Selkofy

Privacy Policy

Last updated: 2025-11-30

Data Controller:

Nicholls Trading

Tampere, Finland

support@selkofy.com

1. Overview

Selkofy provides Finnish language learning tools and a Chrome extension. This Privacy Policy explains how we process your personal data.

2. Data We Collect

We only collect the minimum information required to operate the Service:

  • Email address — for login, account identification, and communication.
  • Subscription status and payment metadata — processed via Stripe (we do not store card numbers).
  • Technical logs — basic error logs and usage logs needed to keep the Service secure and functional.

We do not use advertising trackers, profiling, or sell personal data.

3. Additional Data We Store for Security

To provide secure authentication and protect user accounts, Selkofy also stores system-generated data connected to your identity:

  • Password hashes
  • Login sessions
  • Refresh tokens
  • Email verification tokens
  • Password reset tokens
  • OAuth-style authorisation codes (short-lived)
  • Token expiry times and revocation flags

This information is used exclusively for logging you in, maintaining your session, preventing unauthorised access, and detecting fraud or abuse. Selkofy does not use any of this data for analytics, profiling, or marketing.

4. How We Use Your Data

We process your data to:

  • Create and maintain your Selkofy account
  • Provide access to paid features
  • Verify subscription status
  • Communicate important service updates
  • Improve stability and prevent abuse

5. Legal Basis (GDPR)

We process your data under:

  • Contract (Art. 6(1)(b)) — to provide the Service
  • Legitimate interest (Art. 6(1)(f)) — security, fraud prevention, service improvement
  • Consent — only when you explicitly opt-in

6. How Payments Are Handled

Payments and subscriptions are processed by Stripe, Inc. Selkofy does not store or process any payment card information.

Stripe independently stores and processes:

  • Card numbers
  • Card expiry dates
  • Billing details
  • Invoice and payment history

Selkofy only stores the minimum subscription metadata required to operate your account:

  • Stripe customer ID
  • Stripe subscription ID
  • Subscription status (e.g. active, cancelled)
  • Price ID
  • Current billing period end date

This information is used solely to manage your access to paid features.

7. Data Storage and Transfers

Your account data is stored in the EU. Stripe may transfer data outside the EU but is fully GDPR-compliant with approved safeguards.

8. How Long We Keep Your Data

  • Email & account data: kept for as long as you have an account.
  • Billing records: kept for the period required by Finnish accounting laws.
  • Logs: kept temporarily for maintenance, usually 30–90 days.

9. Your Rights

Under GDPR, you have the right to:

  • Access your data
  • Correct your data
  • Delete your data (“right to erasure”)
  • Export your data
  • Object to processing
  • File a complaint with your local Data Protection Authority (Tietosuojavaltuutettu in Finland)

To exercise your rights, email support@selkofy.com.

10. Deleting Your Account

You can request deletion of your entire Selkofy account at any time. This will remove:

  • Your email
  • Any stored selections or history
  • Subscription status (local copy)

Financial documents (invoices) remain stored by Stripe for legal compliance.

11. Cookies and Local Storage

Selkofy does not use tracking cookies. The Chrome extension uses local storage to store settings and recent history. This is essential for the service to function and does not require cookie-consent banners.

12. Changes to This Policy

We may update this Privacy Policy. Significant changes will be communicated via email or via the website.