Start your Auntie package Auntie Insights (HR)
Start your Auntie package
Start your Auntie package Auntie Insights (HR)

Auntie End User Privacy policy

Auntie Solutions Ltd. Privacy Policy

Privacy Policy
Auntie Solutions Ltd.

Last updated: March 2026 

This policy applies to end users who use Auntie services such as wellbeing sessions and related digital solutions. This policy replaces all previous versions of this privacy policy.
Please read this policy carefully before using our services.

1. Who we are

Auntie Solutions Oy (“Auntie”, “we”, “us”) is a Finnish company providing preventive mental wellbeing services and related digital solutions.

Business ID: 2734094-5
Address: Siltasaarenkatu 12 C, 00530 Helsinki, Finland
Email: dpo@auntie.fi 

Our Data Protection Officer (DPO) is Saku Vainikainen, who oversees compliance with data protection law and acts as the contact point for privacy-related matters.

2. Why we process your data

Our legitimate interest is to maintain secure, lawful and efficient service operations. We have concluded that the processing is necessary and does not override your rights and freedoms. We only collect and process personal data that we genuinely need to:
- provide and manage your Auntie sessions and materials
- match you with a suitable Auntie professional
- communicate with you and supporting your user relationship
- collect feedback and develop our services
- send marketing or informational messages about Auntie Service Platforms
- meet legal duties such as accounting or security

If your access is provided by your employer, Auntie and your employer each act as independent data controllers. Auntie controls data needed to deliver and improve wellbeing services. Your employer only receives limited information (for example, usage reports) for contract management and never sees one-to-one session content or wellbeing details.

If we need to process any sensitive data (for example, health information you share during sessions), we will always ask for your explicit consent first and handle it securely in accordance with our ISO 27001-certified information-security system.

We do not use session content for marketing or profiling for advertising.

You can opt out of marketing at any time by using the unsubscribe link in our messages or contacting dpo@auntie.fi.

3. What data we collect

We only collect data necessary to provide our services:
- Account data: name, email, phone, language, time zone, selected package.
- Session and group session data: live video and audio (not recorded), and any notes or content you voluntarily share. 
- Payment and customer data: purchase details and employer organization information, if applicable.
- Feedback: answers to surveys, exercises, and optional comments.

This data is necessary to deliver the service; without it, use may be impossible. We also use pseudonymized statistics to improve our services. This data cannot be linked back to you by our analytics partners.

4. Where we get data from

Most data comes directly from you. Some may come from your employer (if they are the contracting customer) or from our systems as technical logs.

5. Cookies

We use cookies to make our service function securely and efficiently. Essential cookies are always active. Optional cookies (analytics and marketing) are used only with your consent. You can manage cookie settings in your browser or via our cookie banner.

6. Who processes your data

Your data is handled only by:
- Auntie employees who deliver and support the service;
- Auntie professionals (coaches) matched to you;
- Trusted service providers such as hosting, communication, marketing and collaboration platforms (for example HubSpot, Miro).

All processors act on our instructions and are bound by confidentiality agreements.

7. International transfers

Personal data is primarily processed within the EU/EEA. If personal data is transferred outside the EU/EEA, Auntie ensures an equivalent level of protection through appropriate safeguards in accordance with applicable data protection law.

8. Data security

We follow an ISO 27001 certified information security system. Measures include:
- access controls, encryption, and secure data centres;
- staff training and confidentiality commitments;
- regular audits, testing, and monitoring.

If a breach poses high risk to you, we will notify you without undue delay.

9. How long we keep your data

We keep personal data only as long as necessary:
- For the duration of your customer relationship; and
- Up to 24 months after your last activity or contract end.

After that, data is deleted or anonymized unless the law requires us to keep it longer. Contact details used for marketing are kept for as long as you remain subscribed or until you opt out.

10. Automated decisions and profiling

We use limited automation to help match you with a suitable Auntie professional and recommend relevant materials. These processes never have legal or significant effects on you.

11. Your rights

You have the right to:
- Access your data;
- Correct inaccurate information;
- Request deletion of your data where legally possible;
- Ask us to limit how your data is used;
- Receive your data in a portable format;
- Object to certain types of processing, such as marketing;
- Withdraw consent at any time if processing is based on consent;
- Lodge a complaint with a supervisory authority tietosuoja.fi/en/home.

To use your rights, contact dpo@auntie.fi. We may verify your identity before acting on your request.

12. Accountability and cooperation

Auntie maintains records of processing activities and cooperates with supervisory authorities in accordance with applicable data protection law.

13. Updates to this policy

We may update this Privacy Policy when necessary. The latest version is always available at auntie.io/privacy. Important changes are announced in advance.

14. Contact

Auntie Solutions Oy
Siltasaarenkatu 12 C, 00530 Helsinki, Finland
Email: dpo@auntie.fi 
Website: auntie.io