Privacy Policy — PlanetAI
The Planet Company Oy
Last updated: November 24th 2025
1. Introduction
This Privacy Notice explains how The Planet Company Oy (“we”, “us”, “PlanetAI”) processes personal data when individuals use the PlanetAI platform or interact with us. We are committed to protecting privacy, ensuring data security, and complying with the EU General Data Protection Regulation (GDPR).
PlanetAI processes minimal personal data. We do not profile users, we do not process special categories of data, and we do not collect behavioural or usage analytics beyond what is necessary for authentication and security.
2. Data Controller
The Planet Company Oy
Business ID: 2911392-2
Lounatuuli 17 A, 21100 Naantali, Finland
Email: privacy@planetcompany.com
3. What Personal Data We Collect
We only collect the personal data necessary for user account management and secure access to the Platform:
First name
Last name
Email address
We do not collect additional personal data, behavioural tracking data, or any user-generated personal data.
4. How User Accounts Are Created
Users may be added to the PlanetAI platform in two ways:
Customer admin users may add new users belonging to their own organisation.
Admins can invite colleagues by submitting first name, last name, and email address into the platform’s user management interface.PlanetAI may invite and onboard users directly, at the request of the customer or for pilot access.
In this case, we only process the same minimal data listed above.
The platform is not open for self-registration.
All invitations are controlled, access is role-based, and users can only access data belonging to their organisation.
5. Purpose and Legal Basis of Processing
Purpose of Processing
We process personal data strictly for:
Managing and provisioning user accounts
Authentication and access control
Providing the PlanetAI service and customer support
Ensuring platform security, logging, continuity, and incident handling
Fulfilling contractual obligations with the customer organisation
Legal Basis (GDPR Art. 6)
Contract performance (Art. 6.1.b)
Legitimate interest (Art. 6.1.f): ensuring platform security and proper account administration
6. Use of AI Services
PlanetAI uses the Google Gemini API (latest version) to support AI-driven functionalities.
We do not send personal data (names, emails, identifiers) to Gemini.
Only sustainability-related, non-personal content is processed.
AI providers are never used for user management or authentication.
7. Data Retention
Personal data is stored only for as long as the user account is active.
When access is removed (e.g., customer termination or admin request):
Personal data is deleted from production systems without delay
Backups are purged according to a 7-day retention policy
We do not store personal data longer than needed.
8. Data Security
We apply strict security controls, including:
Cloud & Infrastructure Security
Hosting in GCP EU data centers
Encryption in transit (TLS 1.2/1.3) and at rest (AES-256) with KMS key management
No cross-tenant data access—each customer’s data is logically isolated
Access Control
Authentication via Clerk with secure passwords or federated enterprise login
RBAC and least-privilege enforced within each tenant
Admin users can only manage users within their organisation
Operational & Development Security
Security-by-design; CI/CD; updated dependencies; hardened cloud environment
Logging and monitoring of system events (non-personal)
Automated daily backups
9. Data Transfers Outside the EU
Personal data is stored primarily in EU/EEA regions
AI-related processing (non-personal) is handled under Google’s data protection terms
Transfers rely on SCCs or adequacy decisions when necessary
10. Sharing of Personal Data
We do not sell or disclose personal data for marketing.
Data may be shared only with:
Cloud and authentication service providers (e.g., Google Cloud, Clerk)
Authorities when legally required
All processors operate under GDPR-compliant agreements.
11. Cookies
PlanetAI uses:
Essential authentication cookies only
No analytics or advertising cookies are used unless added with separate consent.
12. Your Rights
You have the right to:
Access your data
Request correction
Request deletion
Restrict or object to processing
Request portability
File a complaint with your supervisory authority
Contact: privacy@planetcompany.com
13. Changes to This Privacy Notice
We may update this Privacy Notice as the service evolves. The most recent version will be posted on our website.
Privacy Policy — PlanetAI
The Planet Company Oy
Last updated: November 24th 2025
1. Introduction
This Privacy Notice explains how The Planet Company Oy (“we”, “us”, “PlanetAI”) processes personal data when individuals use the PlanetAI platform or interact with us. We are committed to protecting privacy, ensuring data security, and complying with the EU General Data Protection Regulation (GDPR).
PlanetAI processes minimal personal data. We do not profile users, we do not process special categories of data, and we do not collect behavioural or usage analytics beyond what is necessary for authentication and security.
2. Data Controller
The Planet Company Oy
Business ID: 2911392-2
Lounatuuli 17 A, 21100 Naantali, Finland
Email: privacy@planetcompany.com
3. What Personal Data We Collect
We only collect the personal data necessary for user account management and secure access to the Platform:
First name
Last name
Email address
We do not collect additional personal data, behavioural tracking data, or any user-generated personal data.
4. How User Accounts Are Created
Users may be added to the PlanetAI platform in two ways:
Customer admin users may add new users belonging to their own organisation.
Admins can invite colleagues by submitting first name, last name, and email address into the platform’s user management interface.PlanetAI may invite and onboard users directly, at the request of the customer or for pilot access.
In this case, we only process the same minimal data listed above.
The platform is not open for self-registration.
All invitations are controlled, access is role-based, and users can only access data belonging to their organisation.
5. Purpose and Legal Basis of Processing
Purpose of Processing
We process personal data strictly for:
Managing and provisioning user accounts
Authentication and access control
Providing the PlanetAI service and customer support
Ensuring platform security, logging, continuity, and incident handling
Fulfilling contractual obligations with the customer organisation
Legal Basis (GDPR Art. 6)
Contract performance (Art. 6.1.b)
Legitimate interest (Art. 6.1.f): ensuring platform security and proper account administration
6. Use of AI Services
PlanetAI uses the Google Gemini API (latest version) to support AI-driven functionalities.
We do not send personal data (names, emails, identifiers) to Gemini.
Only sustainability-related, non-personal content is processed.
AI providers are never used for user management or authentication.
7. Data Retention
Personal data is stored only for as long as the user account is active.
When access is removed (e.g., customer termination or admin request):
Personal data is deleted from production systems without delay
Backups are purged according to a 7-day retention policy
We do not store personal data longer than needed.
8. Data Security
We apply strict security controls, including:
Cloud & Infrastructure Security
Hosting in GCP EU data centers
Encryption in transit (TLS 1.2/1.3) and at rest (AES-256) with KMS key management
No cross-tenant data access—each customer’s data is logically isolated
Access Control
Authentication via Clerk with secure passwords or federated enterprise login
RBAC and least-privilege enforced within each tenant
Admin users can only manage users within their organisation
Operational & Development Security
Security-by-design; CI/CD; updated dependencies; hardened cloud environment
Logging and monitoring of system events (non-personal)
Automated daily backups
9. Data Transfers Outside the EU
Personal data is stored primarily in EU/EEA regions
AI-related processing (non-personal) is handled under Google’s data protection terms
Transfers rely on SCCs or adequacy decisions when necessary
10. Sharing of Personal Data
We do not sell or disclose personal data for marketing.
Data may be shared only with:
Cloud and authentication service providers (e.g., Google Cloud, Clerk)
Authorities when legally required
All processors operate under GDPR-compliant agreements.
11. Cookies
PlanetAI uses:
Essential authentication cookies only
No analytics or advertising cookies are used unless added with separate consent.
12. Your Rights
You have the right to:
Access your data
Request correction
Request deletion
Restrict or object to processing
Request portability
File a complaint with your supervisory authority
Contact: privacy@planetcompany.com
13. Changes to This Privacy Notice
We may update this Privacy Notice as the service evolves. The most recent version will be posted on our website.
Want more than one user?
Book a Call Today and Start Automating