Version 1.0 · Effective 5 April 2026
Takko Advisory Oy ("we", "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share personal data when you use the TACI Platform, in compliance with the EU General Data Protection Regulation (GDPR) and Finnish data protection law.
Data Controller: Takko Advisory Oy, Helsinki, Finland. Contact: privacy@taci.app
Account data: Full name, email address, job title, department, mobile number, organisation name, preferred language.
Usage data: Login timestamps, pages visited, actions performed, IP address, browser type.
Project data: Proposals, decisions, KPI entries, capital records, and governance documents you create within the Platform.
Communications: Support requests, feedback, and emails you send to us.
Contract performance (Art. 6(1)(b) GDPR): Processing your account data to provide the Platform service.
Legitimate interests (Art. 6(1)(f) GDPR): Security monitoring, fraud prevention, and service improvement.
Legal obligation (Art. 6(1)(c) GDPR): Compliance with Finnish tax and accounting law.
Consent (Art. 6(1)(a) GDPR): Marketing communications (where applicable). You may withdraw consent at any time.
We use your personal data to: provide and maintain the Platform; authenticate your account; send service notifications; respond to support requests; improve the Platform through aggregated analytics; comply with legal obligations.
We do not sell your personal data to third parties. We do not use your data for automated decision-making that produces legal or similarly significant effects.
We share data only with: infrastructure providers (cloud hosting in EU/EEA); email delivery services (for transactional emails); analytics tools (aggregated, anonymised data only). All third-party processors are bound by Data Processing Agreements. We do not transfer data outside the EU/EEA without appropriate safeguards.
Account data is retained for the duration of your account plus 2 years after termination (for legal compliance). Project data is retained for the duration of the project plus 5 years (governance record requirements). You may request deletion of your personal data at any time, subject to legal retention obligations.
You have the right to: access your personal data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict processing; data portability (receive your data in a machine-readable format); object to processing based on legitimate interests; lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).
To exercise your rights, contact: privacy@taci.app. We will respond within 30 days.
We implement appropriate technical and organisational measures including: bcrypt password hashing; JWT-based authentication with token expiry; HTTPS encryption in transit; access controls and audit logging; regular security reviews.
We use cookies and similar technologies. See our Cookie Policy for details.
We may update this policy. Material changes will be communicated by email and require re-acceptance within the Platform.
Data Protection contact: privacy@taci.app · Takko Advisory Oy, Helsinki, Finland