Privacy Policy

Last updated: 23 June 2025

  • Operated by: Aito Software Oy, a company registered in Finland (Business ID: 2401943-5)
  • Contact: privacy@searchkit.com

1. Data We Collect

We collect two types of data:

  • Account, communication, and usage data — This includes your name, email address, login credentials (such as passkeys), support messages, mailing list subscriptions, site usage patterns, and analytics. It may also include contact details you provide for demos, sales outreach, or onboarding. This data helps us operate and improve the service, and communicate with you.
  • Indexed content — If you connect SearchKit to external sources (like messaging platforms, cloud storage services, or websites), you control what is indexed. We process this data only on your behalf and do not use it for our own purposes.

2. Why We Process Your Data

We process data to:

  • Operate and improve the SearchKit service
  • Provide customer support and communicate about access, updates, and features
  • Secure and maintain a reliable, performant service
  • Understand how the product is used (in anonymized or aggregated form where possible)
  • Conduct sales and marketing activities directed at business users, based on aggregated and account-level usage data and interactions with the Service.

Legal basis for processing:

  • Consent — for mailing list subscriptions or where otherwise legally required
  • Legitimate interests — for core service functionality, product improvement, analytics, support, and account-level usage analysis for product improvement and business-to-business marketing purposes, in line with applicable data protection laws

You can manage marketing communication preferences in your account settings.

We may use limited automated processing to suggest features, highlight integrations, and tailor in-product recommendations. We do not use automated decision-making that produces legal or similarly significant effects.

We do not perform cross-service tracking, third-party data enrichment, or behavioral advertising.

You have the right to object at any time to processing of your personal data for direct marketing purposes. Where you object, we will cease processing your data for such purposes.

3. Data Sharing & Subprocessors

We do not sell personal data. We disclose personal data to service providers and subprocessors only as needed to provide the Service, under contract.

We engage trusted subprocessors to help deliver the SearchKit service. These subprocessors only access data to the extent necessary and operate under strict data protection agreements.

The authoritative list of subprocessors is available at /legal/subprocessors.

Current Subprocessors:

  • Hetzner GmbH — Hosting provider (EU region)
  • Scaleway — Hosting provider (EU region)
  • Amazon Web Services, Inc. (AWS) — Hosting provider used only for customers selecting U.S.-based hosting or for region-specific infrastructure services.
  • Zoner Oy — Website hosting (Finland)
  • Sendinblue SAS (Brevo) — Transactional email and bulk email
  • Hiberly Ltd, UK (PostHog) — Privacy-focused analytics configured to minimise personal data collection.

4. Data Hosting & Transfers

Hosting Regions:

  • EU Region: Data hosted in the EU (Hetzner & Scaleway)
  • U.S. Region: Available for customers who prefer U.S.-based hosting (AWS)

Hosting region is selected during account creation. Region changes require a support request.

Customer Data is processed in the hosting region selected by the Customer, except where limited cross-region processing is required for security, support, backup, or legal compliance purposes.

If personal data is transferred internationally (e.g., between EU and U.S.), such transfers are protected using safeguards compliant with GDPR, including Standard Contractual Clauses (SCCs).

When you use SearchKit to index your own data sources, you act as the data controller. Aito Software Oy acts as your data processor, operating solely under your instructions and the applicable Data Processing Agreement (DPA).

5. Data Retention & Deletion

  • You may delete your account and all stored data via self-service tools.
  • Mailing list subscriptions can be cancelled at any time; related data is deleted upon request.
  • Logs and analytics data are retained only as long as necessary for operational and security purposes.
  • Indexed content and Customer Data may be deleted upon account termination or service discontinuation, subject to reasonable technical and operational delays.

6. Your Rights

Depending on your jurisdiction and applicable data protection laws, you may have the right to:

  • Access, correct, or delete your personal data
  • Object to or restrict our processing of your data
  • Request data portability
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with your local data protection authority

Note: These rights may not apply in all regions or under all legal frameworks.

Most privacy-related requests, including marketing preferences, can be handled through your account settings. If you are unable to access your account, you may contact us at privacy@searchkit.com.

7. U.S. Privacy Disclosures

For residents of the United States, and where required by applicable state privacy laws (such as the California Consumer Privacy Act, the Virginia Consumer Data Protection Act, and others):

  • We do not sell your personal data or share it for cross-context behavioral advertising.
  • We collect and use personal information only as described in this Privacy Policy.
  • We disclose personal data to service providers only as needed to provide the Service, under contract.
  • You may have the right to:
    • Request access to your personal data
    • Request deletion of your personal data
    • Request correction of inaccurate information
    • Opt out of certain data uses, such as personalized feature suggestions or marketing (if applicable)
    • Authorize an agent to make requests on your behalf

To exercise any applicable rights, please contact us at privacy@searchkit.com.

SearchKit is intended for use by adults and business users only.

You can also opt out of marketing communications in your account settings.

The Service is not intended for use by individuals under the age of 16.

We do not knowingly collect personal data from children.

8. Updates to This Policy

We may update this policy from time to time. The "last updated" date reflects the latest version. Continued use of the service after changes indicates your acceptance of the updated policy.