Privacy Policy

Last updated: 16 July 2026

1. Controller

The controller of personal data processed under this policy is:

CodeLotus Oy

Business ID: 3554102-6

Finland

Contact: through the contact form at parsimo.io

2. Scope

This Privacy Policy describes how CodeLotus Oy ("we", "us") processes personal data in connection with the Parsimo service available at parsimo.io (the "Service").

3. Personal data we process

  • Account data: name, email address, password hash, and (optionally) company name and role, provided when you register or update your profile.
  • Contact form data: name, email address, optional company name, and the message content you submit.
  • Business data you provide: files, figures, and other business information you upload or enter for analysis.
  • Technical data: IP address, browser and device information, timestamps, and log data generated by using the Service.

4. Purposes and legal bases

  • Providing the Service, including authentication, dashboards, and AI-generated cost-efficiency reports — performance of a contract (GDPR Art. 6(1)(b)).
  • Responding to contact form enquiries — legitimate interest in communicating with prospects and customers (Art. 6(1)(f)).
  • Security, fraud prevention, and service integrity — legitimate interest (Art. 6(1)(f)).
  • Complying with legal obligations, such as bookkeeping — legal obligation (Art. 6(1)(c)).

5. Recipients and processors

We use vetted service providers who process personal data on our behalf under written data processing agreements, including hosting, database, authentication, email, and AI processing providers. Data may be processed within the EU/EEA and, where necessary, in third countries under appropriate safeguards such as EU Standard Contractual Clauses.

6. Retention

We retain personal data only as long as necessary for the purposes described above and to meet legal obligations. Account data is kept for the duration of your account and deleted or anonymised after termination. Contact form messages are retained for up to 24 months. Backup copies may persist for a limited period thereafter.

7. Your rights

Subject to the GDPR, you have the right to access, rectify, erase, restrict, or object to processing of your personal data, and the right to data portability. You may exercise these rights by contacting us via the contact form at parsimo.io. You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).

8. Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, row-level security in our database, and logging.

9. Cookies

The Service uses strictly necessary cookies and local storage to maintain your session and preferences. We do not use advertising cookies.

10. Changes

We may update this Privacy Policy from time to time. The current version is always available at parsimo.io/privacy.