LogoIturaBeta

Itura Privacy Policy

Effective Date: June 18, 2025

Welcome to Itura. Your privacy is critically important to us. This Privacy Policy explains how Itura oy (Itura, we, us, or our) collects, uses, discloses, and protects your information when you use our platform for building and using custom, database‑backed applications through a conversational interface (collectively, the Service).

This policy is designed to be read in conjunction with our Terms of Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Who We Are and Our Role

  • Data Controller vs. Data Processor: Under the General Data Protection Regulation (GDPR), it's important to understand our respective roles.
    • You (the User) are the Data Controller of the personal data you provide to Itura and the data inside your generated applications (for example, data stored in your app’s SQL tables and files you upload). You determine the purposes and means of processing this data.
    • Itura is the Data Processor. We process this data on your behalf and strictly according to your instructions, which you provide by using the Service and as outlined in our Terms of Service.

2. Information We Collect

We collect information necessary to provide and improve our Service. This information is categorized as follows:

a) Information You Provide Directly:

  • Account Information: When you create an Itura account, we collect your name, email address, and password.
  • Payment Information: If you subscribe to a paid plan, our third-party payment processor (e.g., Stripe) will collect your payment card details. Itura does not store your full payment card information, but we may receive information like your billing address and transaction details.
  • Communications: When you contact us for support, to provide feedback, or to exercise your data rights (e.g., by emailing contact@itura.ai or security@itura.ai), we collect the content of those communications.

b) Information Related to Your Apps:

  • Specification Content: The plain‑English text you provide to describe your app’s overview, roles, entities, relationships, permissions, and constraints.
  • App Data: Data stored in SQL tables created for your app. These tables are protected by row‑level security (RLS) so only authorized users of that app can access the data.
  • Uploaded Files: Files you upload while interacting with your app (for example, documents or images) for the purposes you request.
  • Optional Integrations: If you choose to connect external services, we securely store authentication tokens (not passwords) and access only the data necessary to perform the actions you request. You can revoke this access at any time.

c) Information We Collect Automatically:

  • Usage Data: We collect information about how you interact with the Service, such as the features you use, the commands you issue (your prompts), the AI-generated responses you receive, and timestamps of your activity. This helps us understand usage patterns and improve the Service.
  • Device and Log Data: We may collect technical information like your IP address, browser type, operating system, and device information to ensure the security and reliability of our Service.

3. How We Generally Use Your Information

We use the information we collect for the following purposes:

  • To Provide and Maintain the Service: To operate your Itura apps, execute your commands in chat, manage your app’s database tables and files, and manage your account.
  • To Improve and Develop the Service:
    • We analyze usage data to understand what works and what doesn't, allowing us to enhance features and user experience.
    • AI Model Training: As stated in our Terms of Service, we may use your prompts and the resulting AI-generated responses to train and improve our AI models. We will never use data stored in your app’s database tables or files you upload to train our AI models. You can opt out of this by emailing contact@itura.ai with the subject "Opt Out of AI Training Data".
  • To Communicate With You: To send you service-related announcements, security alerts, and support messages.
  • For Security and Fraud Prevention: To protect our Service, users, and the public from malicious or fraudulent activity.
  • To Process Payments: To manage subscriptions, billing, and process payments for our paid plans.
  • To Comply with Legal Obligations: To fulfill our legal requirements and respond to lawful requests from public authorities.

4. How Itura Handles Your App Data and Optional Integrations

This section provides explicit details on how we handle your app data and, if used, external integrations.

Core Principle and Acknowledgment of AI Risk: Itura only initiates actions within your connected services in direct response to a command from you. The Service does not perform background actions autonomously without your explicit consent. The Service is designed to seek your explicit confirmation before executing potentially sensitive or destructive actions, such as sending an email, modifying critical data, or deleting a file. However, you must acknowledge that Itura is powered by generative artificial intelligence, a technology that is inherently probabilistic and prone to error.

This means there is a risk that the Service could misinterpret a command or, in some cases, fail to correctly prompt for confirmation, leading to an unintended action. While we make a best effort to build safeguards, this cannot be guaranteed. Therefore, the responsibility to manage this risk lies entirely with you. You must treat every interaction with Itura as provisional, and potentially leading to destructive and irreversible actions. It is your sole responsibility to carefully formulate your commands and to vigilantly review any action or content generated by the Service before you approve it, allow it to proceed, or rely on it. By using the Service, you understand and accept that Itura is not liable for unintended actions resulting from the inherent limitations of this technology, as detailed in our in our Terms of Service.

Below are examples of the permissions we request and why we need them, broken down by service type.

a) Your App’s Database Tables

  • What We Store: Data that your app uses and that you or your users create through chat.
  • How We Protect It: Tables are protected by row‑level security so only authorized users of the app can access their rows.
  • Retention: Data persists until you delete it via your app or delete the app/account.

b) Uploaded Files

  • What We Store: Files you upload while interacting with your app (for example, documents or images) for the purposes you request.
  • Retention: Stored until you remove them or delete the app/account.

c) Optional External Integrations (if enabled)

  • Authentication: We store OAuth tokens (not passwords) to act on your behalf only when you request it. You can revoke at any time.
  • Examples of Actions (based on your commands):
    • Read calendar events to check availability, then create or update events on request.
    • Create or update items in project management tools or CRMs when you ask.
    • Search, read, or create files in cloud storage providers when instructed.
  • Data Used: Limited to the minimum necessary to perform the requested action.
  • Where applicable, we comply with provider-specific terms and data‑use policies (for example, Google API Services User Data Policy Limited Use).

5. How We Share Your Information

We do not sell your personal data. We only share your information with trusted third parties under the following limited circumstances:

  • With Sub-processors: We use third-party vendors and services ("sub-processors") to provide the necessary hardware, software, networking, storage, and related technology required to run the Service. These sub-processors are contractually bound to protect your data and only process it according to our instructions.

    As of the Effective Date of this policy, our key sub-processors include:

    • Amazon Web Services (AWS): Cloud infrastructure and hosting (United States)
    • Google Cloud Platform (GCP): Cloud infrastructure and hosting (United States)
    • Microsoft Azure: Cloud infrastructure and hosting (United States)
    • Supabase: Managed database and backend services (United States)
    • Vercel: Web application hosting (United States)
    • OpenAI: AI model provider (United States)
    • Anthropic: AI model provider (United States)
    • Stripe: Payment processing (United States)
    • Amplitude: Analytics (United States)
  • For Legal Reasons: We may disclose your information if we believe it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms of Service; to protect the security or integrity of the Service; or to protect the rights, property, or safety of Itura, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

6. Data Retention

We retain your data only for as long as necessary to fulfill the purposes for which it was collected.

  • Account Information: We retain your account information for as long as your account is active.
  • Cached Data: Data retrieved from your Third-Party Services is often cached temporarily on our servers to improve performance and execute your commands. This cached data is deleted once it is no longer needed for the requested operation.
  • Termination: When you delete your account, we will initiate a process to permanently delete your account information and any cached data from our live systems within 30 days. Encrypted backup copies may be retained in our disaster recovery archives for up to 90 days, after which they are permanently erased.

7. Your Data Protection Rights (GDPR)

As a user, you have specific rights regarding your personal data. If you wish to exercise any of these rights, please contact us at contact@itura.ai.

  • Right to Access, Rectification, and Erasure.
  • Right to Restrict Processing.
  • Right to Data Portability.
  • Right to Object.
  • Right to Lodge a Complaint with a supervisory authority.

8. Security

We take the security of your data very seriously. We use a combination of technical, administrative, and physical controls to maintain the security of your data. These measures include:

  • Encryption: Data is encrypted both in transit (using TLS/SSL) and at rest.
  • Access Control: Access to personal data is strictly limited to personnel who require it to perform their job functions.
  • Incident Response: We have a process for responding to security incidents. If you believe your account has been compromised, you must notify us immediately at security@itura.ai.

9. Use of Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Service.

  • What are Cookies? Cookies are small text files stored on your device when you visit a website. They help us remember your preferences and session information, making your experience smoother.
  • Essential Cookies: These cookies are necessary for the Service to function correctly. They are used for purposes like keeping you logged in and maintaining the security of your account. You cannot opt out of these cookies as the Service cannot be provided without them.
  • Performance and Analytics Cookies: We use these cookies to collect information about how you interact with our Service, which helps us understand usage patterns and improve our features. For example, we use analytics services to understand which parts of the application are most used. This data is aggregated and anonymized wherever possible.
  • Managing Cookies: Most web browsers allow you to control cookies through their settings. You can set your browser to block or alert you about these cookies, but please be aware that some parts of the Service may not function properly without them.

10. International Data Transfers

To provide you with the Service, your personal data may be transferred to, and processed in, countries other than the one you reside in. When we transfer your data outside the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by relying on legal mechanisms such as Adequacy Decisions or Standard Contractual Clauses (SCCs).

11. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such information, we will take steps to delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make a change that we believe is material, we will notify you through the Service or by email. Your continued use of the Service after any changes take effect constitutes your agreement to the new policy.

13. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us.

Itura oy
(Finnish Business ID: 3493409-8)
Email: contact@itura.ai
For security-specific inquiries: security@itura.ai