Privacy Policy — AQOON
Effective date: 12.5.2026
Last updated: 12.5.2026
Next scheduled review: 12.5.2027
1. Who we are
AQOON is operated by Abdikadir Abdullahi Aligure as a private person, based in Finland. We help Somali-speaking residents of Finland understand and respond to messages from Finnish institutions (schools, Kela, employers, public authorities).
Data controller contact:
Abdikadir Abdullahi Aligure
Minna Canthin katu 22 A 8
40100 Jyväskylä, Finland
Email: ad0298@student.jamk.fi
Phone: +358 45 259 1438
2. What we collect
We follow strict data minimization. We never store the content of the messages you paste into AQOON, nor the translations or drafts AQOON generates for you.
We do collect:
a. Account information (when you sign up via our authentication provider Clerk):
- Email address
- Name (optional, if provided)
- Account creation timestamp
- Authentication session tokens
b. Subscription and payment information (when you purchase AQOON Pro):
- Stripe customer identifier
- Subscription tier (free / basic)
- Payment status (handled directly by Stripe — we never see your card number)
c. Usage metering (to enforce free-tier limits):
- Monthly usage count (a number, e.g. “7 of 10”)
- Daily usage count (a number, e.g. “1 of 2”)
- Period start dates
d. Aggregated, anonymized interaction metadata (used to improve service quality and prepare anonymized reports for institutional partners):
- Message length in characters (the number, never the content)
- Mode used (school / work / everyday)
- Detected topic category (e.g. “school absence”, “Kela housing benefit”)
- Detected sender category (e.g. “teacher”, “Kela”)
- Whether a Finnish reply was drafted
- Response time
- Session identifier (random UUID, not linked to your identity in reports)
3. What we do NOT collect
- We do not store the text of messages you paste into AQOON.
- We do not store the Finnish replies or Somali explanations AQOON generates.
- We do not store follow-up conversation text.
- We do not use analytics cookies, advertising trackers, or third-party fingerprinting.
- We do not sell your personal data. Ever.
4. Why we collect what we collect
Our legal bases under GDPR Article 6:
- Contract performance (6(1)(b)): account info, subscription info, usage metering — necessary to provide AQOON to you.
- Legitimate interests (6(1)(f)): aggregated, anonymized interaction metadata — used to improve service quality, monitor abuse, and prepare anonymized reports for institutional partners (e.g. municipalities). This metadata cannot be used to identify you. You can object to this processing under Article 21 — see Section 9.
5. How long we keep data
| Data type | Retention period |
|---|---|
| Account information | While your account is active, plus 30 days after deletion |
| Subscription / payment records | 6 years (required by Finnish accounting law, Kirjanpitolaki 1336/1997) |
| Usage metering | Reset every 30 days (monthly) or every 24 hours (daily) |
| Interaction metadata | 24 months in identifiable form, then aggregated only |
| Message content | Never stored. Discarded immediately after processing. |
6. Who else processes your data (sub-processors)
To operate AQOON we use these processors:
| Provider | Purpose | Location | Safeguard |
|---|---|---|---|
| Clerk | Authentication, account management | United States | Standard Contractual Clauses (SCCs) |
| Supabase | Database (account, subscription, metadata) | Ireland (EU) | No cross-border transfer |
| Stripe | Payment processing | Ireland (EU) / United States | SCCs for US transfers |
| Anthropic | AI processing of pasted messages (transient, not stored) | United States | SCCs |
| OpenAI | AI processing fallback (transient, not stored) | United States | SCCs |
| Vercel | Frontend website hosting | United States | SCCs |
| Railway | Backend application hosting | United States | SCCs |
Note on AI processing: When you paste a message into AQOON, the text is sent transiently to Anthropic or OpenAI for processing. Per our agreements with both providers, your message content is not used to train their models and is not retained beyond the immediate processing call. We never store this content on our side either.
7. International data transfers
Several of our sub-processors are located outside the European Economic Area (primarily the United States). Each transfer is protected by Standard Contractual Clauses approved by the European Commission. You can request copies of these clauses by contacting us.
8. Children
Under Finnish Tietosuojalaki Section 5, a child aged 13 or older may consent to information society services without parental consent. AQOON does not knowingly collect information from children under 13. If a child under 13 has created an account, please contact us at ad0298@student.jamk.fi and we will delete the account.
9. Your rights
Under GDPR Articles 15–22, you have the right to:
- Access the personal data we hold about you
- Rectify any inaccurate data
- Erase your account and associated data (“right to be forgotten”)
- Restrict processing in certain circumstances
- Portability — receive your data in a machine-readable format
- Object to processing based on our legitimate interest (Section 4 above)
- Withdraw consent at any time, where processing is based on consent
To exercise these rights, you can:
- Delete your account directly via the “Account” section in the app, or
- Email us at ad0298@student.jamk.fi
We will respond within one month per Article 12(3).
10. Complaints
If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:
Tietosuojavaltuutetun toimisto
PL 800, 00521 Helsinki, Finland
Phone: +358 29 566 6700
tietosuoja.fi
11. Security
We protect your data using:
- HTTPS encryption for all traffic
- Service-role-only access to our database (no public access to account or interaction data)
- Bearer-token authentication on administrative endpoints
- Row Level Security policies on data tables
- Access controls on third-party processors
We will notify you and the Tietosuojavaltuutettu within 72 hours of any breach posing a high risk to your rights.
12. Changes to this policy
We will notify you of material changes by email and update the “Last updated” date above. Your continued use of AQOON after a change means you accept the updated policy.
13. Contact
For any privacy question: ad0298@student.jamk.fi · +358 45 259 1438