PauhuPrivacy Policy
Last updated: February 15, 2026
1. Data Controller
Pauhu Ltd ("we", "us") is the data controller for personal data processed through pauhu.com and pauhu.ai.
Contact: privacy@pauhu.com
2. Data We Collect
| Category | Data | Purpose |
|---|---|---|
| Account | Email, name, company | Service delivery |
| Brief content | Your answers to brief questions | Document generation |
| Usage | API calls, translation volume | Billing, service improvement |
| Payment | Billing address, VAT ID | Invoicing (via Stripe) |
| Technical | IP address, browser | Security |
3. Legal Basis (GDPR Art. 6)
- Contract: Processing necessary for service delivery
- Legal obligation: Tax and accounting requirements
- Legitimate interest: Security and fraud prevention
4. Data Retention
- Account data: Duration of account + 2 years
- Brief content: Duration of account (deletable anytime)
- Payment records: 7 years (Finnish accounting law)
- Usage logs: 90 days
5. Data Sharing
We share data only with:
- Stripe: Payment processing (US, EU Standard Contractual Clauses)
- Cloudflare: Infrastructure (EU data center)
All processors are bound by data processing agreements.
6. Data Location
All data is processed within the European Union. Our primary infrastructure is in Finland (Cloudflare EU).
7. Your Rights (GDPR)
- Access your personal data
- Rectify inaccurate data
- Erase data ("right to be forgotten")
- Port data to another service
- Object to processing
- Lodge complaint with supervisory authority
To exercise these rights, contact privacy@pauhu.com.
8. Cookies
We use only essential cookies for:
- Session management
- Security (CSRF protection)
No tracking or advertising cookies.
9. Supervisory Authority
Finnish Data Protection Ombudsman
tietosuoja.fi
tietosuoja@om.fi
Pauhu Ltd
Helsinki, Finland
EU jurisdiction