Legal
Privacy Policy
Effective: 1 June 2026 · GDPR Compliant · Data Controller: Escapra OY, Finland
1. Who We Are
Escapra OY ("Escapra", "we", "us") is the data controller for personal data processed through escapra.com and the Escapra platform. Registered address: Rummunlyöjänkatu 11 E 034, 02600 Espoo, Finland Email: support@escapra.com Phone: +358 44 9813947 Escapra OY is registered in Finland and subject to Finnish law and the EU General Data Protection Regulation (GDPR).
2. What Data We Collect
We collect the following categories of personal data: Contact and account data — name, job title, business email address, phone number, company name, and country, collected when you register, submit a contact form, or request a demo. Platform usage data — API call logs, IP addresses, session identifiers, browser type, and timestamps, collected automatically when you access the platform or website. Communication data — emails, support tickets, and chat messages exchanged with Escapra staff. Payment and billing data — invoice records and payment status (we do not store raw card numbers; card tokenisation is handled by our PCI-compliant payment processors). We do not collect or process sensitive personal data (special categories under GDPR Article 9).
3. How We Use Your Data
We process your personal data on the following legal bases: Contract performance (GDPR Article 6(1)(b)) — to deliver the Escapra platform, process bookings, issue invoices, and provide customer support. Legitimate interests (GDPR Article 6(1)(f)) — to operate and improve the platform, detect and prevent fraud, and send service-related communications. Legal obligation (GDPR Article 6(1)(c)) — to comply with Finnish tax law, anti-money laundering requirements, and applicable EU regulations. Consent (GDPR Article 6(1)(a)) — for marketing communications and non-essential cookies, where you have opted in. Consent may be withdrawn at any time.
4. How We Share Your Data
We share personal data only where necessary: Service providers — cloud infrastructure (AWS, EU region), payment processors (Stripe, Revolut Business), and CRM tools, under data processing agreements that ensure GDPR compliance. Legal and regulatory authorities — where required by Finnish law or EU regulation. We do not sell personal data to third parties. We do not share data with advertising networks.
5. International Data Transfers
All personal data is stored and processed within the European Union (AWS eu-central-1, Frankfurt, or eu-north-1, Stockholm). Where any service provider processes data outside the EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decision) before transfer.
6. Data Retention
We retain personal data only as long as necessary: Account and contract data — retained for the duration of the business relationship plus 7 years (Finnish accounting law requirement). API and platform logs — retained for 12 months for security and debugging, then deleted. Marketing consent records — retained until consent is withdrawn plus 3 years. When retention periods expire, data is securely deleted or anonymised.
7. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights: • Right of access — request a copy of personal data we hold about you • Right to rectification — request correction of inaccurate data • Right to erasure — request deletion of your data where no legal retention obligation applies • Right to restrict processing — request that we limit how we use your data • Right to data portability — receive your data in a structured, machine-readable format • Right to object — object to processing based on legitimate interests • Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing To exercise any right, email support@escapra.com. We will respond within 30 days. You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).
8. Cookies
We use cookies and similar technologies on escapra.com. Full details are set out in our Cookie Policy at escapra.com/legal/cookies. Strictly necessary cookies are set automatically. All other cookies require your consent via our cookie banner.
9. Security
We implement appropriate technical and organisational measures to protect personal data, including: • TLS 1.2+ encryption in transit • Encrypted storage at rest (AES-256) • Role-based access controls — only authorised personnel access personal data • Regular security reviews and penetration testing • Incident response procedures with 72-hour GDPR breach notification to the supervisory authority where required
10. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated by email to registered users and posted on this page with an updated effective date. We recommend checking this page periodically.
11. Contact and Complaints
For privacy questions, data subject requests, or complaints: Escapra OY — Data Controller Rummunlyöjänkatu 11 E 034, 02600 Espoo, Finland Email: support@escapra.com Finnish Data Protection Ombudsman PO Box 800, 00531 Helsinki www.tietosuoja.fi