← Back to JunoIQ

Privacy Policy

Effective date: 5 June 2026 Last updated: 5 June 2026

JunoIQ Oy ("JunoIQ", "we", "us", or "our") is a Finnish technology company providing a B2B SaaS platform for sustainability validation and intelligence in the fashion and retail sector. This Privacy Policy explains what personal data we collect, how we use it, the legal bases on which we rely, and the rights you have over your data.

This policy applies to our website, our platform, and related services (together, the "Services"). It is written to meet our obligations under the EU General Data Protection Regulation (GDPR) and applicable national data protection law.

This policy covers personal data. We also process publicly available, corporate sustainability information (sustainability reports, ESG disclosures, certifications, public commitments). That information is corporate in nature and is described in Section 4 below.

1. Who we are

JunoIQ Oy is the data controller for personal data processed in connection with our website, marketing, and our own platform accounts. Where we process personal data on behalf of a customer (a retailer or brand) under their instructions, that customer is the data controller and JunoIQ acts as a data processor.

If you have any questions about this policy or how we handle your data, contact us at hello@junoiq.com.

2. Who this policy applies to

We process limited personal data relating to:

  • Retailer employees who use the platform
  • Brand representatives who use the platform
  • Visitors to our website
  • People who contact us or sign up for updates

We do not process consumer transactional data, payment card data, or special category (sensitive) personal data such as health or biometric data.

3. Personal data we collect

Depending on how you interact with us, we may process:

  • Identity and contact data — name, work email address, job title, and organisation name
  • Account data — account credentials (passwords are stored hashed; authentication tokens)
  • Usage and log data — platform usage metadata, device and browser information, and security logs
  • Support communications — messages and information you submit when you contact us
  • Website analytics data — see Section 7 (Cookies and analytics)

We collect this data directly from you when you create an account, use the Services, contact us, or visit our website.

4. Publicly available sustainability data

Our platform analyses sustainability-related information that brands and retailers have published, including sustainability reports, corporate responsibility and ESG disclosures, publicly listed certifications, regulatory disclosures, public commitments, press releases, and website content.

This information is publicly available, published voluntarily by the relevant organisations, corporate in nature, and not consumer personal data. Where an individual's name appears in such material (for example, a CEO statement in a sustainability report), that reference is incidental to a corporate disclosure and is not used to profile or analyse the behaviour of any individual.

We do not scrape private accounts, bypass technical access controls, or collect data from non-public sources.

5. How and why we use your data

We use personal data to:

  • Create and administer accounts and authenticate users
  • Provide, operate, and improve the Services
  • Respond to support requests and communicate with you
  • Monitor for security threats and prevent fraud
  • Carry out service-improvement analytics
  • Meet our legal and regulatory obligations

We do not use AI to make automated decisions about individuals, to profile individuals, for credit scoring, or for behavioural targeting. Where we use AI to extract and structure sustainability information, all validation outputs are subject to human review before being finalised in the platform.

6. Legal bases for processing

We rely on the following legal bases under Article 6 GDPR:

  • Contractual necessity (Art. 6(1)(b)) — to provide the Services to retailer and brand customers.
  • Legitimate interests (Art. 6(1)(f)) — for platform analytics, security monitoring, and processing publicly available corporate sustainability information to deliver our intelligence services. We balance these interests against your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)) — where we are required to process data to comply with the law.

7. Cookies and analytics

Our website and platform use cookies and similar technologies for essential functionality, security, and to understand how the Services are used. We use PostHog (operated in the UK by Hiberly Ltd., registered with the ICO) for product analytics. You can control non-essential cookies through your browser settings or any cookie controls we provide.

8. Sharing and subprocessors

We do not sell your personal data. We share data only with service providers (subprocessors) who process it on our behalf under GDPR-compliant terms, including:

  • Amazon Web Services (AWS EMEA SARL) — cloud infrastructure and hosting
  • Google Ireland Limited — email delivery
  • PostHog (Hiberly Ltd.) — product analytics

We may also disclose data where required by law or to protect our legal rights.

9. Where your data is stored

We host our platform on Amazon Web Services in the eu-west-2 (London) region, with data residency in the European Union / European Economic Area. Data is encrypted in transit (TLS 1.2+) and at rest on managed databases. Where any transfer outside the EEA is necessary, we put appropriate safeguards in place (such as Standard Contractual Clauses).

10. How long we keep your data

  • Customer account data is retained for the duration of the contractual relationship.
  • On termination, data is deleted within 90 days unless we are legally required to retain it.
  • Backups follow managed retention policies and are automatically purged.
  • Log data is retained for a limited period for security monitoring.

You may request earlier deletion where appropriate (see Section 11).

11. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected (rectification)
  • Have your data erased
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at hello@junoiq.com. We will respond within the statutory timeframes. You also have the right to lodge a complaint with your local data protection authority — in Finland, the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).

12. How we protect your data

We apply appropriate technical and organisational measures, including role-based access control, multi-tenant logical separation, encryption in transit and at rest, audit logging, change management controls, regular security patching, and least-privilege access. We maintain an incident response process and, in the event of a personal data breach, will notify affected customers and the relevant authority where required (within 72 hours where applicable).

For a fuller description of our security and compliance posture — including subprocessor terms, controller/processor roles, AI governance, and breach handling — see our Data Protection & GDPR Compliance Overview, available on request.

13. Children

The Services are intended for business users and are not directed at children. We do not knowingly collect personal data from children.

14. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by notifying you directly.

15. Contact us

JunoIQ Oy Email: hello@junoiq.com

For data protection enquiries, please mark your message "Privacy / Data Protection".