Last update at
Moment – Itsellesi (hereafter Moment or the Service Service is an AI-based chat service operating on instant messaging platforms (Telegram, WhatsApp), provided by Itsellesi Oy. The Service aims to offer users personal conversational support for various everyday situations.
This Privacy Statement describes how we collect, use, and protect your personal data in connection with the Service. We process personal data based on: (1) performance of our contract with you (providing the Service), (2) compliance with legal obligations (e.g., tax laws), and (3) our legitimate interests (e.g., improving the Service), provided your rights are not overridden. We handle your data transparently and responsibly, in accordance with applicable laws such as the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and others listed below.
Depending on your location, additional local data protection laws may apply.
The data controller is Itsellesi Oy (Finnish business ID 3118873-9), located at Harjunlahdentie 61, 52510 Hietanen, Finland.
For privacy matters, contact us at
[email protected].We process the following categories of personal data:
We process your data for these purposes:
We retain chat history as long as necessary to provide the Service or until you request deletion, to maintain functionality and improve user experience. Billing information is kept for 7 years to comply with tax laws. Technical logs are retained for 12 months for security purposes. You may request deletion of your data at any time by emailing
[email protected]. We will delete your data as soon as possible after processing your request, typically within 30 days.We create transient database backups during system updates, which are deleted within 30 days of creation. Any other backups are deleted or anonymized during regular update cycles.
All data traffic between the Service and users is encrypted. Access is restricted by user rights and roles, and we monitor logs to prevent unauthorized actions. In case of a data breach posing a risk to your rights, we will notify you and relevant authorities within 72 hours, as required by law.
WhatsApp messages are end-to-end encrypted, meaning only you and the Service can read them. Meta, WhatsApp’s owner, collects metadata (e.g., timestamps, phone numbers) for its own purposes. We do not share this metadata further, but WhatsApp’s privacy policy applies. See whatsapp.com/legal/privacy-policy.
Telegram uses transit encryption for standard chats via bots (not end-to-end), meaning Telegram could access content if it chooses. Secret chats offer end-to-end encryption, but our Service uses standard bots. Telegram collects metadata (e.g., IP addresses, device info) for up to 12 months for security. Access is restricted, and logs are monitored. See telegram.org/privacy.
We use third-party LLMs (e.g., OpenAI, Claude) to generate responses, sharing only message content, not identifiers like your name or contact details. We minimize data shared to what’s necessary and select GDPR-compliant partners where possible.
Your messages are transmitted to the chosen LLM via WhatsApp or Telegram. You can select your preferred model, determining the provider receiving your messages.
Claude does not use Moment messages for model training. Only message content is sent to Anthropic’s servers; no identifiers (e.g., WhatsApp ID, phone number) are shared.
We share data with subcontractors (e.g., messaging providers like WhatsApp and Telegram, AI providers like OpenAI or Claude, payment processors) only as necessary to provide the Service, and with authorities only under legal obligation. We do not sell your personal information to third parties.
Some LLMs or payment services may be outside the EU/EEA. We ensure legal transfers using EU Standard Contractual Clauses (SCCs) or equivalent safeguards. WhatsApp and Telegram may transfer metadata (e.g., user ID, IP address) outside the EU/EEA per their policies.
You have the right to:
Submit requests to
[email protected], either yourself or via an authorized agent. We may request additional information to verify your identity and will respond within 45 days (or as required by law). To challenge a decision, email [email protected].For privacy inquiries, contact
[email protected]. Significant changes to this Privacy Statement will be communicated via system updates or other means, such as email.This Privacy Statement aligns with the EU GDPR and Finnish law, with a commitment to the forthcoming ePrivacy Regulation. Depending on your location, other laws may apply, including:
For EU users, we comply with GDPR. For others, we aim to provide similar protections, subject to local laws. If you believe your data has been mishandled, contact your local data protection authority (e.g., tietosuoja.fi for Finland, ico.org.uk for the UK).
The Service is not intended for individuals under 18. We do not knowingly collect data from children under 13 without parental consent, as required by law (e.g., COPPA in the US). If you’re a parent or guardian and believe your child has provided us data, contact
[email protected] to request removal.For children under 13, we require written parental consent (e.g., via email) confirming the child’s use of the Service and data processing as described here. Consent may be withdrawn anytime by contacting us.
We currently do not use cookies or tracking technologies on our website. If this changes, we will update this Statement and seek your consent as required by law.
This Privacy Statement is effective upon publication. Continued use after updates signifies acceptance of the revised terms. We recommend reviewing it regularly for changes.