Privacy Policy

1. Introduction

This privacy policy explains how Finnzon processes personal data on our website and services in accordance with the EU General Data Protection Regulation (GDPR) and Finnish law.

We value your privacy and process personal data confidentially. We only collect necessary information to deliver and improve our services.

2. Controller

Finnzon Oy

Business ID: 2849466-3

Address: c/o Jussi Hyvärinen, Ankkurinvarsi 17 G, 02320 Espoo, Finland

Email: info@finnzon.com

3. Purposes of processing

We process personal data for the following purposes:

Customer service and contact

  • Responding to contact requests
  • Handling and scheduling demo bookings
  • Customer relationship management
  • Technical support

Marketing and communications

  • Sending newsletters (with consent)
  • Product and service updates
  • Targeted advertising in social media

Website development

  • Usage analytics
  • Improving user experience
  • Identifying technical issues
  • Content optimization

Legal obligations

  • Accounting and invoicing
  • Tax obligations
  • Compliance with authorities

License and subscription management

  • Trial activation and license verification
  • Subscription checkout and billing support
  • Fraud prevention, abuse prevention, and troubleshooting

4. Personal data we process

Contact details

  • Name and email address
  • Phone number
  • Company name and role
  • Postal address (if needed)

Technical data

  • IP address and browser details
  • Operating system and device type
  • Site visits and clicks
  • Cookie-based information

Communication data

  • Contact form content
  • Demo booking details
  • Email communication

Extension license data

  • License email address
  • Installation ID
  • Product code, license status, trial usage, and subscription status
  • Purchase-restore codes are processed briefly. Only an HMAC digest, never the plaintext code, is stored on the server. Expired, consumed, and revoked challenge records are cleaned up after a 24-hour retention period.
  • Stripe customer, checkout, subscription, invoice, and payment metadata required for billing support

5. Legal bases

Consent

  • Marketing emails
  • Use of marketing and analytics cookies
  • Social media tracking

Contract

  • Arranging demo bookings
  • Service agreements
  • Billing and payments

Legitimate interest

  • Customer service and technical support
  • Ensuring site functionality
  • Business development
  • Security

Legal obligation

  • Accounting
  • Tax

6. Cookies

We use different types of cookies on our site:

Necessary cookies

  • Basic site functions
  • Session management
  • Security and fraud prevention
  • Do not require consent

Analytics cookies (Google Analytics)

  • Usage statistics
  • Identify popular content
  • Detect technical issues
  • Require consent

Marketing cookies (Facebook Pixel)

  • Ad targeting
  • Measure campaign performance
  • Remarketing
  • Require consent

You can manage cookie consent through our consent banner where available, your browser settings, or by contacting us.

7. Retention periods

Customer data

  • For the duration of the customer relationship
  • Deleted or anonymized after termination unless required by law

Marketing data

  • As long as the person opts to receive marketing
  • Deleted upon unsubscribe unless legally required to retain

Technical data

  • Google Analytics: per Google’s privacy policy
  • Logs: for a reasonable time to troubleshoot
  • Facebook Pixel: per Meta’s privacy policy

Demo bookings

  • For as long as necessary to provide the service
  • Deleted on request unless legal obligations apply

8. Transfers and sharing

Third parties

We share data with the following service providers:

Google (Analytics)

  • Website analytics
  • Processed per Google Analytics terms
  • May be transferred outside the EU

Facebook (Meta Pixel)

  • Ad targeting and measurement
  • Processed per Meta’s privacy policy
  • Transferred outside the EU

Stripe

  • Checkout, subscription billing, invoices, payment methods, tax information, and customer portal
  • Processed according to Stripe's terms and privacy policy
  • May be transferred outside the EU where Stripe provides safeguards

OpenAI

  • Understand This Page AI analysis after explicit user action
  • Receives the submitted prompt and captured page context needed to generate the answer
  • May process data outside the EU under OpenAI's applicable data processing terms

Hosting and database providers

  • Website hosting, license server, proxy, quota counters, request logs, and admin tools
  • Process service data as infrastructure processors

Security

  • All transfers are encrypted with SSL/TLS
  • We use EU Standard Contractual Clauses for non-EU transfers
  • Data processing agreements in place with subprocessors

9. Chrome Extensions

Finnzon offers Chrome extensions including Local Lead Finder, Outreach Automation Pro, Guest Post Finder Pro, and Understand This Page. This section describes how personal data is processed in connection with these extensions.

Local Lead Finder

The extension retrieves business contact information from Google Maps via the Apify service.

  • Collected data: business name, address, phone number, website, reviews, and other publicly available information
  • Data is stored locally in the browser (chrome.storage)
  • Installation ID and email address are sent to the license server for license verification
  • The webhook feature can send data to a user-specified destination

Outreach Automation Pro

The extension automates email campaigns via Google Gmail and Google Sheets.

  • Collected data: contact details from Google Sheets, email templates, campaign settings, tracking data (opens and clicks)
  • Google APIs: Gmail (sending messages), Google Sheets (reading contacts)
  • Email tracking: open tracking (pixel) and link click tracking — users can disable tracking in the extension settings
  • Installation ID and email address are sent to the license server

Guest Post Finder Pro

The extension finds guest post and write-for-us prospects through Google SERP searches using the user's own Apify API token.

  • Collected data: public website URLs, domains, submission page details, snippets, contact emails, social links, prospect quality signals, and domain metrics such as Domain Rating, organic traffic, traffic value, backlinks, and linking websites where available
  • Data is stored locally in the browser (chrome.storage)
  • Installation ID and email address are sent to the license server for trial, subscription, and license verification
  • Restoring an existing purchase requires a one-time code sent by email. The code and challenge ID are not stored in Chrome.
  • The user's Apify API token is stored locally in Chrome and is sent to Apify for actor runs. Finnzon does not receive or store the user's Apify API token.
  • Google SERP queries, target domains, and metric lookup domains are sent to Apify actors selected by the extension when the user runs searches or domain metric checks
  • Email quality checks are performed to reduce invalid, placeholder, or technical addresses in exported data
  • The webhook feature can send exported prospect data to a user-specified destination

Understand This Page

The extension analyzes user-selected page context after an explicit user action.

  • Processed data: current page URL, title, selected text, surrounding page context, headings, links, tables, code blocks, image metadata, transcripts, and page-type-specific visible signals where available
  • Settings, cached answers, local usage estimates, and the anonymous install ID are stored locally in Chrome storage
  • With the built-in AI service, page context is sent through Finnzon's proxy to OpenAI. Finnzon meters plan, quota, and token counts but does not store page content or generated answers on the server.
  • Finnzon stores anonymous install ID, quota counters, plan status, request kind, model, token counts, upstream status, estimated cost data, and Pro entitlement metadata for metering, abuse prevention, troubleshooting, and subscription access.
  • Stripe is used for paid Understand This Page subscriptions and billing management.

Third parties

  • Apify (Lead Finder and Guest Post Finder Pro: data retrieval)
  • Apify actor providers and Ahrefs-related data sources (Guest Post Finder Pro: domain metrics and traffic estimates)
  • Google APIs (Outreach Pro: Gmail, Sheets)
  • OpenAI (Understand This Page: AI analysis after user action)
  • Stripe (license checkout, subscriptions, invoices, payment methods, and customer portal)
  • finnzon.fi and finnzon.com (license server, tracking server, and Understand This Page proxy)

Data retention

  • Local data: stored in the browser until the user removes the extension or clears data
  • Understand This Page page content and generated answers are not stored by Finnzon on the server.
  • Server data: retained according to operational needs, security requirements, and legal obligations; retention periods may vary

Legal basis

  • Performance of contract (license management and service delivery)
  • The user acts as data controller for their own campaigns and collected contact data

10. Your rights

Access

  • You can request a copy of your data
  • We respond within 30 days

Rectification

  • Request correction of inaccurate data
  • Complete incomplete data

Erasure

  • Request deletion of your data
  • Subject to legal obligations

Restriction

  • Request restriction of processing
  • Does not apply to legal obligations

Object

  • Object to processing for marketing
  • Withdraw consent at any time

Portability

  • Request transfer of your data to another provider
  • Provided in machine-readable format

11. Withdrawing consent

You can withdraw your consent:

  • Marketing emails: click "Unsubscribe" in the email
  • Cookies: adjust settings via our cookie preferences
  • All data: send a request to info@finnzon.com

12. Contact

info@finnzon.com

13. Changes

We reserve the right to update this privacy policy when necessary. We will notify about significant changes:

  • By email to active customers
  • With a notice on our website
  • On social media

This privacy policy is designed to comply with the EU GDPR and Finnish law.