Stelthion Signals

Privacy Notice

Last updated: 9 June 2026

About this notice

Stelthion Oy ("Stelthion", "we", "us") operates Stelthion Signals and all related services (together, "Services"). This notice explains what personal data we collect, why we collect it, and how we handle it. We follow the EU General Data Protection Regulation (GDPR) and Finnish data protection law.

Data we collect

What we collect depends on how you use the Services.

  • Newsletter subscription: we collect only your email address to deliver the newsletter. We also record whether each edition was delivered and when, so we do not send the same edition twice.
  • Account registration: we collect your name, work email address, and password. We derive an approximate location from your IP address to configure regional defaults. We do not collect social media profiles or demographic information unless you choose to provide them.
  • Technical records: our servers in Finland keep an electronic record of how you interact with the Services ("log data") — pages visited, IP address, browser type and version, date and time of requests, and session identifiers. We use this data to operate the Services securely and diagnose problems.

Cookies

We use session cookies to keep you signed in and to protect against cross-site request forgery. We do not use advertising cookies, tracking pixels, or third-party analytics scripts. You can configure your browser to refuse cookies; doing so will prevent you from staying signed in to the Services.

Legal bases and purposes

We process personal data on the following legal bases:

  • Contract: to process your subscription or registration, authenticate you, and deliver the Services you requested.
  • Legitimate interest: to detect abuse and fraud, maintain the security of the Services, diagnose technical problems, and make incremental improvements.
  • Legal obligation: to retain records required by applicable Finnish and EU law.

No advertising, no tracking

We do not use your data for advertising or behavioural profiling. We do not run ad networks, affiliate programmes, or interest-based advertising. We do not use Google Analytics, Meta Pixel, or equivalent third-party tracking services. There is no automated decision-making that produces legal or similarly significant effects on you.

Data residency — European Union only

We are based in Europe. All Services are operated and all personal data is stored within the European Union. We do not transfer personal data to countries outside the EU or EEA. Any provision of the EU AI Act that would require personal data to be transferred to the United States or other non-EU jurisdictions does not apply to our processing.

Service providers

We work with a small number of trusted service providers. Each processes your data only as instructed and only to the extent required to provide their service. We do not sell personal data and do not share it with data brokers, advertisers, or analytics companies.

  • Server hosting and data storage — EU-based provider, Helsinki, Finland
  • Transactional email delivery — data processed under standard contractual clauses, not retained beyond delivery
  • Operator mailbox — provider covered by the EU adequacy framework

Your rights under GDPR

If you reside in the European Union or EEA, you have the right to access, correct, delete, or restrict processing of your personal data, to object to processing based on legitimate interest, and to receive a portable copy of data you provided to us. To exercise any of these rights, email privacy@stelthion.com. We will respond within one month at no charge. You also have the right to lodge a complaint with your national supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman (tietosuoja.fi).

Children

The Services are not directed at persons under the age of 16. We do not knowingly collect personal data from children. If we become aware that we hold such data, we will delete it without delay and, where applicable, close the account.

Retention and deletion

We keep your personal data for as long as your account or subscription is active. When you close your account or unsubscribe, we delete data that no longer serves a clear operational or legal purpose. Certain records — such as delivery logs and security events — may be retained for up to three years to comply with legal obligations or to defend against claims. You may request deletion at any time by emailing privacy@stelthion.com.

Your options

You can update your account details by logging in and editing your profile. You can unsubscribe from the newsletter at any time using the unsubscribe link in any edition or by contacting us. You cannot opt out of essential service messages, such as account security notices.

Changes to this notice

We may update this notice from time to time to reflect changes in our practices or legal requirements. The most current version is always at stelthion.com/privacy. If we make material changes, we will notify you by email or through the Services before the changes take effect. Continued use of the Services after changes are in effect constitutes acceptance of the updated notice.

Contact and data controller

The data controller for the Services is Stelthion Oy, Helsinki, Finland [Y-tunnus: pending]. Privacy enquiries, rights requests, and data protection matters: privacy@stelthion.com.