doraroi.io
← Back to home

Privacy Policy

Effective date: 8 April 2026

1. Data Controller

Pyroxix Group Oy
Business ID: FI31579457
Finland
Contact: contact@doraroi.io

2. Data We Collect

We collect only the minimum data necessary to provide the service:

  • Uploaded Excel file — provided by you for processing. Used solely to extract DORA Register of Information fields.
  • Email address — collected via Stripe during payment. Used for payment confirmation and receipts.
  • Payment data — processed by Stripe (card details, billing information). We do not store card details.
  • Technical metadata — submission identifiers (lockId, snapshotId) used to link your payment to your generated package.

3. Purpose of Processing

Your data is processed for the following purposes:

  • Generating your DORA Register of Information submission package (XBRL/CSV and PDF)
  • Processing payment and issuing receipts
  • Providing download access to the generated package

Legal basis: Performance of a contract (GDPR Article 6(1)(b)) — processing is necessary to deliver the service you have purchased.

4. Data Retention

Uploaded Excel files and extracted canonical data are deleted after the submission package has been generated and made available for download. We do not retain your source data.

Payment records are retained as required by Finnish accounting law (typically 7 years).

Technical identifiers (lockId, snapshotId) may be retained for a short period for support purposes.

5. Payment Data and Stripe

Payment processing is handled by Stripe (Stripe Payments Europe, Ltd.), an EU-regulated payment processor. Card details and payment credentials are processed and stored by Stripe — we never receive or store your card data.

Stripe's privacy policy is available at stripe.com/privacy.

6. Data Transfers

Your data is processed within the European Union / European Economic Area. We do not transfer personal data to third countries outside the EEA, except where Stripe's infrastructure may be involved (subject to Stripe's SCCs and adequacy decisions).

7. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access — request a copy of personal data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data
  • Right to restriction — request that we limit processing of your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests

To exercise any of these rights, contact us at contact@doraroi.io. We will respond within 30 days.

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).

8. Cookies and Tracking

doraroi.io does not use tracking cookies or third-party analytics. Stripe may set cookies during the payment flow in accordance with their own privacy policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available at doraroi.io/privacy. We will notify users of material changes where feasible.

10. Contact

For privacy-related questions or to exercise your rights:

contact@doraroi.io