Privacy Policy
Effective: 21 May 2026 Last updated: 21 May 2026 Version: 1.0
This privacy policy describes how SalesMonitor (hereinafter "we" or the "Service Provider") collects, uses and protects your personal data when you use the salesmonitor.io website and the SalesMonitor service (the "Service"). We process personal data in accordance with the EU General Data Protection Regulation (GDPR, 2016/679) and the Finnish Data Protection Act (1050/2018).
1. Data Controller
Salesmonitor Oy Data protection contact: info@salesmonitor.io Website: https://salesmonitor.io
You can contact us about any data protection matter at the email address above.
2. Personal data we process
2.1 Account creation data
- Name
- Email address
- Password (in encrypted form)
- Company name
- Business ID
- Phone number (optional)
2.2 Data generated by use
- Login and session data
- Usage logs
- IP address
- Browser and device information
- Cookie data (see separate cookie policy)
2.3 Service-related data
- Data from third-party services you have connected (Google Analytics, Google Ads, Meta Ads, TikTok Ads, Shopify). This data is processed on your instructions and typically does not contain personal data, except for any identifiers of your own customers.
- Goals and other configuration data set by the user.
2.4 Payment data
- Billing address
- Transaction details
Note: we do not process or store your card details. Payments are handled by our payment provider Stripe (see section 7).
2.5 Communication
- Customer service messages and their content
- Marketing consent (if given)
3. Where we get your data
Primarily, data is received directly from you when creating an account, using the Service and communicating with customer service. Data is also generated automatically when you use the Service (logs, cookies, IP address).
Through third parties (Google, Meta, TikTok, Shopify) we receive the data you authorise us to retrieve via the OAuth connection.
4. Purposes and legal bases for processing
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing the Service and managing the customer relationship | Contract (art. 6(1)(b)) |
| Billing and accounting | Legal obligation (art. 6(1)(c)) |
| Customer service and support | Contract (art. 6(1)(b)) |
| Improving and developing the Service | Legitimate interest (art. 6(1)(f)) |
| Ensuring information security | Legitimate interest (art. 6(1)(f)) |
| Marketing communications | Consent (art. 6(1)(a)) or legitimate interest |
| Meeting statutory obligations | Legal obligation (art. 6(1)(c)) |
5. Retention periods
- Account data: for the duration of the customer relationship and 6 months after it ends.
- Billing and accounting material: 6 years under the Finnish Accounting Act.
- Usage and security logs: maximum 12 months.
- Marketing communications: as long as a valid consent exists.
- Customer service messages: 24 months after the case is resolved.
6. Disclosure of data
We do not sell or rent your personal data. We may disclose data to our sub-processors (section 7), to authorities when required by law, or in connection with a business reorganisation.
7. Sub-processors
| Provider | Purpose | Data location |
|---|---|---|
| Cloudflare, Inc. | Hosting, DNS, CDN, WAF | Global edge network |
| Supabase Inc. | Database, authentication | EU (Stockholm) |
| Stripe, Inc. | Payment processing | Ireland / US |
| Twilio SendGrid | Email delivery | EU / US |
| Upstash, Inc. | Queues, scheduled jobs | EU |
| Google LLC (Workspace) | Internal email and docs | EU / US |
| GitHub, Inc. | Source code (no customer data) | US |
For transfers outside the EU/EEA we rely on EU Standard Contractual Clauses (SCC) or another approved mechanism.
8. Your rights
You have the right to access, rectify or erase your data, restrict or object to processing, data portability, and to withdraw consent. You can also lodge a complaint with the supervisory authority (in Finland, the Office of the Data Protection Ombudsman, www.tietosuoja.fi).
Requests can be sent to info@salesmonitor.io. We respond within one month.
9. Security
We use TLS 1.2+, encryption at rest, role-based access control and mandatory two-factor authentication for staff. We notify the supervisory authority of personal data breaches within 72 hours.
10. Changes
We may update this policy. Material changes will be notified by email or in the Service at least 30 days in advance.
11. Contact
Email: info@salesmonitor.io
Supervisory authority: Office of the Data Protection Ombudsman Lintulahdenkuja 4, 00530 Helsinki, Finland www.tietosuoja.fi