Sign inRegister
Legal

Privacy Notice

This page is provided for convenience and may be updated over time.

Privacy Notice (GDPR)

This notice is intended for Finland/EU users.

1. Controller

Controller: Lingonberry Island Ltd. Business ID: FI2912630-1 Address: Niittaajankatu 8B D23, FIN-00810 Helsinki, Finland Contact email: info@lingonberryisland.com

If you have questions about this notice or our processing, contact us at the email above.

2. Scope

This notice explains how we process personal data when you:

  • Use the Callersapp CRM web app or related services.
  • Visit our marketing website or contact us for support.
  • Connect third-party services (for example, Gmail integration).

This notice is product-only. For Lingonberry Island Ltd.'s general privacy notice (its own business/customer relationship processing), see https://www.lingonberryisland.com/s/Lingonberry-Island-OY-GDPR-5ypj.pdf.

3. Data we process

We process the following categories of personal data:

  • Account and profile data: name, email address, authentication identifiers, workspace membership, roles, and optional profile details.
  • Workspace content: contacts, notes, call lists, tags, and other customer-entered data stored in a workspace.
  • Email integration data (if enabled): Gmail account identifiers, message metadata, and optionally message bodies/snippets depending on workspace settings.
  • AI processing data (if enabled): text inputs such as email content/snippets and metadata that you configure the service to send to an AI provider.
  • Usage and device data: IP address, browser type, device identifiers, and telemetry related to feature usage and performance.
  • Billing data: billing contact details, Stripe customer IDs, subscription status, invoices, and payment status (we do not store full card details).
  • Support and communications: messages sent to support or sales and related metadata.

4. Sources of data

We collect data:

  • Directly from you or your organization.
  • From configured identity providers (Firebase Authentication).
  • From connected third-party integrations you enable (for example Gmail).
  • From our service infrastructure and logs.

5. Purposes and legal bases

We process personal data for the following purposes:

  • Provide and operate the service (contract performance).
  • Authenticate users and enforce access controls (contract, legitimate interests).
  • Provide support, onboarding, and account management (contract, legitimate interests).
  • Billing, invoicing, and accounting (contract, legal obligations).
  • Security, fraud prevention, and system monitoring (legitimate interests).
  • Product analytics and improvements (legitimate interests; consent where required).
  • Marketing communications (consent or legitimate interests, as applicable).

6. Sharing and recipients

We share personal data with trusted service providers that help us operate the service. These include:

  • Google Cloud and Firebase (hosting, authentication, infrastructure).
  • Google Analytics (product analytics, if enabled).
  • Sentry (error monitoring).
  • Stripe (payments and billing).
  • OpenAI (AI features, if enabled).

See Subprocessor List for details.

7. International transfers

Our service infrastructure is hosted in the EU.

Some providers may process data outside the EEA. Where this occurs, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent transfer mechanisms offered by the provider.

8. Retention

We retain personal data as follows:

Data categoryIntentRetention
Workspace content (contacts, notes, call lists, etc.)Provide the service to the customerWhile the account is active; after termination customers have 30 days to export; workspace content is deleted within 90 days after access ends (subject to backups and legal holds).
Customer relationship and accounting records (e.g., invoices, payments, subscription history, related communications)Operate the customer relationship and accounting10 years.
Support communicationsProvide support and maintain support historyAs long as needed for support history and operational needs.
Logs and backupsSecurity, troubleshooting, and disaster recoveryLimited periods. See Retention and Deletion Policy.

9. Security

We use technical and organizational measures to protect data, including:

  • TLS encryption in transit.
  • Access controls and workspace isolation with Firebase authentication claims.
  • Encryption of Gmail OAuth tokens at rest in production.
  • Audit logging and monitoring to detect misuse and security incidents.

See Security and TOMs Overview for details.

10. Your rights

Under GDPR, you have the right to:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request deletion (erasure) in certain circumstances.
  • Restrict or object to processing in certain circumstances.
  • Receive a copy of your data (data portability).
  • Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at info@lingonberryisland.com.

You also have the right to lodge a complaint with the Finnish Data Protection Authority (Office of the Data Protection Ombudsman).

11. Cookies and analytics

We use cookies or similar technologies as described in Cookie Notice. Where required by law, analytics cookies are only loaded after consent.

12. Children's data

The service is not intended for children under 18. We do not knowingly collect personal data from children.

13. Changes to this notice

We may update this notice from time to time. If changes are material, we will notify users through the service or via email.