Privacy Policy
Eiffels AI — operated by Vega Business Intelligence Oy
Effective Date: January 24, 2025
Version: 2.0
1. Introduction
This Privacy Policy explains how Vega Business Intelligence Oy (“Vega BI Oy,” “we,” “our,” or “us”) collects, uses, and protects personal data when you use Eiffels AI (“Service”). We are committed to processing your personal data lawfully, fairly, and transparently in accordance with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act.
By using Eiffels AI, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
2. Company Information
- Operator: Vega Business Intelligence Oy
- Address: Röyläntie 19 A, 02940 Espoo, Finland
- Business ID: 3530258-6
- Email (privacy/DPO): support@eiffels.ai
- Support: support@eiffels.ai
- Website: https://eiffels.ai
3. Scope and Role
This Policy applies to all data processed through Eiffels AI, whether via WhatsApp, Microsoft Teams, or integrated web services.
- Data Controller: Vega BI Oy acts as Controller when processing data of individual users and direct customers.
- Data Processor: When customers use Eiffels AI within their own organization or project (B2B), Vega BI Oy processes data on behalf of that organization under a Data Processing Agreement (DPA).
4. Categories of Data We Collect
We may process the following types of personal and technical data:
| Category | Examples |
|---|---|
| Identification Data | Name, company, role, phone number, email, WhatsApp ID, Microsoft ID |
| Usage Data | Messages, voice inputs, reports, uploaded files, and interactions within the Service |
| Technical Data | IP address, browser type, device information, access timestamps, cookies |
| Payment Data | Billing info, invoices, and transactions processed via Stripe or Maventa |
| AI Interaction Data | Text prompts, model responses, metadata logs (retained temporarily for quality assurance) |
| Support Data | Requests, chat transcripts, email correspondence |
5. Legal Basis for Processing (GDPR Art. 6)
We process data on the following lawful bases:
- Contract (Art. 6 (1)(b)) - to deliver the Service and fulfill our obligations.
- Consent (Art. 6 (1)(a)) - when you explicitly opt in (e.g., marketing messages).
- Legitimate Interest (Art. 6 (1)(f)) - for improving services, analytics, and fraud prevention.
- Legal Obligation (Art. 6 (1)(c)) - for tax, billing, and compliance purposes.
6. Purpose of Processing
We use personal data to:
- Provide, maintain, and improve Eiffels AI;
- Authenticate users and manage access;
- Process payments and issue invoices;
- Deliver support and communicate service updates;
- Secure our systems and detect misuse;
- Analyze aggregated, anonymized trends;
- Comply with legal obligations.
7. AI and Automation Processing
Eiffels AI uses AI models, automation, and RPA to generate responses and insights. AI outputs may occasionally be inaccurate or incomplete. Users remain responsible for verifying results and deciding how to act upon them. We do not use customer data to train public AI models. Data may be processed through trusted AI providers (e.g., Azure AI, OpenAI API) under EU Standard Contractual Clauses (SCCs) and strict confidentiality controls.
8. Cookies and Analytics
We use essential cookies for session stability and optional analytics tools (e.g., Matomo, Google Analytics with IP anonymization). You can disable non-essential cookies via browser settings or consent banner without affecting core functionality.
9. Data Sharing and Third Parties
We may share data with:
- Sub-processors: cloud hosting (Azure), AI providers (OpenAI, Microsoft), payment processors (Stripe, Maventa), and communication platforms (Meta / WhatsApp Business).
- Partners / integrations: Ukko.fi (financial partner), Microsoft Power BI, Teams apps.
All sub-processors operate under GDPR-compliant contracts. An up-to-date list of sub-processors is available upon request. We never sell personal data.
10. Data Retention
| Data Type | Retention Period |
|---|---|
| Account / Identification Data | As long as the account is active + 12 months for audit |
| AI prompts and logs | Up to 30 days for technical review |
| Reports and Project Data | Duration of active project + 6 months archive |
| Invoices and Financial Records | Up to 10 years (per Finnish accounting law) |
| Support tickets | Up to 24 months |
Data no longer required is securely deleted or anonymized.
11. International Transfers
Some data may be transferred outside the EEA (e.g., to Microsoft Azure or Meta servers) under:
- Standard Contractual Clauses (SCCs) approved by the European Commission, or
- Adequacy decisions ensuring equivalent protection.
12. Data Security
We employ industry-standard measures:
- TLS encryption for all communications;
- Encrypted storage and role-based access control;
- Multi-factor authentication for administrators;
- Regular audits, backups, and monitoring.
While we take reasonable precautions, no system is 100% secure, and users share data at their own risk.
13. Children and Minors
Eiffels AI is not intended for individuals under 18 years old. We do not knowingly collect data from minors. If you believe a minor has provided data, contact support@eiffels.ai for prompt deletion.
14. User Rights (GDPR Art. 12-23)
You have the following rights regarding your personal data:
- Access - obtain a copy of your personal data.
- Rectification - correct inaccurate or incomplete data.
- Erasure (“Right to be forgotten”) - request deletion where legally permitted.
- Restriction of Processing - limit use under certain conditions.
- Data Portability - receive data in a structured, machine-readable format.
- Objection - object to processing based on legitimate interest.
- Withdrawal of Consent - withdraw marketing or optional consents at any time.
To exercise these rights, email support@eiffels.ai or contact us via the Eiffels AI chat.
15. Marketing and Communications
We may send essential service notifications via email or WhatsApp. Marketing communications are sent only with explicit consent, and you can opt out at any time.
16. Third-Party Policies
Use of WhatsApp and Microsoft integrations is subject to:
- Meta (WhatsApp Business Platform) Privacy Policy: https://www.meta.com/legal/privacy
- Microsoft Privacy Statement: https://privacy.microsoft.com
By using these integrations, you accept their terms in addition to ours.
17. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be announced via email or in-app notification. The latest version will always be available at https://eiffels.ai/privacy. Your continued use after the effective date constitutes acceptance.
18. Contact and Supervisory Authority
For privacy questions or rights requests:
Email: support@eiffels.ai
Address: Vega Business Intelligence Oy, Röyläntie 19 A, 02940 Espoo, Finland
Data Protection Officer (DPO) Contact:
Name: Dmitrii Ivanov, Vega Business Intelligence Oy
Email: dmitrii@eiffels.ai
If you are unsatisfied with our response, you may contact the Finnish Data Protection Ombudsman:
Website: https://tietosuoja.fi
Email: tietosuoja@om.fi