Legal
This page covers the terms under which turva.dev operates, the privacy practices of the site, and the default terms for engagements.
Operator
turva.dev is operated by Erik Rekola, Business ID 3600281-7, registered in Finland as a sole proprietorship. VAT-registered.
Contact: info@turva.dev
Terms of engagement
The following terms apply to all engagements (audit, advisory, implementation, agent operations and MCP server design) unless replaced by a written agreement.
Scope. Each engagement has a defined scope agreed in writing before work starts. Scope changes require a new written agreement and may affect price and timeline.
Deliverables. Audit deliverables are a written report. Advisory deliverables are written reviews and a monthly summary. Implementation deliverables are source code committed to the agreed repository.
Payment. Payment terms are fourteen days net. Late payment interest follows Finnish law.
Confidentiality. Information shared during an engagement is treated as confidential. A separate non-disclosure agreement can be signed on request.
Liability. Liability is limited to the value of the engagement. turva.dev is not liable for indirect or consequential damages.
Intellectual property. The client owns the deliverables produced for them. Generic methods, templates and reusable code remain with turva.dev.
Governing law. Finnish law applies. Disputes are resolved in the District Court of Pirkanmaa, Finland.
Privacy
This site does not use analytics cookies, tracking pixels or third-party scripts.
Server logs. The hosting provider (Cloudflare) records standard request logs including IP address, user agent and requested path. Logs are retained according to Cloudflare's standard retention policy.
Email. Email communication is stored in standard email infrastructure for as long as needed to deliver the work and meet accounting obligations under Finnish law (six years for invoice records).
Client data. Data shared by a client during an engagement is stored only on systems necessary to deliver the work, and deleted within thirty days of engagement closure unless retention is required by law.
No data is sold or shared with third parties.
Rights under GDPR
You have the right to access, correct or request deletion of personal data held about you. Send the request to info@turva.dev.
The supervisory authority in Finland is the Data Protection Ombudsman (tietosuojavaltuutettu.fi).
Cookies
This site sets no cookies of its own. Cloudflare may set cookies required for bot management and security. These are technical cookies and do not require consent under EU law.
Updates
This page is updated when the terms change. The current version applies to engagements started after the date below.
Last updated: 2026-07-04.