Privacy Policy

This Privacy Policy explains how Skycode Oy processes personal data in connection with the SkyPlanner website, sales and support communications, user accounts and the SkyPlanner SaaS service.

1. Who We Are

SkyPlanner is operated by Skycode Oy, a Finnish company. In this Policy, “SkyPlanner”, “Skycode”, “we”, “us” and “our” refer to Skycode Oy in relation to the SkyPlanner website and services.

This Policy applies when you visit skyplanner.ai, contact us, request a demo, receive marketing or service communications, use a trial or account, or otherwise interact with SkyPlanner.

2. Our Role: Controller and Processor

For website visits, sales, marketing, billing, account administration, support, security and our own business operations, Skycode Oy usually acts as the data controller because we decide why and how that personal data is processed.

For personal data that a customer or its users upload, connect, create or process inside SkyPlanner for the customer’s own business purposes (“Customer Data”), the customer is usually the data controller and Skycode acts as a data processor. We process Customer Data on the customer’s documented instructions and under the applicable customer agreement or data processing agreement (“DPA”).

3. Personal Data We Process

The personal data we process depends on how you interact with SkyPlanner.

• Website, sales and marketing data: name, business email address, company, role, phone number, country or region, form messages, communication preferences, event or campaign information, IP address, device and browser information, pages visited, referrer information and cookie or analytics identifiers.
• Account and user data: name, business email address, organisation, role, permissions, authentication identifiers, login and session data, security logs, user settings, support requests and communications with us.
• Billing and contract data: customer contact details, invoice details, subscription and order information, payment status, business ID or VAT information, and records needed for accounting, tax, contract management and dispute handling.
• Customer Data in SkyPlanner: production planning data configured by the customer, such as orders, products, process steps, workstations, capacity, priorities, materials, stock data, time logs, user names, roles, departments, shifts, absence or leave information, audit logs and, depending on configuration, customer or supplier contact information.
• Integrated services: if you sign in or connect SkyPlanner using Microsoft, Google or another identity provider or integration, we process the identifiers and metadata needed for authentication, authorisation and service delivery, such as name, email address, organisation, user ID and authentication metadata.

We ask customers not to upload special categories of personal data, children’s data or other sensitive personal data into SkyPlanner unless this is necessary for the customer’s lawful use case and covered by the applicable agreement.

We may receive business contact and account information directly from you, from the customer organisation you represent, from partners or resellers, from events or other business interactions, from publicly available business sources, or from integrated services selected by you or the customer. Where Customer Data relates to individuals who are not our direct users, the customer is responsible for providing any required privacy notices to those individuals.

4. How We Use Personal Data

We use personal data only where we have a lawful reason to do so. Under the EU General Data Protection Regulation (“GDPR”), our usual legal bases are contract, legitimate interest, legal obligation and, where required, consent.

• Provide and operate SkyPlanner: accounts, authentication, user permissions, service delivery, customer support and troubleshooting. The typical legal basis is contract and legitimate interest. Customer Data is processed on customer instructions.
• Secure and maintain the service: logs, monitoring data, abuse prevention, access controls, backups, incident response and fraud prevention. The typical legal basis is legitimate interest and legal obligation.
• Sales, administration and billing: demo requests, proposals, subscriptions, invoicing, accounting, tax and contract management. The typical legal basis is contract, legal obligation and legitimate interest.
• Marketing and communications: business-to-business updates, newsletters, event invitations and follow-up communications. The typical legal basis is legitimate interest or consent where required by law.
• Website analytics and improvement: understanding how visitors use our website and improving content, usability and performance. The typical legal basis is consent for non-essential cookies where required, and legitimate interest for strictly necessary operations.

If you do not provide personal data that is needed for an account, support request, demo request, billing process or contract, we may not be able to provide the requested service, respond to your request or enter into or perform the relevant agreement.

5. Customer Data and the DPA

SkyPlanner is a B2B SaaS service. Our customers decide what Customer Data they enter into the service, who may access it and for what business purpose it is processed. Customers are responsible for giving any required notices to their own employees, contractors, customers, suppliers or other individuals whose personal data they process through SkyPlanner.

Where Skycode acts as processor, we process Customer Data only to provide, secure, maintain and support SkyPlanner, or as otherwise documented in the applicable agreement or DPA. A DPA is available for customers where required and covers processing details, technical and organisational safeguards, subprocessors, breach notification, assistance and deletion or return of Customer Data.

Skycode does not sell Customer Data. We do not use Customer Data for interest-based advertising or reseller marketing.

We may work with partners and resellers for ordinary B2B sales, implementation and customer relationship purposes. These activities use relevant business contact and account information, not Customer Data from the SkyPlanner service, unless the customer has instructed or authorised the specific use.

6. Hosting, International Operations and Data Transfers

SkyPlanner is a global SaaS service. Our standard cloud deployment for customers requiring EU data residency is hosted in the EU/Germany region. Customer-specific deployments may use another agreed hosting provider or region where this is documented in the applicable customer agreement, order form or DPA.

Because we operate internationally and use service providers, personal data may be processed in countries other than the country where you are located. Where personal data is transferred outside the European Economic Area, we use safeguards required by applicable data protection law, such as adequacy decisions, Standard Contractual Clauses or equivalent lawful transfer mechanisms. We do not rely on a general website consent as the main basis for routine international transfers of Customer Data.

7. AI, Scheduling and Product Improvement

SkyPlanner’s core scheduling engine, Arcturus, is Skycode’s own scheduling engine. It calculates schedules from the customer’s configured production data, rules, routings, durations, capacity, priorities, materials and constraints. It is not a general-purpose language model.

Customer production data is not used to train models for other customers unless this is separately agreed in writing. We may use anonymised or aggregated operational information to improve SkyPlanner where individual customers, users or other people cannot reasonably be identified, unless a different arrangement is agreed with a customer.

If a separate optional AI assistant, language-model based add-on or other third-party AI dependency is used, the relevant dependency and privacy terms are disclosed before that module is enabled where required.

We do not use website, sales, account or support data for solely automated decisions that produce legal effects or similarly significant effects on individuals within the meaning of GDPR Article 22. SkyPlanner scheduling is an operational planning tool configured and used by the customer, not an automated legal or employment decision-maker operated by Skycode for its own purposes.

8. Cookies, Analytics and Marketing

We use cookies and similar technologies to operate the website, remember choices, understand website performance and, where permitted, measure marketing. Strictly necessary cookies are used to provide requested website functionality. Analytics and marketing cookies are used only where permitted by applicable law and, where required, based on your consent.

We may use analytics tools, such as Google Analytics or similar services, to understand aggregate website usage. We do not use Customer Data from the SkyPlanner service for interest-based advertising.

You can manage cookies through our cookie banner or your browser settings where available. Blocking some cookies may affect website functionality.

Where direct marketing or optional cookies are based on consent, you may withdraw that consent at any time. Withdrawal does not affect processing carried out before the withdrawal.

9. When We Share Personal Data

We share personal data only where necessary for the purposes described in this Policy, where required by law or where you or the relevant customer has authorised the sharing.

• Service providers and subprocessors: infrastructure, hosting, security, monitoring, analytics, email, customer relationship management, billing, support and other providers that help us operate SkyPlanner.
• Integrations selected by the customer: identity providers, ERP, MES, calendar or other systems connected to SkyPlanner by or for the customer.
• Professional advisers: accountants, auditors, lawyers, insurers and other advisers where needed for ordinary business, compliance or dispute handling.
• Authorities and legal requests: where we are legally required to respond or where disclosure is necessary to protect our rights, users, customers or the security of the service.
• Business transactions: if Skycode is involved in a merger, acquisition, financing, restructuring or sale of business assets, personal data may be transferred as part of that transaction subject to appropriate safeguards.

Where we use subprocessors for Customer Data, we require them to protect the data and use it only for the services they provide to us. Customer-specific subprocessor authorisation, notice and objection procedures are handled in the applicable DPA or customer agreement.

10. Security

We use technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures may include encrypted HTTPS/TLS connections, access controls, authentication controls, role-based permissions, backups, logging, monitoring and internal confidentiality practices.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to maintain appropriate safeguards for the nature of the data and the risks involved. If we become aware of a personal data breach, we will notify affected customers, individuals and regulators as required by applicable law and the applicable agreement.

11. Retention and Deletion

We keep personal data only for as long as needed for the purposes described in this Policy, unless a longer retention period is required or permitted by law, contract or legitimate business need.

• Website, marketing and sales data is kept for as long as needed to manage the relationship, respond to requests, improve our website and respect opt-out choices.
• Account and user data is generally kept while the relevant account or subscription is active and for a reasonable period after that for security, support, legal and administrative purposes.
• Customer operational data is generally kept while the subscription is active. Unless otherwise agreed, Customer Data is deleted or anonymised within 90 days after cancellation or termination.
• Security and audit logs are generally retained for 12 months unless a different period is needed for security, legal or customer-agreed reasons.
• Backups are generally kept on a rolling basis for 30 days unless otherwise agreed or required for security or continuity.
• Billing information is retained for the period required by Finnish accounting and tax laws. Contract and legal records may be retained for the period needed to establish, exercise or defend legal claims.

Customer-specific export, deletion, deletion confirmation or audit evidence is handled under the applicable agreement or DPA.

12. Your Choices and Rights

Depending on your location and the applicable law, you may have the right to request access to your personal data, correction, deletion, restriction, objection, portability and withdrawal of consent. You may also have the right to lodge a complaint with a data protection authority.

If your request concerns personal data processed by Skycode as controller, contact us at [email protected]. If your request concerns Customer Data processed in SkyPlanner on behalf of one of our customers, please contact that customer directly. We will assist the customer with such requests as required by the applicable DPA and law.

We respond to privacy requests within the time limits required by applicable law. We may need to verify your identity before acting on a request. If a request is manifestly unfounded or excessive, we may handle it as permitted by applicable law.

You can unsubscribe from marketing emails by using the unsubscribe link in the email or by contacting us. Even if you opt out of marketing, we may still send service, security, billing and administrative communications where necessary.

13. Third-Party Websites and Services

Our website and service may contain links to third-party websites or connect with third-party services selected by you or the customer. Those third parties process personal data under their own terms and privacy notices. We are not responsible for the privacy or security practices of third-party services that we do not control.

14. Children

SkyPlanner is a business-to-business service and is not intended for children. We do not knowingly collect personal data from children through the website or service for our own purposes.

15. Changes to This Policy

We may update this Policy from time to time to reflect changes in our service, operations or legal requirements. The latest version will be published on our website with an updated date. Material changes affecting Customer Data processing are handled as required under the applicable customer agreement or DPA.

16. Contact Us

If you have questions about this Policy or how Skycode processes personal data, contact us at:

Unless a separate data protection officer contact is published or agreed with you, privacy-related questions should be sent to the contact details below.

Skycode Oy
Rantakatu 2 G (11th floor)
65100 Vaasa, Finland
Email: [email protected]
Phone: +358 40 700 0002