Legal
Privacy Policy
Last updated: 4 July 2026
This Privacy Policy explains how Sitovai (“we”, “us”) collects, uses, and protects your personal data when you use our website and services (the “Service”). We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Finnish law.
1. Data controller
The data controller responsible for your personal data is Lukas Lehtimäki, operating as a sole trader in Finland. For any privacy questions or to exercise your rights, contact us at lukas.lehtimaki1@gmail.com.
2. Data we collect
- Account data — your email address, name, and workspace/company name, provided when you sign up.
- Billing data — subscription plan and payment status. Card payments are processed by Stripe; we do not store your full card details.
- Content you generate — lead lists, generated websites, avatar-video scripts, and related data you create in the Service.
- Usage & technical data — log data, actions taken in the app, and essential cookies needed to keep you signed in.
3. Business data surfaced through the Service
The Lead Finder returns information about businesses (such as names, addresses, and registry identifiers) sourced from the Google Places API and Finland’s official YTJ / PRH business registry. This data concerns businesses and is provided to help you find potential clients. You are responsible for using it lawfully — see our Terms of Service.
4. How we use your data
- To provide, operate, and maintain the Service.
- To process subscriptions, trials, and payments.
- To respond to support requests and communicate with you.
- To secure the Service and prevent abuse.
- To comply with legal obligations.
5. Legal bases (GDPR Article 6)
- Contract — to deliver the Service you sign up for.
- Legitimate interests — to secure, improve, and support the Service.
- Legal obligation — for accounting and tax records.
- Consent — where required, which you may withdraw at any time.
6. Service providers (sub-processors)
We share data only with providers that help us run the Service, under appropriate data-processing terms:
- Supabase — database, authentication, and file storage.
- Vercel — application hosting.
- Stripe — payment processing.
- Google — Places API for business search.
- Anthropic — AI generation of website copy and video scripts.
Some providers may process data outside the EU/EEA. Where they do, the transfer is protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
7. Data retention
We keep your personal data for as long as your account is active. If you close your account, we delete or anonymise your data within a reasonable period, except where we must retain it to meet legal obligations (for example, billing records required by accounting law).
8. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to certain processing. To exercise any of these, email lukas.lehtimaki1@gmail.com. You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).
9. Security
We use industry-standard measures — including encryption in transit, access controls, and row-level security that isolates each workspace’s data — to protect your information. No method of transmission or storage is completely secure, but we work to protect your data using appropriate technical and organisational measures.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date above, and where appropriate we will notify you.
11. Contact
Questions about this policy or your data? Email lukas.lehtimaki1@gmail.com.