Autonelio

Privacy Policy

This policy explains what personal data Autonelio collects, why we collect it, and how we handle it. We keep this clear and minimal so you can quickly understand what happens to your data.

1. Who we are

Autonelio is operated by Nordlate, a company based in Finland. For the purposes of EU data protection law (GDPR), Nordlate is the data controller for the website and the Autonelio applications. For data controller contact details, see Nordlate's Privacy Policy.

2. Scope

This policy covers the public website (e.g., autonelio.com) and the Autonelio applications (e.g., the shop management app). It applies to visitors, trial users, and paying customers.

3. Data we collect

  • Account data: name, email address, password (hashed), workspace/shop name, and basic settings.
  • Billing data: subscription selection, VAT number (if provided). Payments are processed by Stripe; we do not store full card details.
  • Support data: messages you send us (email or contact form) and any attachments you choose to provide.
  • Usage & device data: basic logs for security and reliability (IP address, timestamps, browser info).
  • Cookies: we use essential cookies required for the service to function, including session cookies to keep you logged in, security cookies to prevent cross‑site request forgery, and preference cookies to remember your settings. We also use analytics cookies (Google Analytics) to understand how visitors use our website and to improve the service. You can disable analytics cookies through your browser settings or by using the Google Analytics Opt‑out Browser Add‑on. We do not use marketing or advertising cookies.

4. Why we process your data

  • Perform a contract — to provide the services (accounts, authentication, workspace features, billing).
  • Legitimate interests — to keep the services secure, prevent abuse, improve reliability, and answer your requests.
  • Legal obligations — to meet tax, accounting, and compliance requirements.
  • Consent — when you ask us to contact you or when you opt in to non‑essential communications.

5. Data retention

We keep personal data only as long as needed for the purposes above:

  • Account data: kept while your account is active; deleted or anonymized after closure unless longer retention is required by law.
  • Billing records: retained for the period required by applicable tax and accounting laws.
  • Support messages: retained while your request is open and for a reasonable time afterward for reference and quality.
  • Logs: kept for a short period for security, troubleshooting, and abuse prevention.

6. Sharing & processors

We do not sell your personal data. We use a small number of trusted third‑party service providers to operate and improve the product. These partners act as our data processors and only process data on our instructions.

  • Hosting & infrastructure: provides the servers, databases, and storage used to run the services securely.
  • Payment processing: handles payments, subscriptions, and invoicing details. We do not store full card information.
  • Email delivery: sends account verification, notifications, and transactional messages.
  • Analytics & security: helps monitor reliability, prevent abuse, and maintain performance.

Some of these providers may process data outside the European Economic Area (EEA). In such cases, we ensure an adequate level of protection through lawful transfer mechanisms such as the EU Standard Contractual Clauses.

7. International transfers

If we transfer personal data outside the EEA, we ensure an adequate level of protection through lawful transfer mechanisms (e.g., SCCs) and apply additional safeguards where appropriate.

8. Your rights

Under the GDPR, you have the right to access, correct, or delete your personal data, and to object to or restrict certain processing. You can also request data portability. Where processing is based on consent, you may withdraw that consent at any time.

To exercise these rights, contact us at [email protected]. We may need to verify your identity before responding.

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with a supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman (tietosuoja.fi).

9. Security

We use industry‑standard measures to protect your data (encryption in transit, access controls, and monitoring). No method of transmission or storage is 100% secure; we work to continually improve safeguards.

10. Children

The service is not directed to children under 16, and we do not knowingly collect their personal data.

11. Contact

If you have questions about this policy or our data practices, email us at [email protected].

12. Changes to this policy

We may update this policy to reflect changes in the service or legal requirements. We will post the new version here and adjust the date below.

Effective date: 26 October 2025