Privacy Policy
1. Data Controller Identity & Contact
Business ID (Y-tunnus): 3627021-3
Location: Helsinki, Finland
2. Types of Data Collected
The Application is built to minimize data collection. Depending on how you interact with the Application, the following categories of data may be processed:
A. Automatically Collected Technical Data
When you run the Application, certain technical data is automatically sent by your mobile device to support app functionality and performance:
- Device Information: Device model, operating system version, unique device identifiers, and language settings.
- Usage Data: Diagnostic metrics, crash logs, app launch times, and performance analytics.
B. Data You Provide Directly
When you create an account in the Application, we collect your email address and a secure hash of your password. Upon registration, a unique system-generated identifier (User ID) is assigned to your profile to sync your data across devices.
3. Purpose and Legal Basis for Processing
We process your data under the following legal bases allowed under GDPR:
- Legitimate Interests (Art. 6(1)(f) GDPR): To monitor software stability, optimize performance, debug runtime errors, and safeguard the underlying application infrastructure.
- Consent (Art. 6(1)(a) GDPR): For any optional analytical tracking or marketing data collected, where requested explicitly via native device permission prompts.
4. Third-Party Service Providers
To keep the Application running smoothly, we utilize trusted third-party infrastructure components. These processors handle technical telemetry data externally on our behalf:
| Provider | Purpose | Data Location & Safeguards | Link to Privacy Policy |
|---|---|---|---|
| Google Play Services | Licensing & app engine | Global | Google Privacy |
| Supabase, Inc. | Auth & Database Infrastructure | EU (Frankfurt, Germany) | Supabase Privacy |
5. Data Retention Period
- Technical Logs & Metrics: Automatically collected technical logs and crash reports are anonymized or completely deleted automatically within 90 days of collection.
- Support Emails: Correspondence history sent to our support inbox is preserved for up to 1 year to assist with recurring technical inquiries, after which it is purged.
6. International Data Transfers
The third-party systems we use (such as Google Infrastructure) may store and process data on server installations located outside of the European Economic Area (EEA), primarily in the United States. Any such transfers are executed securely under the protection of the EU-U.S. Data Privacy Framework or standard contractual clauses approved by the European Commission.
7. Your GDPR Rights
As a resident of the European Union, you possess comprehensive rights regarding your personal data:
- Right of Access: You can request a summary or copy of any personal records we hold about you.
- Right to Erasure ("Right to be Forgotten"): You can ask us to purge your interaction history or support messages.
- Right to Rectification: You can request updates to inaccurate or outdated records.
- Right to Complain: If you believe your data is handled improperly, you have the statutory right to file an official complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu) via tietosuoja.fi.
To execute any of these rights, contact us directly at the email listed in Section 1.
8. Changes to This Policy
We reserve the right to revise this Privacy Policy periodically to reflect shifts in regulatory mandates or functional application expansions. Updates take effect immediately upon the revised document being published online.