Privacy Policy

1. Data Controller

Wicflow Oy
Business ID: 3590597-7
Helsinki, Finland
Email: info@wicflow.com
Phone: +358 44 305 2209

2. What Data We Collect

2.1 Website Analytics

We use Google Analytics (measurement ID: G-DP3EFHC5YX) to collect anonymized usage data about how visitors interact with our website. This includes:

• Pages visited and time spent on each page
• Referring website or source
• Browser type, device type, and screen resolution
• Approximate geographic location (country/city level)
• Language preferences

Google Analytics uses cookies to distinguish unique visitors. IP addresses are anonymized before storage. We do not use Google Analytics advertising features.

2.2 Contact Form Submissions

When you submit our contact form, we collect:

• Name
• Email address
• Company name (optional)
• Message content

2.3 Booking and Scheduling

When you book a call through our scheduling tool, the booking provider may collect your name, email, and any information you provide during the booking process. This data is processed by the third-party scheduling service under their own privacy policy.

3. How We Use Your Data

We use the collected data for the following purposes:

• Website improvement: Analytics data helps us understand how visitors use our site so we can improve the user experience.
• Communication: Contact form data is used to respond to your inquiries and provide information about our services.
• Service delivery: If you become a client, your contact information is used to deliver and manage our services.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

• Consent (Art. 6(1)(a)): For cookies and analytics tracking. You can withdraw consent at any time by clearing your cookies or using your browser's cookie settings.
• Legitimate interest (Art. 6(1)(f)): For website analytics and improving our services.
• Contract performance (Art. 6(1)(b)): For processing data necessary to respond to your inquiries and deliver services you have requested.

5. Cookies

Our website uses the following types of cookies:

• Essential cookies: Required for the website to function properly.
• Analytics cookies: Google Analytics cookies (_ga, _ga_*) used to collect anonymized usage statistics. These cookies expire after 2 years.

You can control cookies through your browser settings. Disabling analytics cookies will not affect the functionality of our website.

6. Data Retention

• Analytics data: Google Analytics data is retained for 14 months, after which it is automatically deleted.
• Contact form submissions: Retained for up to 24 months after your last interaction with us, unless a longer retention period is required for an ongoing business relationship or legal obligation.
• Client data: Retained for the duration of the business relationship and for up to 6 years after termination to comply with Finnish accounting and tax obligations.

7. Data Storage and EU Residency

Your data is stored and processed within the European Union and European Economic Area (EU/EEA). Our website is hosted on EU-based infrastructure. We do not intentionally transfer personal data outside the EU/EEA.

Google Analytics data may be processed by Google in data centers within the EU/EEA in accordance with Google's data processing terms and Standard Contractual Clauses.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You can request that we correct inaccurate personal data.
• Right to erasure (Art. 17): You can request that we delete your personal data, subject to legal retention obligations.
• Right to restrict processing (Art. 18): You can request that we limit how we process your data.
• Right to data portability (Art. 20): You can request your data in a structured, machine-readable format.
• Right to object (Art. 21): You can object to the processing of your personal data based on legitimate interest.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@wicflow.com. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encrypted connections (HTTPS), access controls, and regular security reviews.

10. Third-Party Services

We use the following third-party services that may process personal data:

• Google Analytics (Google LLC) - Website analytics
• Netlify (Netlify Inc.) - Website hosting and form processing
• LeadConnector/GoHighLevel - Appointment scheduling

Each of these services has their own privacy policy governing their data processing practices.

11. Supervisory Authority

If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

Office of the Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki, Finland
Email: tietosuoja@om.fi
Website: tietosuoja.fi

12. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

13. Contact

For any questions or requests regarding this privacy policy or your personal data, please contact:

Wicflow Oy
Email: info@wicflow.com
Phone: +358 44 305 2209
Helsinki, Finland

14. Social Media Platform Integrations

As part of our AI automation services, Wicflow may connect to social media platforms on behalf of clients. This section describes how we handle data related to these integrations.

14.1 Platforms We Connect To

We connect to the following platforms via OAuth 2.0 authorization on behalf of clients:

• Facebook and Instagram (Meta Platforms, Inc.)
• LinkedIn (LinkedIn Corporation)
• YouTube (Google LLC)

Access is granted only when a client explicitly authorizes the connection through the respective platform's official OAuth flow. Wicflow never requests or stores your social media passwords.

14.2 What Data We Access

Through these integrations, we access only the data necessary to deliver the contracted service:

• Page and profile content (posts, comments, media) — to manage and schedule content
• Post scheduling and publishing permissions — to publish content on the client's behalf
• Engagement metrics (likes, reach, impressions) — to provide analytics and reporting
• Audience data (aggregated, not individual-level) — for performance optimization

We do not access private messages, personal contacts, or any data beyond what is required to deliver the specific service.

14.3 How We Use This Data

Social media data is used exclusively to:

• Publish and schedule content as instructed by the client
• Monitor and report on content performance
• Power AI-assisted content generation and optimization

We do not sell, share, or use social media data for any purpose other than delivering the client's contracted service.

14.4 Meta (Facebook/Instagram) Data Handling

Data received from Meta's platforms is handled in accordance with Meta's Platform Terms and Meta's Developer Policies. Specifically:

• We do not transfer Meta user data to third parties
• We do not use Meta data for advertising targeting
• Data is retained only as long as needed to deliver the service
• We comply with Meta's data deletion requirements upon request

14.5 Revoking Access

Clients can revoke Wicflow's access to any connected social media account at any time by:

• Contacting us at felix@wicflow.com
• Removing the app connection directly in the social media platform's settings (e.g., Facebook Settings > Apps and Websites)

Upon revocation, we will delete all associated access tokens and cease all data processing for that platform integration within 30 days.

14.6 Data Storage

All social media integration data is stored on EU-based servers in accordance with GDPR. We do not transfer this data outside the EU/EEA. Our server infrastructure is hosted in the European Union.