Skip to main content

Privacy policy

 Privacy Policy

When you use our services, you provide us with personal data. This Privacy Policy outlines what information we collect, our legal basis for processing it, and your rights under the General Data Protection Regulation (GDPR) and the Digital Services Act (DSA). Read this carefully before using our services.

This service is intended for users located in the European Union and European Economic Area only.

Data Controller

Controller: Youlearn it Oy
Address: Kauppatie 8, Tuusula, Finland
Email: info@youlearn.fi

Data Protection Officer
We have not appointed a Data Protection Officer under Article 37 GDPR, as we are not legally required to do so. All data protection and privacy-related inquiries are handled directly by our management team using the contact details above.

Summary of Processing and Legal Bases

Performance of a Contract (Article 6(1)(b))

Processing is necessary to provide our social media services and to fulfill our contractual obligations to you, including account creation, user interaction, and content hosting.

Legitimate Interests (Article 6(1)(f))

We process certain data to

  • Improve service quality and functionality
  • Personalize user experience within the platform
  • Ensure platform safety through content moderation and technical security
  • Our legitimate interests are balanced against your fundamental rights and freedoms. We only process data that is necessary for these purposes and implement safeguards such as data minimization, access controls, and user rights mechanisms.
Sources of Personal Data

We collect personal data from the following sources

  • Directly from you
    when you register an account, complete your profile, contact support, or post content
  • Automatically
    through technical means when you use the service
  • Third-party services
    only if you voluntarily link your account using “Login with Google” or “Login with LinkedIn”

  Categories of Personal Data

Information You Provide

  • Name and email address
  • Account credentials and consent records
  • Communication history and support messages
  • User-generated content (posts, comments, media)

Providing certain data (such as email address and account credentials) is mandatory to create and maintain an account. Failure to provide required data will prevent account creation or service use.

Information Collected Automatically

  • IP address (anonymized where technically feasible)
  • Usage data (pages viewed, interactions, time spent)
  • Device metadata (operating system, browser version, device type)
  • Cookies and similar technologies

Cookies and Similar Technologies

We use cookies that are strictly necessary for the operation and security of the service (e.g., session management).
Where analytics or non-essential cookies are used, they are only activated with your consent, in accordance with the EU ePrivacy Directive and GDPR. You can manage your cookie preferences via our cookie banner or browser settings.

  AI Content Moderation & DSA

AI-Assisted Moderation

To maintain platform safety, we use automated content moderation systems based on local, privacy-preserving AI models. These systems are designed and operated in accordance with the EU AI Act, the GDPR, and the Digital Services Act (DSA).

  • Risk Classification
    Our AI moderation system is a limited-risk / non–high-risk system under the EU AI Act. 
    It is used solely to detect potentially prohibited or illegal content and does not involve biometric identification or high-risk use cases.
  • Automation 
    Content moderation decisions may be taken automatically by the system.
  • Human Oversight
    Human review is not performed by default. Human moderation occurs:
    • When a user appeals an automated moderation decision, or
    • When content is reported by other users under our content reporting procedure.
  • No Automated Legal or Significant Effects
    Automated moderation does not produce legal effects or similarly significant effects within the meaning of Article 22 GDPR. Users are always able to challenge decisions and obtain human review.
  • Processing Location
    All moderation processing is performed on servers located within the European Union.
  • No Profiling
    We do not use AI systems to create behavioral profiles, target advertising, or make decisions unrelated to content moderation.

 

DSA User Rights

In accordance with the Digital Services Act:

  • Notice and Action 
    Any user may report illegal content using our reporting tool
  • Statement of Reasons 
    We provide reasons for content removal or account restrictions
  • Internal Complaint Handling
    You may appeal moderation decisions within 6 months of the action

 Disclosure to Third Parties

We do not sell personal data.

Personal data is shared only with essential service providers acting as data processors under Article 28 GDPR (e.g., hosting and email delivery), based on signed Data Processing Agreements.

Content Delivery Network (CDN)

We use Bunny.net (Slovenia) as our CDN provider. Bunny.net acts as a data processor.  All processing remains within the EU/EEA.

No personal data is transferred outside the EU/EEA.

Data Subject Rights

  • You have the following rights under GDPR

  • Right of Access and Data Portability
    Download your data from your account’s “Data Privacy” section
  • Right to Rectification
    Update or correct your information via account settings
  • Right to Erasure (Right to be Forgotten)
    Delete your account, triggering deletion of personal data
  • Right to Object
    Object to processing based on legitimate interests
  • Right to Withdraw Consent
    Withdraw consent for optional features at any time
  • Right to Lodge a Complaint
    Finnish Data Protection Ombudsman tietosuoja.fi

Data retention

We retain personal data for as long as your account remains active.

When you delete your account

  • Personal data is removed from active systems
  • Backup copies are deleted according to a rolling retention schedule 
    (typically within 30 days)
  • Public comments may be anonymized instead of deleted to preserve discussion integrity, based on legitimate interest

  Information Security

We apply appropriate technical and organizational measures, including:

  • SSL/TLS encryption
  • Access controls and least-privilege principles
  • Regular backups and system monitoring

Our platform architecture emphasizes transparency and security resilience.

 

Contact

Registrar: Youlearn it Oy, Finland
Last modified: 14.01.2026

For privacy-related questions or requests, please use our contact form or email us at info@youlearn.fi