We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website or interact with us.

1. Who We Are

ByteSauna Oy
Kampinkuja 2
Helsinki, Finland
Email: matias@bytesauna.com

2. Information We Collect

• Contact information — such as your name and email address when you contact us or subscribe to our mailing list.
• Social login data (Auth0) — if you sign in with a third-party account via Auth0, we receive your real name and email address from the chosen provider. We do not receive your password.
• User-generated content — comments you publish on our website, including the display name shown with your comment and the comment content itself.
• Usage data — such as browser type and pages visited (via analytics).
• Cookies — small files used to operate authentication sessions, improve site functionality, and understand usage.
• Network and security logs (Cloudflare) — including IP address, timestamps, requested URLs and headers, user-agent, referrer, and security events (e.g., firewall, bot detection) collected when your traffic passes through our content delivery and security provider.

3. How We Use Your Information

• Respond to inquiries and provide customer support.
• Authenticate and manage user accounts, including social login via Auth0 (e.g., Google, GitHub).
• Enable commenting features, display your chosen name with comments, and facilitate user interaction.
• Maintain and improve website performance and security (including via Cloudflare).
• Analyze site usage to enhance user experience (only after cookie consent).
• Send our newsletter and product updates if you subscribe (you can unsubscribe at any time).
• Operate essential site features, such as remembering that you have already subscribed so we don’t show the subscription modal again.
• Comply with legal obligations.

4. Legal Basis for Processing

• Contract / Legitimate interests — to provide and secure account functionality (authentication via Auth0) and commenting features you request.
• Consent — for analytics cookies and for sending our newsletter when you subscribe (you can withdraw consent at any time).
• Legitimate interests — to keep our site functional and secure (including Cloudflare protection and strictly necessary cookies, such as session and CSRF cookies used for authentication).
• Legal requirements — where applicable.

5. Data Retention

We keep personal data only as long as necessary for the stated purposes or as required by law. Cloudflare security and access logs are retained for up to 30 days unless needed longer to investigate incidents or establish/defend legal claims. Newsletter subscription data is kept until you unsubscribe or we remove inactive subscribers after a longer period (e.g., 24 months of inactivity).

Accounts and comments. Your account data and any comments you have posted are stored until you delete your account. When you delete your account, we permanently remove your profile and all associated comments from our systems.

Backups. Routine encrypted backups of our systems may temporarily contain deleted user data for operational and disaster recovery purposes. These backups are kept for a limited retention period (typically up to 90 days) and are automatically overwritten in the normal backup cycle. Data in backups is not actively processed and cannot be restored for individual users.

6. Sharing Your Information

We do not sell or rent your data. We may share limited information with service providers and authorities when legally required. All partners must handle data securely and in accordance with GDPR.

• Auth0, Inc. — authentication platform used for social login and session management. When you sign in via a third-party provider (e.g., Google, GitHub), they authenticate your identity and share your real name and email with us.
• Cloudflare, Inc. — content delivery, DDoS protection, and security logging. Traffic to and from our site is routed through Cloudflare’s network.
• MailerLite — our email service provider that manages our mailing list, delivers emails (e.g., double opt-in, unsubscribe), and may collect limited email engagement metrics (e.g., opens, clicks) to help us measure newsletter performance. We only share your email address and subscription preferences with MailerLite.
• Google Analytics — as described below, only after you consent to analytics cookies.

Some providers may process data outside the EU/EEA. Where this occurs, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

7. Your Rights (GDPR)

• Access, correct, or delete your personal data.
• Delete your account yourself at any time, which removes your profile and all associated comments.
• Withdraw consent at any time (e.g., unsubscribe link in every newsletter).
• Object to processing or request data portability.
• File a complaint with the Finnish Data Protection Authority.

8. Cookies and Analytics

We use cookies to improve your browsing experience and analyze website traffic. Analytics cookies (e.g., from Google Analytics) are activated only after you have given consent through our cookie banner. You can manage or disable cookies in your browser settings or withdraw your consent at any time.

We also use strictly necessary cookies for authentication and security (e.g., session and CSRF cookies set by our application and Auth0) and a functional cookie to remember that you have subscribed to our mailing list so that the subscription modal is not displayed again. These cookies do not track you across sites and do not require consent.

9. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), to help us understand how visitors interact with our website. Google Analytics collects usage data such as page views and time spent on pages. IP anonymization is enabled, meaning your IP address is shortened within the EU/EEA before being transmitted to Google. Data is processed only after you give your consent to analytics cookies. For more information, see Google’s Privacy Policy.

10. Newsletter (MailerLite)

If you subscribe to our mailing list, we will use your email address to send you newsletters and product updates via MailerLite. We use double opt-in to confirm your subscription. Each email includes an unsubscribe link. MailerLite may record limited engagement metrics (e.g., email opens and link clicks) to help us understand aggregate performance; you can disable images in your email client to reduce tracking. We will not use your email for other purposes without asking for your consent again.

11. Security and Cloudflare

We use Cloudflare to protect our website from malicious traffic and to improve performance. As part of this service, Cloudflare processes network data (e.g., IP address, request metadata) to detect and prevent abuse, DDoS attacks, and bots. This processing is necessary for the security and availability of our services.

12. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page.

13. Contact

If you have questions about this Privacy Policy or your data, contact us at: matias@bytesauna.com.

14. User Accounts, Social Login, and Comments

You may create an account and sign in using social login via Auth0 (e.g., Google, GitHub). When you do so, we receive your real name and email address from the chosen provider. We use this information solely to create and manage your account and to display your chosen name with comments.

You can delete your account at any time through your account settings. Deleting your account permanently removes your profile and all associated comments from our systems.

Comments you choose to publish are publicly visible to other visitors. Please avoid sharing sensitive information in comments.