Logo

Privacy Policy

Welcome to AitoScore. This Privacy Policy explains how we collect, use, and protect your personal data when you use our platform and services.

# 1. Introduction

This Privacy Policy applies to Viviro Oy ("AitoScore", "we", "us", "our"), the company behind the AitoScore platform. Our platform enables businesses to automatically collect, analyze, and publish customer reviews using AI voice technology, web widgets, and integrations with external platforms.

We are committed to protecting the privacy of both our business customers (the companies using our services) and the end users whose data may be processed via features like AI phone calls, review collection, or embedded widgets.

The purpose of this Privacy Policy is to explain:

  • What personal data we collect and why
  • How we use, store, and secure that data
  • What legal basis we rely on under applicable privacy laws, including the EU General Data Protection Regulation (GDPR)
  • How long we retain data and your rights over it
  • How we work with subprocessors (like voice and cloud service providers)
  • How you can exercise your rights or contact us for help

This policy applies to:

  • Visitors to our websites
  • Registered users of the AitoScore dashboard
  • Business representatives who create or manage accounts
  • End customers who are contacted through AI calls or whose reviews are processed using our system

By using our services, accessing our website, or interacting with our platform in any way, you agree to the terms of this Privacy Policy.

If you do not agree with this policy, you should not use our services. ("AitoScore", "we", "us", "our"), including our AI calling system (EasyCaller), widgets, dashboards, and integrations. We are committed to protecting the personal data of our customers and their end users.

# 2. What Data We Collect

We collect and process various categories of personal data depending on how you interact with our platform. This includes information from our direct customers (companies using AitoScore), their end users (e.g., call recipients), and visitors to our websites.

2.1. From Platform Users (Business Customers)

This includes data you provide when creating an account, configuring your workspace, managing campaigns, or subscribing to our services:

  • Full name and role or job title
  • Email address and phone number
  • Company name, industry, and registration ID (e.g. Y-tunnus)
  • Billing and invoicing details (e.g. VAT number, payment method)
  • Authentication data (e.g. passwords or login tokens)
  • Platform usage information (e.g. activity logs, campaign setups, user permissions)

2.2. From End Customers (Call Recipients)

When you use our EasyCaller feature, we may collect personal data from the customers you choose to contact:

  • Phone number (provided by you, the account holder)
  • AI call recordings and voice input (transcribed into text)
  • Star ratings, free-text feedback, and other review-related content
  • Time, duration, and status of calls
  • Consent status (e.g. for contact, marketing, or review publishing)

You are responsible for ensuring that this data is collected lawfully and with appropriate consent where required.

2.3. Automatically Collected

When you visit our platform or interact with it through your browser or app interface, we may collect the following:

  • IP address and approximate geolocation
  • Browser type, device model, and operating system
  • Session behavior (e.g., login times, clicks, navigation paths)
  • Cookie preferences and identifiers

We use this data for analytics, system security, and service personalization. For more detail, see our Cookie Policy.

  • IP address and browser information
  • Device type and OS
  • Session behavior (clicks, navigation)
  • Cookies and tracking preferences

# 3. How We Use Your Data

We use personal data to provide our services, fulfill legal obligations, and improve your experience with the AitoScore platform. Our processing is guided by transparency, purpose limitation, and data minimization principles.

  • To deliver the Service: We use your data to create and manage accounts, workspaces, AI call configurations, campaigns, and review displays.
  • To enable AI-powered review collection: Customer phone numbers, call recordings, and transcripts are processed to create structured reviews and insights based on your EasyCaller script setup.
  • To display customer feedback: If you choose to embed our review widget, we use collected review data (e.g. star ratings, comments, timestamps) to power the content displayed on your website or landing pages.
  • To personalize your experience: Usage data and preferences may be used to customize the dashboard interface, language, default settings, and analytics views.
  • To provide customer support: We access relevant account information to respond to inquiries, resolve technical issues, and offer onboarding guidance.
  • To communicate service updates: We may contact you via email or in-app messages to inform you about feature changes, security alerts, billing events, or support notices. You may also receive onboarding guidance or educational content.
  • To ensure compliance and protect the platform: We monitor usage for abuse prevention, fraud detection, legal compliance, and safeguarding of personal data.
  • To improve and develop our product: Aggregated and anonymized usage data may be used internally for analytics, AI training, feature improvements, and service optimization.

We do not use personal data for profiling, automated decision-making, or third-party marketing without your explicit consent.

# 4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR) and other relevant data protection laws, we must have a lawful basis to process personal data. Depending on the context and nature of the interaction, we rely on the following legal bases:

  • Contract: When we process your data to fulfill our contractual obligations, such as delivering our services, maintaining your account, or responding to support requests.

  • Consent: When you actively give permission for us to process your data — for example, when your end customer consents to being contacted via an AI call that may contain marketing content or agrees to have their review displayed publicly.

  • Legitimate Interests: When processing is necessary for the functioning, security, and improvement of our platform and services, and does not override your fundamental rights. This includes fraud prevention, usage analytics, and product optimization.

  • Legal Obligation: When we are required to process data in order to comply with applicable laws, such as accounting requirements, tax regulations, or cooperating with lawful government requests.

In all cases, we assess our obligations carefully and implement safeguards to protect personal data in accordance with legal standards.

# 5. Sharing Your Data

We respect the confidentiality of your data and only share it when necessary to deliver our services, meet legal obligations, or protect our legitimate interests. We do not sell, rent, or trade personal data under any circumstances.

5.1. Subprocessors and Service Providers

We may share data with carefully selected subprocessors who help us operate the platform, including:

  • Cloud infrastructure and hosting providers (e.g. Supabase, Vercel) for database and application delivery
  • Voice call and speech-to-text vendors (e.g. Vapi, Twilio, Deepgram) to execute and transcribe AI calls
  • Payment service providers (e.g. Stripe) for processing subscriptions and invoices
  • Email and notification systems for sending system alerts and onboarding material

These partners are contractually obligated to process data securely and only for the purposes specified by us.

5.2. Legal Compliance and Protection

We may disclose data if required to:

  • Comply with applicable laws or legal obligations
  • Respond to lawful requests by public authorities, including to meet national security or law enforcement requirements
  • Investigate, prevent, or take action against potential violations of our Terms, suspected fraud, or security threats

5.3. Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

We ensure that all data sharing is limited, controlled, and done in a manner that protects your rights and our platform integrity.

# 6. International Transfers

AitoScore operates globally and may process or store personal data in countries outside your home jurisdiction, including outside the European Union (EU) or European Economic Area (EEA).

6.1. Where Transfers Occur

  • Some of our subprocessors and infrastructure providers may process data in jurisdictions such as the United States or other non-EEA locations, depending on your region and service configuration.

6.2. Safeguards We Use

  • Whenever we transfer your personal data internationally, we ensure appropriate safeguards are in place to protect it in accordance with GDPR and other applicable regulations.

  • These safeguards may include:

    • Standard Contractual Clauses (SCCs) approved by the European Commission
    • Data Processing Agreements (DPAs) with subprocessors
    • Technical and organizational security measures (encryption, access controls, etc.)

6.3. Your Rights

  • You have the right to request more information about our international data transfer practices or obtain a copy of applicable transfer mechanisms by contacting us.

We carefully assess and monitor the legal and technical environment of any country where your data may be stored or processed to ensure your privacy rights are respected and upheld.

# 7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and support operational continuity. The retention periods vary depending on the type of data and your relationship with us.

7.1. Platform and Account Data

  • Data related to your company account, workspace settings, and user profiles will be retained for as long as your account is active.
  • If you delete your account, we will initiate deletion of associated personal data within a reasonable timeframe unless a longer retention period is required by law.

7.2. Campaign and Communication Data

  • Call metadata, transcripts, star ratings, and customer feedback collected via EasyCaller will be retained for as long as you choose to keep it available in your dashboard.
  • You may delete call or review data manually at any time.

7.3. System Logs and Backups

  • Log files, audit records, and system-generated metadata are typically retained for up to 12 months for security monitoring, system maintenance, and legal compliance.
  • Backup snapshots may contain data scheduled for deletion and are purged on a rolling basis within industry-standard timeframes.

7.4. Legal and Regulatory Retention

  • Certain records (e.g., invoices, billing history, consent logs) may be retained longer to comply with tax, accounting, or regulatory obligations.

If you have questions or specific requests related to data retention or deletion, please contact us .

# 8. Your Rights

As a data subject, you have several important rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws. We are committed to respecting and facilitating the exercise of these rights.

8.1. Right of Access

You have the right to request access to the personal data we hold about you, including information about how and why we process it.

8.2. Right to Rectification

If you believe any of the personal data we hold about you is inaccurate or incomplete, you have the right to request corrections or updates.

8.3. Right to Erasure (“Right to Be Forgotten”)

You may request the deletion of your personal data in situations where:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent (where applicable)
  • The data has been unlawfully processed

8.4. Right to Restrict Processing

You may ask us to restrict the processing of your personal data if:

  • You contest the accuracy of the data
  • The processing is unlawful and you prefer restriction over deletion
  • You need the data for legal claims after we no longer need it

8.5. Right to Object

You can object to our processing of your data if it is based on legitimate interests, including profiling. We will stop processing unless we demonstrate compelling legal grounds.

8.6. Right to Data Portability

Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

8.7. Right to Withdraw Consent

Where we rely on your consent to process personal data, you may withdraw that consent at any time. This does not affect the lawfulness of processing based on consent before withdrawal.

8.8. Exercising Your Rights

To exercise any of the above rights, or to make a complaint about how your data is handled, you may contact us. We will respond to your request within the timelines required by law and may request verification of your identity before proceeding.

# 9. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, support essential platform functionality, and gather insights into how our services are used.

9.1. Types of Cookies We Use

  • Strictly Necessary Cookies: These are required for core platform functionality such as authentication, security, and session management.
  • Analytics Cookies: These help us understand how users interact with the platform (e.g., page views, bounce rates, user flows) and are typically provided by services like Google Analytics or similar.
  • Preference Cookies: These remember your settings and preferences (e.g., language, theme, cookie consent choices).
  • Marketing Cookies (if used): These may be used to personalize messages or track campaign effectiveness — only activated with your explicit consent.

9.2. Consent and Control

  • When you first visit our website, you will be presented with a cookie banner asking for your preferences.
  • You may accept all cookies, reject optional ones, or configure your choices individually.
  • You can update your cookie preferences at any time by visiting the cookie settings panel in the footer of our site or clearing your browser cookies.

9.3. Third-Party Tools

  • We may use tools and services from third parties (e.g., analytics, customer support widgets) that place cookies on your device. These are subject to the privacy policies of the respective providers.

For a full breakdown of the cookies we use and how to manage them, please refer to our Cookie Policy.

# 10. Data Security

We take data security seriously and implement a range of technical and organizational measures to protect the confidentiality, integrity, and availability of personal data processed through the AitoScore platform.

10.1. Encryption and Access Control

  • All data is encrypted in transit using HTTPS/TLS and at rest using industry-standard encryption protocols.
  • Access to customer data is restricted based on role and strictly limited to authorized personnel.
  • Multi-factor authentication (MFA) is used for internal administrative accounts.

10.2. Infrastructure and Hosting

  • We use trusted infrastructure providers with strong security track records (e.g. Vercel, Supabase).
  • Data is hosted in secure, access-controlled data centers with regular backups.
  • We monitor system availability and performance continuously.

10.3. Monitoring and Incident Response

  • We maintain audit logs and system-level monitoring for anomaly detection and forensic analysis.
  • In the event of a data breach, we follow a structured incident response plan and notify affected parties in accordance with applicable laws.

10.4. Vendor Risk Management

  • All subprocessors undergo security and privacy due diligence.
  • We require contractual commitments to data protection, confidentiality, and breach notification.

Your data security is essential to the trust you place in AitoScore, and we continually assess and improve our controls to meet evolving threats and standards.

# 11. Children’s Privacy

  • Our service is not intended for children under 16
  • We do not knowingly collect data from minors

# 12. Changes to This Policy

  • We may update this policy to reflect legal or operational changes
  • Updates will be posted here with a revised "Last Updated" date
  • Significant changes may be communicated via email

# 13. Contact Us

Viviro Oy / AitoScore Business ID: FI34635661

For data protection requests, you may also contact us by email

Privacy

Aito Score (hereinafter referred to as the “Owner”) places great importance on protecting your privacy and safeguarding your personal data.

This document provides detailed information about how the Owner collects, processes, and protects your personal data to maintain secure business relationships, ensure regulatory compliance, and guarantee your right to privacy while using our services.

By accessing and using our website, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

1.1 Data You Provide Directly

When you use our platform, you may provide the following personal data:

  • Contact Information: Email address, full name, phone number.
  • Account Registration Details: Date of birth, nationality, marital status, address, and password.
  • Financial Information: Bank account details and transaction history related to our investment platform.
  • User Interactions: Your reviews, opinions, and investment intentions submitted via our platform.
  • Identity Verification Data: Documents required for compliance with financial regulations.

1.2 Data We Collect Automatically (Cookies & Tracking Technologies)

When visiting our website, we may automatically collect certain data, including:

  • Technical Data: IP address, browser type, device information.
  • Usage Data: Time spent on the site, pages visited, content interactions.
  • Security Data: Authentication and access logs for restricted areas.

For more details, refer to our Cookie Policy.

2. How We Use Your Personal Data

We process personal data strictly in accordance with data protection regulations for the following purposes:

  • To provide you with access to our investment platform.
  • To manage and execute investment transactions.
  • To ensure compliance with legal and regulatory requirements.
  • To communicate updates, investment opportunities, and service improvements.
  • To maintain security, detect fraud, and prevent misuse of our platform.
  • To enhance user experience and optimize website functionality.

3. Data Retention Period

Your personal data will be retained as follows:

  • 5 years after your last activity if your account remains open.
  • 1 year after account closure unless:
    • A regulatory issue requires extended retention.
    • There are pending transactions, in which case data will be stored until completion.
  • Financial Data: Retained as required by applicable tax and financial laws.
  • Suspended or Blocked Accounts: Data is retained between 2 and 10 years for regulatory compliance.

4. Where We Store Your Data

Personal data is primarily stored in secure databases within the European Economic Area (EEA). However, some data may be transferred outside the EEA to service providers ensuring adequate protection levels.

5. Your Rights and How to Exercise Them

You have the right to:

  • Access your personal data.
  • Correct inaccuracies in your data.
  • Restrict Processing under certain conditions.
  • Request Data Deletion when no longer needed.
  • Object to the processing of your data.
  • Withdraw Consent at any time.

Contact Information

For inquiries regarding this Privacy Policy, please contact us.

© Aito Score 2025. All rights reserved.