Privacy Policy

Update information

This privacy policy was created on May 18th, 2018. The most recent update was March 30th, 2022.

Who we are

Our website address is: The site is operated by Painava sana oy from Tampere, Finland, with the Finnish corporate ID FI24906069.

What personal data we collect and why we collect it

Registered users

For registered users and Relevanssi Premium customers, we collect the following information:

  • email address
  • first login IP address
  • latest login IP address
  • first and last name
  • profile picture
  • license type, transaction ID and purchase date

Most of this information is provided by the user. Transaction ID is provided by our payment processor Paddle, and the profile picture comes from Gravatar.

This information is stored in the WordPress user registry. Our servers are located in Finland and our hosting provider follows all GDPR standards.

This information is used to keep track of customer licenses. Email addresses are used to send information about new releases of Relevanssi Premium and other essential product information. The customers have the right to unsubscribe from the mailing list.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact forms

There are two different contact forms on the site. The generic contact form forwards the messages to our email address. The messages remain in our email account for indefinite time. The email addresses are not systematically collected or used for marketing purposes.

The customer support form for paying customers forwards the messages to Zendesk, which operates our customer support ticketing system. Zendesk privacy policy is available here.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Our complete cookie declaration can be found here.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


We use Google Analytics to collect data about our visitors. For more information about that, see How Google uses data when you use our partners’ sites or apps.

Our hosting provider Seravo oy collects typical web server use logs, which include IP addresses of each visitor to the site.

We also use Stats from Jetpack. They collect IP address, user ID (if logged in), username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. We do not have access to any of this information via this feature. For example, we can see that a specific post has 285 views, but we cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature. Stats track post and page views, video plays (if videos are hosted by, outbound link clicks, referring URLs and search engine terms, and country. Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.). Tracking honors the DNT (Do Not Track) setting from the user.


To initiate and process subscriptions to posts, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.

Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.

Who we share your data with

We do not share your personal information with third parties without your consent other than:

  • With third parties who work on our behalf provided such third parties adhere to the data protection principles set out in the European Union Directive and/or Regulation on Data Protection or other applicable legislation, or enter into a written agreement with Painava sana oy requiring that the third party provide at least the same level of privacy protection as is required by such Principles;
  • To comply with laws or to respond to lawful requests and legal process (provided that Painava sana oy will endeavour to notify you if Painava sana oy has received a lawful request for your information);
  • To protect the rights and property of Painava sana oy, our agents, customers and others including to enforce our agreements, policies and terms of use;
  • In an emergency, including to protect the personal safety of any person; and
  • For the purposes of a business deal (or negotiation of a business deal) involving sale or transfer of all or a part of our business or assets (business deals may include, for example, any merger, financing, acquisition, divestiture or bankruptcy transaction or proceeding).

When you post a comment, some information is shared with Akismet. Akismet collects information about visitors who comment on Sites that use the Akismet anti-spam service. The information Akismet collects depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Your contact information

For any inquiries, contact Mikko Saari at

Additional information

How we protect your data

Access to the site is protected by strong passwords and careful control over who gets to access the site. The site itself is protected by various state-of-the-art security measures implemented by our hosting provider.

What data breach procedures we have in place

We monitor the security of our servers and will act immediately, if any irregularities are observed.

What third parties we receive data from

When you purchase a license, the payment is handled by our payment processor Paddle, who will then inform us that a successful transaction is done. This information includes a transaction ID and your email address to identify you, but no other information is passed. Here’s Paddle privacy policy.

What automated decision making and/or profiling we do with user data

No automated decision making or profiling is done with the user data.