Privacy Policy

Last updated: 23 March 2026

1. Controller

Gaasly ("we", "us", "our") is the data controller responsible for your personal data. If you have questions about this policy or your rights, contact us at [email protected].

Gaasly operates from Helsinki, Finland and London, United Kingdom.

2. What data we collect

We collect the following categories of personal data:

  • Contact information — name, email address, phone number, and company name when you fill in a contact form, request a quote, or subscribe to our newsletter.
  • Account data — email, name, and authentication details when you create a Gaasly Cloud account.
  • Usage data — pages visited, time on site, referral source, browser type, device type, and IP address (anonymised where possible).
  • Performance data — page load times and web performance metrics (such as Largest Contentful Paint, Cumulative Layout Shift, and Interaction to Next Paint) collected automatically by Cloudflare's Real User Monitoring beacon. This data does not include cookies or persistent identifiers — see section 5 for details.
  • Cookie data — see our Cookie Policy for details.
  • Communication data — content of emails and messages you send us.
  • Client project data — content, images, and configuration data you upload to Gaasly Cloud for your websites and marketing campaigns.

3. How we use your data

We process your personal data for the following purposes:

  • Providing our services — to deliver the digital marketing services and Gaasly Cloud platform features you have requested.
  • Communication — to respond to enquiries, send service updates, and provide customer support.
  • Improvement — to analyse how our website and services are used so we can improve them.
  • Marketing — to send marketing communications where you have given consent or where we have a legitimate interest (you can opt out at any time).
  • Legal obligations — to comply with applicable laws, such as tax and accounting requirements.

4. Legal basis for processing

We process personal data under the following legal bases (GDPR Article 6):

  • Contract — processing necessary to perform our contract with you (e.g. delivering services you have purchased).
  • Consent — where you have given explicit consent (e.g. marketing emails, non-essential cookies). You may withdraw consent at any time.
  • Legitimate interest — processing necessary for our legitimate business interests, such as improving our services and website security, where these interests are not overridden by your rights.
  • Legal obligation — processing required to comply with a legal obligation.

5. Data sharing

We do not sell your personal data. We share data only with:

  • Service providers — hosting (Google Cloud Platform / Firebase), analytics (Google Analytics), content delivery and performance monitoring (Cloudflare), email delivery, and payment processing providers who process data on our behalf under data processing agreements.
  • AI service providers — we use AI services (such as Google Gemini and Anthropic Claude) to power features in Gaasly Cloud. Data sent to AI providers is processed under their data processing agreements and is not used to train their models.
  • Performance monitoring (Cloudflare) — our website uses Cloudflare's Real User Monitoring (RUM) beacon, a lightweight JavaScript snippet that collects browser performance metrics (page load times, Web Vitals). The beacon does not use cookies, local storage, or any other persistent browser storage. IP addresses are processed at the nearest Cloudflare data centre and are not stored. We rely on legitimate interest (GDPR Article 6(1)(f)) for this processing — monitoring website performance is necessary to maintain and improve our service quality. Cloudflare's Privacy Policy.
  • Legal requirements — when required by law, regulation, or legal proceedings.

6. International transfers

Your data may be transferred outside the European Economic Area (EEA) when we use service providers based in other countries (e.g. the United States). In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.

7. Data retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account data — for the duration of your account, plus 12 months after deletion.
  • Contact form submissions — up to 24 months after the last interaction.
  • Analytics data — anonymised and retained for up to 26 months.
  • Client project data — for the duration of the service agreement, plus 30 days after termination.
  • Invoicing and financial data — as required by Finnish accounting law (typically 6 years).

8. Your rights

Under the GDPR, you have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Restriction — request that we limit processing of your data.
  • Portability — receive your data in a structured, commonly used format.
  • Objection — object to processing based on legitimate interests or direct marketing.
  • Withdraw consent — withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

9. Data security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, regular security reviews, and secure hosting on Google Cloud Platform infrastructure.

10. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

11. Supervisory authority

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with a supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman (tietosuoja.fi).

12. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top indicates when the most recent changes were made. We encourage you to review this policy periodically.

13. Contact

For questions about this privacy policy or your personal data, contact us at:

Gaasly
Email: [email protected]
Helsinki, Finland