Privacy Policy

Last updated: 19 May 2026

1. Controller

The controller for personal data processed through Lyniti is:

  • Service: Lyniti
  • Operator: Lyniti - Finland, Helsinki
  • Location: Finland, Helsinki
  • Email: [email protected]

2. Data We Collect

We may collect the following categories of data:

  • Account information
  • Authentication and login-related data
  • Workspace content
  • Uploaded files and attachments
  • Messages, comments, and collaboration data
  • Device, browser, and service usage metadata
  • Billing and contact details if you use paid features
  • Support communications

Lyniti is intended for business and organizational use and is not directed to children under 16.

3. Why We Use It

We use personal data to:

  • Provide and secure the service
  • Manage accounts, payments, and support
  • Improve the service and understand usage
  • Meet legal obligations

Our legal bases are contract, legitimate interests, legal obligations, and consent where consent is required.

4. Sharing and Transfers

We may share data with service providers, payment providers, other workspace members where collaboration requires it, and authorities when required by law. Data is primarily processed in the EU. If data is transferred outside the EU/EEA, we use appropriate safeguards.

Our infrastructure and service providers may include Hetzner for hosting, Cloudflare for delivery and security-related services, and Stripe for payments. We may update providers over time where needed to operate the service.

5. Retention

We keep personal data for as long as needed to operate the service, maintain workspaces, comply with law, resolve disputes, and enforce agreements.

Workspace content is generally stored while the workspace exists. If a workspace is deleted, related workspace data is deleted with it, subject to limited retention required for legal compliance, billing records, security logging, fraud prevention, dispute handling, and backup expiration. Different categories of data may be kept for different time periods depending on those needs.

Where technically feasible, users may export workspace data before deletion. Some residual copies may remain temporarily in backups until normal backup rotation expires.

6. Security

We use reasonable technical and organizational measures designed to protect personal data and workspace content, including access controls, encryption in transit, logging, and infrastructure security practices. However, no method of transmission or storage is completely secure.

7. Your Rights

Under GDPR, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of data
  • Restrict processing
  • Object to processing
  • Receive your data in a portable format
  • Withdraw consent where processing relies on consent

To exercise these rights, contact [email protected].

8. Automated Decision-Making

We do not currently use personal data for solely automated decision-making that produces legal or similarly significant effects.

9. Cookies and Similar Storage

We use cookies or similar storage for authentication, security, preferences, and basic service functionality. If analytics is enabled, we may also use privacy-focused analytics to measure usage and performance. We do not currently use advertising or cross-site marketing cookies.

10. Contact and Complaints

For privacy questions or complaints, contact [email protected].

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman.