Skip to main content

Tampere, Finland

Signal: @turva.19

info@turva.dev

  
Privacy Policy


Updated: 11.4.2026

This privacy policy describes how turva.dev processes personal data on the website turva.dev.

I do not collect personal data or other information for advertising or behavioral tracking, even without a GPC signal.

1) Data Controller


turva.dev has been registered with the trade register, and the company is officially listed under the name turva.dev. This makes our operations easily verifiable and provides clients with additional assurance that a legitimate, registered company is behind the service.


It is important to me that services related to information security and privacy are based on trust, clarity, and transparency. For this reason, I also want the company's information to be openly accessible.


2) What data I collect (minimum)


  • I only collect data that is necessary for contacts, service delivery, and information security

2.1 Contact form / messages

When you send a message via the form or by email, I typically process:

  • Name (if you provide it)
  • Email address (needed to reply)
  • Phone number (only if you provide it)
  • Message content (the information you write yourself)


2.2 Technical logs (security and functionality)

To deliver the service and prevent abuse, server/proxy logs may be generated, such as:

  • IP address
  • Time of requests
  • Requested page/address
  • Browser/device and protocol information (e.g., user agent)


In storing log data, I follow the principle of minimization and delete the data when it is no longer needed.

3) For what purposes do I use the data and what is the legal basis for processing

I process personal data for the following purposes:

  • Responding to contacts and providing the service
  • Legal basis: legitimate interest (customer service and responding to contacts) and/or preparation/execution of a contract (when you request an offer or service)
  • Information security, prevention of abuse, and service functionality
  • Legal basis: legitimate interest


If I ever ask for consent (e.g., for non-essential cookies), I am able to demonstrate the consent given and that the consent meets the requirements.

4) Cookies and tracking

  • As a rule, I only use essential cookies/technologies that are necessary for the basic functionality of the site (e.g., security and form operation)
  • I do not use analytics or marketing cookies by default


5) Where is the data obtained from

  • Mainly from you (form, email, Signal)
  • Technical logs are generated automatically when you use the site


6) To whom is data disclosed and who processes it on my behalf

I do not sell personal data or disclose it to third parties for marketing purposes.

However, I use service providers ("processors") that enable the site and communication:

  • Website platform/administrator (Sitejet): may process technical data to provide the site
  • CDN/DDoS protection and DNS (Cloudflare): may process technical data and logs related to web traffic to protect the service. Cloudflare describes its roles as both a data controller and a processor for different data categories (e.g., logs in the processor role)
  • Email (Proton Mail): when you contact me by email or receive a reply, the messages are stored in the email system. Due to the nature of email operation, certain metadata is processable due to email protocol limitations (e.g., sender/recipient, subject, sending/receiving times)


7) Transfers outside the EU/EEA area

  • I strive to minimize transfers outside the EU/EEA area. If the service providers I use transfer data outside the EU/EEA, I use appropriate safeguards (e.g., EU Standard Contractual Clauses) if necessary

8) Retention periods

  • I retain personal data only for as long as is necessary for the purposes of the processing
  • Contacts: typically for as long as handling the matter and possible follow-up communication require (or as required by statutory obligations)
  • Logs: a short, security-justified period, followed by deletion/anonymization

9) Rights of the data subject


You have rights under the GDPR, such as:

  • The right to access your data and receive a copy of it
  • The right to rectify incorrect data
  • The right to have data erased in certain situations
  • The right to object to or restrict processing in certain situations
  • The right to lodge a complaint with a supervisory authority


10) Supervisory Authority


  • In Finland, the supervisory authority is the Office of the Data Protection Ombudsman
  • If you believe that your personal data has been processed unlawfully, you can lodge a complaint with the supervisory authority


11) Data Security

  • I protect the data with appropriate technical and organizational measures (e.g., access control, encrypted connections, minimization principle)

12) Changes to this privacy policy

  • I may update this policy. The current version is always available on this page