Privacy notice and information on GDPR

1. Who We Are

Skimle is owned and operated by Skimle Oy ("we", "us", or "our"). We are committed to complying with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws as well as the EU AI Act.

If you have questions, you can reach us at: info@skimle.com

2. What Data We Collect

We collect only the data necessary to provide and improve our services. This may include:

• Account information: Name, email address, password (hashed)
  
• Usage data: Interactions with documents, feature usage, and activity logs
  
• Device and technical data: Browser type, IP address, and session data
  
• Communications: Emails, feedback, or support queries you send us
  
• Documents: We save and index the documents you upload to the service.
  

We do not collect sensitive personal data unless explicitly required and with your consent. Please do not upload documents containing sensitive personal data, such as medical records.

3. How We Use Your Data

We use your data to:

• Provide and maintain your access to Skimle
  
• Improve our product and services
  
• Respond to support inquiries or feedback
  
• Monitor service performance and detect/prevent abuse
  
• Comply with legal obligations
  

We will never sell or rent your data to third parties. We will never read the documents you have uploaded. However, in the case of individual users, we reserve the right to inspect prompts and large language model outputs that include your document data to solve problems and improve the service functioning.

4. Legal Basis for Processing (Under GDPR)

We process your data based on the following legal grounds:

• Performance of a contract (providing the Skimle service)
  
• Legitimate interests (e.g., improving features, securing the service)
  
• Consent (where applicable, such as for newsletters)
  
• Legal obligations (e.g., tax or regulatory compliance)
  

5. Data Retention & Deletion

• You may delete your account at any time, and all associated personal data will be permanently deleted.
  
• If your account remains inactive for 12 months, we will notify you and subsequently delete the account and its data.
  
• We retain anonymized and aggregated data for analytics purposes.
  

6. Data Security

We take appropriate technical and organizational measures to protect your data. However, no system is completely immune to risks. By using Skimle, you acknowledge that you are aware of and accept this residual risk.

7. Sharing with Third Parties

We may share your data only with:

• Trusted subprocessors (such as cloud service providers and analytics tools)
  
• Legal authorities, when required by law
  

All third-party providers are required to comply with GDPR and are bound by data protection agreements.

8. Your Rights Under GDPR

You have the right to:

• Access your data
  
• Correct or update your data
  
• Delete your data
  
• Object to or restrict processing
  
• Withdraw consent at any time
  
• File a complaint with a supervisory authority
  

To exercise any of these rights, please contact us at: info@skimle.com

9. Cookies

We use cookies to improve your experience. You may control cookie settings through your browser. We do not share cookies with any external websites.

10. International Transfers

We do not foresee any reason to ever transfer your data outside the EEA. In case this will happen for some unforeseen reason, we will ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the platform.

Contact Us
For any questions about this policy, email us at: info@skimle.com

Where does my data go and is it used to train AI models?

We use OpenAI’s large language models on Microsoft Azure within EU to process data. This means that your data never leaves EU and that it is not used to train any AI models. Microsoft has promised us the following (https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy):

Your prompts (inputs) and completions (outputs), your embeddings, and your training data:

• are NOT available to other customers.
• are NOT available to OpenAI.
• are NOT used to improve OpenAI models.
• are NOT used to train, retrain, or improve Azure OpenAI Service foundation models.
• are NOT used to improve any Microsoft or 3rd party products or services without your permission or instruction.

The Azure OpenAI Service is operated by Microsoft as an Azure service; Microsoft hosts the OpenAI models in Microsoft's Azure environment and the Service does NOT interact with any services operated by OpenAI (e.g. ChatGPT, or the OpenAI API).

Before and after being processed by Azure OpenAI service, all your data resides in a relational database hosted securely in Microsoft Azure cloud and/or Amazon Web Services.