Skip to content

Privacy Policy

Last updated: 2026-03-25

Taiga AI Oy (“Taiga”, “we”, “us”) is the data controller for personal data processed through tai.ga. This policy explains what data we collect, why, how we use it, and your rights under the EU General Data Protection Regulation (GDPR).

Data controller

Taiga AI Oy Business ID: 3607851-2 Lapinlahdenkatu 16 00180 Helsinki, Finland Email: hello@tai.ga

What we collect

We collect two categories of personal data:

  • Analytics data (with your consent): When you accept analytics cookies, we use PostHog to collect pseudonymised usage data — pages visited, time on site, referral source, device type, browser, approximate country, and Core Web Vitals performance metrics (LCP, CLS, INP). PostHog assigns a random identifier stored in your browser’s local storage. We do not collect your name, email, or IP address through analytics.
  • Early-access signup: If you voluntarily submit the signup form, we collect your email address and your preferred contact frequency.

Legal basis for processing

Under GDPR Article 6, we process data on the following bases:

  • Consent (Article 6(1)(a)) — Analytics data is only collected after you actively accept cookies via the consent banner. You can withdraw consent at any time using the “Cookie Settings” link in the footer.
  • Performance of a contract (Article 6(1)(b)) — When you sign up for early access, we process your email to deliver what you requested: updates about Taiga.
  • Legitimate interest (Article 6(1)(f)) — We use aggregated, non-identifying analytics to understand site performance and improve the visitor experience. This does not override your rights, and you can opt out via the consent banner.

Purpose of processing

We process personal data for these specific purposes:

  • Site improvement — Understanding which pages visitors use, where they come from, and how the site performs technically.
  • Early-access communication — Sending you updates about Taiga at the frequency you chose.

We do not build individual profiles, serve targeted advertising, or sell data to third parties.

Third-party recipients

We share personal data only with processors who act on our instructions:

  • PostHog (analytics processor) — EU instance hosted in Frankfurt, Germany. PostHog processes pseudonymised usage data on our behalf. PostHog’s DPA and sub-processors: posthog.com/dpa.
  • Amazon Web Services (infrastructure) — The website is hosted on AWS in eu-central-1 (Frankfurt). Signup email addresses are stored in AWS DynamoDB in the same region.
  • Slack (internal notification) — When someone signs up, a notification containing only the email address is sent to a private Slack channel. No other data is shared.

We do not share data with advertisers, data brokers, or any other third parties.

International data transfers

All personal data is processed and stored within the European Economic Area (EEA). Our analytics processor (PostHog) and infrastructure provider (AWS) both operate from Frankfurt, Germany. We do not transfer personal data outside the EEA.

Cookies and local storage

This site does not use traditional HTTP cookies. If you accept analytics, PostHog stores a pseudonymous identifier in your browser’s local storage to recognise returning visitors. Your consent choice is also stored in local storage. No tracking data is stored if you decline. You can clear all stored data by using the “Cookie Settings” link in the footer, which resets your consent and removes the PostHog identifier.

Data retention

We retain personal data only as long as necessary for its purpose:

  • Analytics data — Retained in PostHog for 12 months, then automatically deleted.
  • Signup email addresses — Retained for 24 months from the date of signup. After this period, we delete your email unless you have become an active customer or explicitly asked us to keep it.
  • Consent records — Stored locally in your browser. Cleared when you reset consent or clear browser data.

Data security

We implement appropriate technical and organisational measures to protect your data: all data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production systems is restricted to authorised personnel via IAM roles with least-privilege policies. The website is served through CloudFront with security headers including HSTS, Content Security Policy, and X-Frame-Options.

Your rights under GDPR

You have the following rights regarding your personal data:

  • Right of access — Request a copy of the personal data we hold about you.
  • Right to rectification — Ask us to correct inaccurate data.
  • Right to erasure — Ask us to delete your personal data.
  • Right to restriction — Ask us to limit how we process your data.
  • Right to data portability — Receive your data in a structured, machine-readable format.
  • Right to object — Object to processing based on legitimate interest.
  • Right to withdraw consent — Withdraw analytics consent at any time via the “Cookie Settings” link. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, email us at hello@tai.ga. We will respond within 30 days.

Right to lodge a complaint

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) Visiting address: Lintulahdenkuja 4, 00530 Helsinki Postal address: PO Box 800, 00531 Helsinki Email: tietosuoja@om.fi Website: tietosuoja.fi

Automated decision-making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

Changes to this policy

If we materially change how we process personal data, we will update this page, change the “last updated” date, and reset your consent choice so you can review and decide again.

Contact

For any questions about this privacy policy or how we handle your data, contact us at hello@tai.ga