Last updated: 1 September 2025
This Privacy Policy explains how Keski‑Suomen Otto ja Pano Oy ("Company," "we," "us") processes personal data when you use FoodLabelAllergenCheck.com and other services in the yourotherai.com family (collectively, the "Service"). We act as data controller for account and website data, and as data processor for Customer Content that you submit to the Service on behalf of your organization (where your organization is the controller). Contact: support@yourotherai.com.
If this Policy conflicts with a signed data processing agreement ("DPA") with your organization, the DPA will prevail for processing performed under it.
Account & Billing Data (Controller). Name, email, organization, billing details, support communications, and usage metadata (e.g., API call counts, timestamps, IP addresses).
Customer Content (Processor). Images, label text, and related material you submit for analysis, and the generated outputs.
Technical Data. Cookies, device information, IP address, browser/OS, referring URLs, and performance metrics.
We do not intend to process special categories of personal data (e.g., health, biometric, sensitive data) or children's data. Do not submit such data unless we have a written agreement permitting it.
As Controller (GDPR Art. 6):
Provide and secure the Service; create and manage accounts; billing and collections (contract performance).
Communicate with you; handle support; notify you of changes (legitimate interests and/or contract).
Improve the Service; prevent fraud/abuse; analytics (legitimate interests).
Comply with legal obligations (legal obligation).
As Processor: we process Customer Content only on documented instructions from the controller (your organization) to provide the Service and as otherwise permitted by the DPA and applicable law.
We share personal data with trusted vendors who provide infrastructure, storage, and AI/LLM/OCR services; and with professional advisors, auditors, and authorities where required by law. We require subprocessors to protect data and use it only to provide services to us. A current list of core subprocessors is available upon request.
We are based in Finland and may transfer data to countries outside the EU/EEA where our vendors operate (including the United States). When we transfer personal data internationally, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), and we assess vendor practices with respect to security and government access.
We use appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, audit logging, and separation of environments. No system is 100% secure. You are responsible for safeguarding API keys and limiting access within your organization.
We retain personal data for as long as necessary to provide the Service and fulfill the purposes described in this Policy, including legal, accounting, or reporting requirements. For Customer Content, retention follows your organization's settings or our DPA; you may request deletion of specific items via support. We may retain aggregated or de‑identified information.
Subject to conditions and exceptions under applicable law, you have the right to request access, rectification, erasure, restriction, and portability of your personal data, and to object to certain processing. Where we rely on consent, you may withdraw it at any time. To exercise rights, contact support@yourotherai.com.
You also have the right to lodge a complaint with your local supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).
We use necessary cookies to operate the site and, with your consent where required, analytics cookies to understand usage and improve the Service. You can manage preferences via your browser or our cookie banner (if present). Blocking cookies may impact functionality.
The Service is not directed to children under 16, and we do not knowingly collect personal data from children. Do not use the Service if you are under the applicable age threshold.
The Service may link to third‑party sites or integrate third‑party services. We are not responsible for their privacy practices. Please review their policies.
Controller: Keski‑Suomen Otto ja Pano Oy (Finland)
Contact: support@yourotherai.com
Postal address: available on request for formal notices.
We may update this Policy from time to time. The updated version will be posted with a revised "Last updated" date. Material changes may be notified via email or in‑product notice. Your continued use after the update constitutes acceptance.
For enterprise customers; full DPA available on request.
Roles. Customer is controller; Company is processor.
Subject‑matter/duration. Processing Customer Content to provide the Service, for the term of your subscription.
Nature and purpose. Hosting, analysis, storage, and delivery of outputs.
Data subjects/categories. As determined by Customer. Avoid special categories.
Security. Appropriate technical/organizational measures as described above.
Subprocessors. Authorized subprocessors listed by Company; Customer may subscribe to change notifications.
Transfers. SCCs where applicable.
Deletion/return. On termination or upon request, delete or return Customer Content, subject to legal retention.
Audits. Company provides information necessary to demonstrate compliance and may facilitate third‑party audits as mutually agreed.