Privacy policy
How we collect, use and protect personal data. Last updated: 2025-05-15.
Vega Business Intelligence Oy (Eiffels AI), Helsinki, Finland. Contact: igor@eiffels.ai.
We process the personal data you provide when contacting us, signing up, or using our services: name, work email, phone number, employer, role, message content and product usage telemetry. For customers, we process the personal data you transmit to the service as your data processor, under our DPA.
We process personal data to (a) provide and operate the service (contractual necessity, art. 6(1)(b) GDPR); (b) communicate with prospects and customers (legitimate interest, art. 6(1)(f)); (c) comply with legal obligations (art. 6(1)(c)); and (d) where required, on the basis of consent (art. 6(1)(a)).
By default, customer data is stored on Microsoft Azure North Europe (Ireland). Other regions are available on request for enterprise customers.
We do not sell personal data. We share data with sub-processors strictly required to operate the service (hosting, analytics, support tooling). A current list is available on request.
We keep personal data only as long as needed for the purposes above and as required by law. Customer data is deleted on contract termination per the DPA terms.
Under GDPR you can access, correct, delete, restrict or port your personal data, and object to processing. To exercise these rights, email igor@eiffels.ai. You may also lodge a complaint with the Finnish Data Protection Ombudsman.
We use encryption in transit and at rest, role-based access, audit logging, MFA and regular security reviews. Customers can request our security overview under NDA.
We will publish material changes to this policy on this page and, where appropriate, notify customers directly.
Privacy questions or rights requests: igor@eiffels.ai.