can be guaranteed to be 100% secure, but we continuously improve safeguards.

11. Children

The service is not intended for direct use by children. Users are responsible for ensuring they have authority to submit personal data related to estate processes.

12. Policy Changes

We may update this policy. Material changes will be communicated through the service or other appropriate channels.

13. Contact

For privacy-related requests and questions:

Email: [PRIVACY EMAIL]
Postal: [POSTAL ADDRESS]