Privacy Policy
This policy describes how Luviamo (the “Service”) collects, uses, retains, and shares personal data. Luviamo is a marketing lifecycle platform for Nordic small and medium-sized businesses: ideation, planning, content creation, publishing, and analytics in a single application.
1. Data Controller
Sunrise Software Oy
Business ID: 3588983-1
Postal address: Pilotinkatu 48, 33900 Tampere, Finland
Privacy contact: [email protected]
Contact person: Petri Korhonen
2. Personal data we process
We process the following data arising from use of the Service:
- User account: email address, name, password hash (unless you use OAuth-only sign-in), role, language preference, creation time.
- Organization: company name, business/VAT ID, subscription plan, and Stripe customer and subscription identifiers (no card data).
- Security log (audit log): actor, IP address, user agent, and action metadata. Purpose: abuse prevention and security (GDPR Art. 32).
- Newsletter subscribers (Messaging module): recipient email addresses and subscription status that your organization imports. These are your own contacts, which we process on your behalf.
- Sessions: refresh tokens in a temporary key–value store (KV) with time-based expiry.
- Media: images and media files you upload, stored in object storage (R2).
3. Purposes and legal bases
- Providing the Service (account, content creation, publishing, reporting) — legal basis: contract (Art. 6(1)(b)).
- Security and abuse prevention (audit log, rate limiting) — legitimate interest (6(1)(f)).
- Billing and subscription management — contract and legal obligation (accounting).
- Sending newsletters on your behalf — you act as the controller for your own contacts; Luviamo is the processor.
4. Google user data (Google Analytics 4 and Google Ads)
If you connect your own Google account, Luviamo reads your reporting data on a read-only basis. We never modify, create, or manage your accounts, campaigns, or settings.
What data is retrieved
- Google Analytics 4 (Data API): sessions, users, conversions, and traffic source breakdown. The Admin API is used to list properties so you can select the property to report on.
- Google Ads: campaign performance — impressions, clicks, cost, conversions, and conversion value. The account list is retrieved so you can select the account to report on.
How the data is used
The data is displayed back to the same user in their own analytics dashboard and PDF reports. It is not used for anything else and is not combined with other customers’ data (per-organization isolation).
Retention, sharing, and deletion
- Account-level aggregate metrics are stored in the organization database to provide the Service (trends, comparison). They are deleted when the organization account is deleted.
- Google data is not shared with any third party or with AI. This is verified in code: only a derived, de-identified numeric performance-index value is sent to AI — no raw data, account identifiers, source breakdown, or personal data.
- OAuth refresh tokens are stored encrypted with AES-256-GCM; they are never returned to the browser or written to logs. Access tokens are derived at fetch time and not stored.
- When you disconnect a channel, the integration and its tokens are deleted.
Luviamo's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
5. Meta data (Facebook and Instagram)
If you connect your Facebook Page and its linked Instagram Business account, we process for publishing purposes:
- Page access tokens: long-lived, stored encrypted with AES-256-GCM on the server; never sent to the browser or logs.
- Account information: Facebook Page ID and name, Instagram account ID and username, and an app-scoped user ID (for webhook mapping).
- Published content and its metadata (posts), which you publish on your own initiative.
When you remove the app from Facebook or request data deletion, Meta sends a signed request to our callback URL. We verify the signature (HMAC-SHA256) and delete the stored connection data (the encrypted Page access token and the account linkage). See data deletion.
6. AI (content creation)
We use Anthropic’s AI to assist with content creation. Only the following is sent to the AI:
- your own content-creation input (ideas, briefs, brand voice) that you provide; and
- a derived, de-identified numeric performance-index value for the analytics summary.
We do not send Google or Meta raw data, email addresses, access tokens, or account identifiers to the AI. The AI produces suggestions that the user reviews and edits; this is not automated decision-making producing legal effects within the meaning of GDPR Art. 22.
7. Subprocessors
We use the following subprocessors. A data processing agreement (DPA) under GDPR Art. 28 is in place with each. Transfers outside the EU/EEA are covered by the EU Standard Contractual Clauses (SCC).
| Subprocessor | Role | Data processed | Location / transfer |
|---|---|---|---|
| Cloudflare | Hosting (Workers, Pages, D1, R2, KV) | All application data, media, sessions | EU (Frankfurt, Germany) |
| Anthropic | AI (content creation) | Your own content input + de-identified index value | USA · SCC |
| Stripe | Payments and subscriptions | Customer and subscription IDs (no card data with us) | SCC |
| Resend | Transactional and newsletter email | Recipient email + message content | SCC |
| Meta | Social publishing (on your initiative) | Content and media to publish | SCC |
| Source of analytics data (read-only) | We send no personal data; we receive reporting data | — |
8. Data location and transfers
Application data (database) and media files are stored on Cloudflare’s EU servers (Frankfurt, Germany). Some subprocessors (Anthropic, Stripe, Resend) operate outside the EU; those transfers are covered by the EU Standard Contractual Clauses (SCC).
9. Retention periods
| Data category | Retention |
|---|---|
| Account and organization data | For the life of the account; deleted immediately on request (from backups within 30 days) |
| Security log (audit log) | 12 months |
| Analytics aggregate metrics | For the life of the account; removed on account deletion |
| Sessions (refresh tokens) | Time-based expiry (KV TTL) |
| Media (R2) | Until you delete the file or disconnect |
| Integration tokens (OAuth) | Deleted on disconnect or deauthorize/deletion request |
| Billing data | As required by accounting law |
10. Your rights
You have the rights under GDPR Art. 15–22: access, rectification, erasure, restriction, data portability, and objection.
- Access and portability: you can request a machine-readable export of your data; the download link is HMAC-protected and time-limited.
- Erasure: you can delete your account and organization; related data is deleted in a cascade. You can also disconnect any channel.
- Consent management: you manage your consents in settings.
To exercise your rights: [email protected].
11. Security
Access tokens and sensitive identifiers are encrypted (AES-256-GCM); passwords are stored as hashes. Application secrets reside only on the server, never in the browser. Organizations’ data is isolated from one another through three-layer tenant isolation (query-level scoping, static analysis, and an integration test).
12. Cookies
This marketing website (luviamo.app) uses no cookies and no tracking. The application itself (app.luviamo.app) uses only strictly necessary session tokens for sign-in.
13. Right to lodge a complaint
If you believe we process your data unlawfully, you may lodge a complaint with the supervisory authority: the Office of the Data Protection Ombudsman (tietosuoja.fi), Finland.
14. Changes to this policy
We may update this policy. Changes are published on this page; the “updated” date and version number indicate the latest version.