1. Controller and contact
COMS acts as controller for its own website, portal accounts and customer relationship data.
When a customer uses a COMS widget on its own website, the customer is usually the controller for visitor and lead data and COMS acts as processor.
- COMS / coms.fi
- Contact: info@coms.fi
- Customer-specific processing is agreed in the contract or onboarding.
2. Data we process
The processed data depends on the enabled modules and customer settings.
- Contact details such as name, email, phone, company and message content.
- Conversations, lead forms, booking requests and selected answers.
- Portal users, roles, authentication records and audit logs.
- Technical data such as IP address, browser, page, timestamps, errors and integration events.
- Customer-uploaded images, files and brand assets when enabled.
3. Purposes and legal bases
Data is used to deliver COMS services, improve customer experience, maintain security, handle billing and run configured integrations.
The legal basis may be contract, legitimate interest, consent or legal obligation depending on the context.
4. Sources
Data is collected from the user, the customer website widget, portal users and integrations explicitly connected by the customer.
5. Providers and transfers
COMS uses selected technical providers for hosting, database, email delivery, analytics and AI features.
AI and integration providers are used only when needed for the service or enabled by customer settings.
- Supabase
- Cloudflare
- Resend
- OpenAI or another agreed model provider
- Google and channel integrations based on customer settings
COMS does not sell personal data to third parties.
6. Retention
Data is retained for as long as needed for the service, agreement, security or legal obligations.
Customer content, conversations, leads and settings are deleted or returned according to the agreed offboarding process.
7. Security
COMS uses account isolation, role-based access, allowed widget origins, private file storage and audit logging.
Access is limited to people and systems with a justified need to provide the service.
8. Rights
You may have the right to access, correct, delete, restrict or object to processing and request data portability.
Where processing is based on consent, you can withdraw consent at any time. You may also lodge a complaint with a supervisory authority.
9. Changes
We update this notice when the service, processing practices or legal requirements change. Material changes are communicated in a reasonable way.