Privacy Policy

Last revised Feb 15, 2017

Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate, disclose and make use of personal information.


Name and address of the data controller

Turbine Room Ltd
Business ID 2620875-8
VAT ID FI26208758
Kalliosuontie 19
36200 Kangasala
Finland
Email: jaana@turbineroom.com

By using FirstOfficer.io (the “Service”, "FirstOfficer.io"), you agree to the terms of this Privacy Policy and the Terms of Service. FirstOfficer.io is created and operated by Turbine Room Ltd ("we").

The following outlines our privacy policy:



This Privacy Policy applies only to the FirstOfficer.io service and website. FirstOfficer.io may contain links to other web sites not operated or controlled by us (the "Third Party"). The policies we described here do not apply to the Third Party sites. The links do not imply that we endorse or have reviewed the Third Party sites. We suggest contacting those sites directly for information on their privacy policies.

EU-U.S. Privacy Shield compliancy

FirstOfficer.io is operated from Finland, EU. Privacy Shield certificates are not used in the EU, they are for U.S. businesses. The EU-wide Data Protection Directive and General Data Protection Regulation (GDPR) mandates that we handle your data in a Privacy Shield compatible way. There is a transition period that ends in May 2018. We are also bound by Finnish Personal Data Act.

At the moment we comply to GDPR requirements when we handle your customer data.

However, when we handle your personal data, we use non-EU based services that do not yet have Privacy Shield certificate: Stripe for collecting payments and GetVero for life-cycle emails. However, Stripe does employ European Commission’s Standard Contractual Clauses that make personal data transfers legal.

This chapter explains how we handle the private data you have collected about your customers.

Both the Privacy Shield and GDPR require that notice should be given to the persons whose data gets collected. No data should be collected without person's consent. Person should have access to the data that has been collected about them.

It is your responsibility to gain your EU-based customers consent and notice them about the data collection. We will never contact your customers, but if they contact us, we are bound by the law to let them see the personal data collected about them. However, to protect you, we will require proof of identity.

We store all the data in U.S. servers using only Privacy Shield certified service providers. FirstOfficer.io is not moving any personal information from EU to U.S. We store data that has already moved to U.S. by you.

What information is collected

FirstOfficer.io provides its service by pulling information about your customers and finances from third party services. To enable this, you need to authenticate to these services through FirstOfficer.io. As you do that, we collect the credentials needed access that third party service and its data. All credentials are stored encrypted.

When you register an account for the service, we collect information to properly identify, communicate with and charge you as a customer. This information includes your email, company name and credit card number. Credit card numbers are never stored in our servers - they are securely transmitted and stored with the payment provider (Stripe).

We also collect anonymous data from every visitor of the website to monitor traffic, collect statistics and fix bugs. This includes information about your location, browser and times of visit.

How information is used

All transfers of data are done over secure connections.

We use your personal information to provide you the service and to communicate with you. You may receive promotional emails relating to FirstOfficer.io. You may receive emails regarding your use of the FirstOfficer.io website and service. The service may send you report emails containing financial figures, but never customer emails. You can opt out from receiving all of these emails - however, you'll be sent a monthly payment receipt that you can not opt out.

The financial and customer data that we receive from third party services is kept confidential. Data is never shared between accounts or with public.

Please note that if you choose to share data, like inviting your accountant, team or advisors to view your data through FirstOfficer.io, we are not responsible for any violations.

FirstOfficer.io is operated from Finland, EU. If you are visiting the website and service from outside Finland, you agree to any processing of personal information according to this policy.

How information is shared

To better understand and serve the customers of FirstOfficer.io, we may conduct research based on the information provided to us. The research is compiled on aggregate basis and does not identify you personally. This data may be shared with agents and business partners. It may also be used in marketing purposes to describe our service.

We don't share personal information you have provided us without your consent, unless:


We currenly use MailChimp/Mandrill and Google Analytics, and share following data:


The data is stored in databases provided by Heroku service, in their US datacenter. To get more information, please take a look at Heroku privacy policy.

We may hire other companies and employ and contract with people and other entities that perform certain tasks on our behalf. Examples of such functions include accounting, maintaining databases and processing payments. When we employ anyone to perform a function of this nature, we only provide them with the information that they need to perform their specific function.

We own rights to the FirstOfficer.io service and website, but retain rights to the data that you store to FirstOfficer.io. We might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets.

Use of cookies

For your convenience, we use cookies to store session information. Cookies must be enabled to use the service.

How to review, modify or delete your personal data

To keep your personal data accurate, current, and complete, please contact support@firstofficer.io.

Changes to Privacy Policy

We may make changes to this Privacy Policy. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make significant changes, we will post the changes to this page and will indicate at the top of this page the date these terms were last revised. We will notify you by posting an announcement on the Website or sending you an email.

This Privacy Policy was last updated on the date indicated at the top. Your continued use of the Service after the date any such changes become effective constitutes your acceptance of the new Privacy Policy.