DDScore.ai — Privacy Policy
Effective date: 6 May 2026
2026.05.06 10:55
This Privacy Policy explains how Playful Pixels Oy (“we,” “us,” “our”; Finnish Business ID 2410516-5) collects, uses, discloses and safeguards your personal data when you use DDScore.ai (the “Service”). It complies with the EU General Data Protection Regulation (GDPR) and applicable Finnish data-protection laws.
1. Data Controller
Playful Pixels Oy | Business ID 2410516-5 | Espoo, Finland | [email protected]
2. Personal Data We Collect
| Category | Examples | Legal basis (GDPR Art. 6) |
|---|---|---|
| Account data | E-mail address, phone number, hashed password or single-sign-on identifier. | Contract (§1 b) |
| Subscription meta | Stripe customer ID, subscription ID, transaction tokens. We never store card numbers or other payment-instrument details. | Contract; Legal obligation (§1 c) |
| Technical logs | IP address, browser type, OS, device identifiers, timestamps. | Legitimate interest (§1 f) — security & fraud prevention |
| Support data | Messages and attachments you send to our help desk, including the report (automatically attached) and any source materials voluntarily attached to support requests. | Legitimate interest (§1 f) — Attachments retained 14 days from submission, extendable by mutual agreement of both parties; ticket text retained 24 months |
| Processing data | Uploaded business documents and generated analysis reports. | Contract (§1 b) — Source files deleted immediately upon report completion; reports deleted <24h after generation |
| Public Data | Professional background, education, and public profiles of analyzed team members. | Legitimate interest (§1 f) — Deleted with the related report |
| Published share content | Reports or main images you choose to publish via the in-service share link function. | Contract (§1 b) and your consent — Retained while the share link is active |
| Anonymous statistical data | The 12 section scores, GICS-based industry classification, country/region, and timestamp. No link to user identity or submitted material. | Not personal data (GDPR Recital 26) |
Payment details: All card and bank information is collected and processed directly by Stripe Payments Europe Ltd (“Stripe”). Playful Pixels Oy does not receive or store your full payment-instrument data.
3. How We Use Your Data
- To provide, maintain and authenticate access to the Service.
- To manage subscriptions and process recurring payments via Stripe.
- To send essential service communications (e.g. security alerts, policy updates).
- To monitor performance, ensure security and prevent abuse.
- To perform analysis of business documents and professional backgrounds using AI-powered analysis combined with mathematical methods, including proprietary Advanced Probabilistic Analysis.
- To handle support requests and feedback you submit through the Service.
- To enable the optional in-service share link function when you choose to use it.
We also collect anonymous, aggregated statistical data — consisting of the 12 section scores, GICS-based industry classification, country/region, and timestamp — to develop and improve the Service. This data is statistical and contains no link to your identity or to the submitted material.
No Training: We do not use your personal data, uploaded documents, or generated reports to train or fine-tune machine learning models. The anonymous statistical data described above is also not used to train AI models and is not transferred to third parties.
4. Data Sharing
We do not sell or rent your personal data. We share it only with trusted service providers (Stripe, cloud hosting, enterprise APIs) under contracts that require confidentiality and GDPR-compliant safeguards. Your Stripe customer ID is linked to your account for billing purposes, but no payment-instrument data is copied into our systems. We share data when legally required to comply with applicable law or valid governmental requests.
If you choose to use the in-service share link function (Terms of Service, Section 7), the report or main image you publish is made accessible via a public link on the open Internet. This is your voluntary choice on a per-report basis. All personal data is removed from the published version; the company name and the general analytical content of the report remain visible. We apply industry best-practice measures designed to reduce the likelihood of share links being indexed by search engines or stored in web archives, but because the published content is hosted on the public Internet, we cannot guarantee that it will not be indexed, archived, or cached by parties outside our control. The likelihood increases substantially if you distribute the link via third-party platforms (e.g., social media, online forums). Source materials are not part of the share function and are deleted immediately upon report completion regardless of any sharing choice. Upon deletion of the share link or closure of your account, the published content is removed from our servers immediately.
5. Data Retention (Zero Trace Policy)
| Data type | Retention period |
|---|---|
| Uploaded source files | Automatically and permanently deleted immediately upon completion of report generation |
| Generated analysis reports | Automatically and permanently deleted within 24 hours of generation, regardless of whether they have been accessed |
| Published share content (when share link function is used) | Retained while the share link is active. Removed from our servers immediately upon deletion of the share link or closure of the account. |
| Support ticket attachments (report and any voluntarily attached source materials) | 14 days from submission. Either party may request an extension subject to mutual agreement. |
| Anonymous statistical data | Retained indefinitely for product development. Not personal data. |
| Account & Subscription records | Duration of customer relationship + 10 years (Finnish Accounting Act) |
| Technical logs | 24 months |
| Support tickets (text content) | 24 months after last correspondence |
6. Your Rights
You have the right to: access, correct or delete your personal data; restrict or object to processing; receive your data in a portable format; and withdraw consent at any time (where processing is based on consent). To exercise these rights, contact [email protected]. We may need to verify your identity. We reply within one (1) month, extendable by two (2) months for complex requests. You may lodge a complaint with the Finnish Data Protection Ombudsman.
7. Data Security
Encryption: TLS 1.3 encryption in transit and AES-256 encryption at rest.
Access Control: Role-based access controls and multi-factor authentication for staff. In the context of support-request handling, access to submitted materials is restricted to the support team and the development team.
Automatic Purge: Hard-coded automatic purge of uploaded source files immediately upon report completion, and of generated reports within 24 hours of generation.
Testing: Regular vulnerability scanning and third-party penetration testing.
Continuity: Back-up, business-continuity and disaster-recovery plans for system infrastructure and metadata (excluding processed documents).
8. International Transfers
Your data is stored and processed within the EU/EEA. If processing occurs outside the EEA, we rely on EU adequacy decisions or Standard Contractual Clauses plus any additional safeguards required by GDPR.
9. Business Use (B2B)
The Service is intended for professional use by users aged 18 and older. We do not knowingly collect personal data from children; if we become aware of such data, we will delete it promptly.
10. Cookies
We use essential cookies for authentication and security. We may use anonymized analytics to improve user experience. You can manage cookies via your browser settings.
11. Changes to This Policy
We may update this Policy to reflect operational or legal changes. For material changes we will notify you (e-mail or in-app) at least 14 days before the new version takes effect.
Contact
Playful Pixels Oy
Business ID 2410516-5
Espoo, Finland
[email protected]
© 2026 Playful Pixels Oy — All rights reserved.