Privacy Policy
Last updated: April 13, 2026
1. Introduction
Welcome to PanicFree ("we" or "our"), an e-commerce store that sells digital books and educational guides. We are committed to protecting your personal data and privacy. This privacy policy describes how we collect, use, disclose, and protect your data when you visit our online store and purchase our digital products.
Please read this privacy policy carefully. By using our services, you agree to the practices described in this privacy policy.
2. Data We Collect
We collect data that you provide to us directly, including:
- Contact information: Email address when you make a purchase or contact us.
- Payment information: Payment details are processed securely through our payment service provider (Stripe). We do not store complete card numbers in our systems.
- Transaction information: Records of products purchased, order history, and download activity.
- Communications: All messages you send us, including support requests and feedback.
Providing personal data is generally a prerequisite for completing a purchase. Without the necessary contact information, we cannot process your order or deliver your products.
3. Automatically Collected Data
When you visit our website, we automatically collect certain data, including:
- Device information: Browser type, operating system, device type, and screen resolution.
- Usage data: Pages visited, time spent on pages, click behavior, and referring URLs.
- IP address: Your Internet Protocol address, which may indicate your general geographic location.
- Cookies and tracking technologies: We use cookies and similar technologies for trend analysis, website administration, and collecting demographic information. See section 7 for a more detailed description.
4. Legal Basis for Processing Personal Data
We process your personal data under the following legal bases in accordance with the GDPR and applicable legislation:
- Performance of a contract (Art. 6(1)(b)): Processing and fulfilling your orders, delivering purchased digital products, and sending transactional emails such as order confirmations and download links.
- Consent (Art. 6(1)(a)): Setting advertising cookies, displaying targeted advertising, and tracking ad conversions. You can withdraw your consent at any time.
- Legitimate interest (Art. 6(1)(f)): Analyzing website usage to improve our products and services, preventing fraud, ensuring information security, and providing customer support.
- Legal obligation (Art. 6(1)(c)): Retaining accounting records in accordance with Finnish accounting law, ensuring refund and cancellation rights, and responding to authorities' data requests.
5. Purposes of Data Use
We use the data we collect for the following purposes:
- Processing and fulfilling your orders and delivering purchased products
- Sending transactional messages (order confirmations, download links)
- Responding to your inquiries and providing customer support
- Analyzing website usage to improve our products and services
- Marketing and targeted communications
- Preventing fraud and improving the security of our services
- Complying with legal obligations
6. Advertising and Analytics
We use third-party advertising and analytics services, including Meta (Facebook) and Microsoft Clarity, to understand how visitors use our website and to provide targeted advertisements. These services may collect data about your online activity over time and across different websites.
Meta (Facebook) Pixel: We use the Meta Pixel to measure the effectiveness of our advertising, understand actions taken on our website, and display targeted advertisements. Advertising cookies are only set with your consent.
Meta Conversions API: We use Meta's server-side Conversions API to send event data (such as purchases) directly to Meta's servers. This complements the browser-based pixel and may include hashed personal data such as email address for ad targeting and conversion measurement. Data is sent only with your consent.
Microsoft Clarity: We use Microsoft Clarity to understand how visitors interact with our website through session recordings and heatmaps. Clarity captures how you use our site (clicks, scrolls, mouse movements) and generates heatmaps of visitor behavior. Clarity does not collect personally identifiable information and masks sensitive content by default. Clarity cookies are only set with your consent.
7. Cookies and Tracking Technologies
We use cookies and similar technologies on our website to improve your experience and analyze site usage. Visitors from the EU/EEA are shown a cookie notice to manage their settings.
Essential Cookies
These cookies are technically necessary for the site to function. They cannot be disabled.
| cookie_consent | Stores your cookie preferences (accepted categories, timestamp, and version). Duration: 12 months. |
| consent_required | Indicates whether your region requires explicit cookie consent (based on your country). Duration: session. |
| currency | Stores your preferred currency for displaying prices. Duration: 1 year. |
Analytics Cookies
We use Vercel Analytics for privacy-friendly website analytics (cookie-free, aggregated data only). Microsoft Clarity sets the following cookies with your consent:
| _clck | Microsoft Clarity cookie used to store a unique user identifier and preferences. Duration: 12 months. |
| _clsk | Microsoft Clarity cookie used to group page views into a single session. Duration: 1 day. |
Advertising Cookies
These cookies are only set with your consent and are used for targeted advertising and measuring ad effectiveness.
| _fbp | Meta (Facebook) Pixel browser identifier used for displaying targeted ads and measuring ad effectiveness. Duration: 90 days. |
| _fbc | Meta (Facebook) click identifier used for linking website visits to ad clicks. Duration: 90 days. |
You can change your cookie settings at any time via the "Cookie settings" link in the site footer or by contacting us. Visitors outside the EU/EEA are not shown a cookie banner, as explicit consent is not legally required in those regions; however, you may use the footer link or contact us to opt out at any time.
8. Data Disclosure
We may disclose your data to the following parties:
- Service providers: Third parties performing services on our behalf, such as payment processing (Stripe), email delivery (Resend), and hosting (Vercel).
- Advertising partners: As described in the Advertising and Analytics section. Data is shared via both browser-based methods (pixels, cookies) and server-side APIs (Meta Conversions API). Advertising data is shared only with your consent.
- Legal requirements: As required by law, court order, or government authority.
- Business transfers: In connection with a merger, acquisition, or sale of business.
We do not sell your personal data to third parties nor disclose it for third-party marketing purposes.
9. International Data Transfers
We primarily use service providers within the EU/EEA. However, some of our service providers are located in the United States:
- Stripe: Payment processing. Transfers are protected under Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework.
- Vercel: Website hosting and analytics. Transfers are protected under Standard Contractual Clauses (SCCs).
- Meta (Facebook): Advertising pixel and Conversions API. Data is transferred only with your consent, and transfers are based on Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework.
- Microsoft (Clarity): Session recordings, heatmaps, and user behavior analytics. Data is transferred only with your consent, and transfers are based on Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework.
- Resend: Email delivery service. Transfers are protected under Standard Contractual Clauses (SCCs).
We ensure that all international data transfers comply with applicable data protection legislation and that appropriate safeguards are in place.
10. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including meeting legal, accounting, or reporting requirements.
Accounting records are retained for at least 7 years to comply with Finnish accounting law and statutory tax requirements.
11. Data Subject Rights
Under the GDPR and applicable data protection legislation, you have the following rights regarding your personal data:
- Right of access: You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data.
- Right to rectification: You have the right to request the correction of inaccurate or incomplete personal data.
- Right to erasure: You have the right to request the deletion of your personal data under certain conditions. Legal obligations (such as accounting requirements) may limit this right.
- Right to restriction of processing: You have the right to request the restriction of processing of your personal data in certain situations.
- Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to object: You have the right to object to the processing of your personal data based on legitimate interest. You have an absolute right to object to processing for direct marketing purposes at any time.
- Right to withdraw consent: When processing is based on consent (such as advertising cookies), you have the right to withdraw your consent at any time via cookie settings.
You can exercise these rights by contacting us at the email address provided in the Data Controller section below. We may need to verify your identity before processing your request.
12. Automated Decision-Making and Profiling
We do not use your personal data for automated decision-making or profiling that would have legal effects concerning you or similarly significant consequences.
13. Right to Lodge a Complaint
If you believe that the processing of your personal data violates data protection legislation, you have the right to lodge a complaint with a supervisory authority.
In Finland, the supervisory authority is:
Office of the Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki
P.O. Box 800, 00531 Helsinki
Email: tietosuoja(at)om.fi
Phone: +358 29 56 66700
EU/EEA residents may also lodge a complaint with the supervisory authority in their country of residence.
14. Data Security
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. All data in transit is encrypted using SSL/TLS technology. However, no method of transmission over the Internet or electronic storage method is completely secure.
15. Children's Privacy
Our services are not directed at persons under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
16. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of changes by posting the updated privacy policy on this page and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.
17. Data Controller
The data controller responsible for processing your personal data is:
Jocanen Oy
Business ID: 3352342-2
Tuulitie 2 A
00700 Helsinki, Finland
Email: support@panic-free.com
If you have questions about this privacy policy or our data protection practices, please contact us at the email address above.