← Back home

Privacy Policy

Effective:
21 May 2026
Version:
1.0

This policy explains how WeldPeak Oy processes personal data both on the weldpeak.io website and in the WeldPeak cloud service (app.weldpeak.io).

1. Data controller

WeldPeak Oy, Finland Email: info@weldpeak.io

Data protection officer: Aleksi Souru aleksi.souru@weldpeak.io

2. What data we process and why

2.1 weldpeak.io website visitors

When you browse the weldpeak.io website:

  • Data processed: IP address, browser type, operating system, time of visit, and referring page (standard HTTP request logs)
  • Purpose of processing: maintaining the operation and security of the website (including DDoS protection)
  • Legal basis: legitimate interest of the controller (GDPR Art. 6(1)(f))
  • Retention period: logs kept for a maximum of 30 days

2.2 Contact enquiries and requests for quotes

When you contact us by email (info@weldpeak.io) or via the website:

  • Data processed: name, email address, company (optional), message content
  • Purpose of processing: communication, handling of quote requests, and starting a customer relationship
  • Legal basis: steps prior to entering into a contract (GDPR Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f))
  • Retention period: up to 2 years from the last contact, unless an active customer relationship requires longer retention

2.3 WeldPeak cloud service users

When you use the application at app.weldpeak.io, personal data is processed on behalf of your employer (the customer organisation). The customer organisation acts as the data controller and WeldPeak Oy as the processor under the Agreement and its annexed Data Processing Agreement (DPA, Part C of the Terms).

Personal data typically processed in the cloud service includes:

  • User’s name, email address, job title, and welding qualifications (IWE, IWS, IWT, FROSIO, etc.)
  • Welders’ and operators’ identification, training, and qualification data
  • Data related to qualification certificates, photographs of welds, electronic signatures
  • Audit log entries of actions performed

If you are an employee of a customer organisation and wish to exercise your rights regarding personal data, please contact your employer (the data controller) first. WeldPeak will assist your employer in fulfilling those rights.

3. Whom we disclose data to

WeldPeak Oy does not sell or rent personal data. Data is disclosed only:

Sub-processors

We use the following technical sub-processors to deliver our service:

Sub-processorPurposeLocation
Supabase Inc.Database platform, authenticationEU
Cloudflare, Inc.Web hosting, CDN, DDoS protectionGlobal
Zoho CorporationEmail (SMTP)EU
Sentry (Functional Software Inc.)Error monitoringUS

Authorities

Data may be disclosed to authorities if required by law.

4. Transfers outside the EU

Some of our sub-processors operate servers partly outside the EU (Cloudflare and Sentry). Transfers outside the EU are made under the Standard Contractual Clauses (SCC) adopted by the European Commission, or under other transfer mechanisms permitted by law.

5. Security measures

We protect personal data with the following technical and organisational measures:

  • Encrypted connections (HTTPS / TLS 1.3)
  • Passwords hashed (bcrypt or equivalent)
  • Access control and role-based permissions (Row-Level Security, RLS)
  • Daily database backups (point-in-time recovery 7 days back)
  • Automated error monitoring (Sentry)
  • Electronic signatures bound to individual user accounts

Access to personal data follows the principle of least privilege — each processor only has access to the data their tasks require.

6. Your rights

You have the following rights under the EU General Data Protection Regulation (GDPR):

  • Right of access — the right to know what data we process about you
  • Right to rectification — correction of inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”) in certain situations
  • Right to restriction of processing
  • Right to object — to processing based on legitimate interest
  • Right to data portability — to receive your data in a machine-readable format
  • Right to withdraw consent, if processing is based on consent

To exercise your rights, please contact: support@weldpeak.io

We will respond to your request within one (1) month at the latest. If the request is complex, we may extend that period by a further two (2) months and will notify you of the extension.

7. Right to lodge a complaint

You have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi) if you believe that the processing of your personal data violates data protection law.

8. Cookies

The weldpeak.io website uses only strictly necessary cookies required for the basic functioning of the site. We do not use analytics, advertising, or tracking services without separate notice.

The cloud service (app.weldpeak.io) uses cookies and JWT tokens required to maintain user sessions.

9. Changes to this policy

WeldPeak Oy may update this privacy policy. Material changes will be announced on this page and, where appropriate, by email to data subjects.

The version currently in force is always shown on this page — the version and effective date appear at the top of the policy.

Contact:

WeldPeak Oy Email: info@weldpeak.io Data Protection Officer: aleksi.souru@weldpeak.io