Privacy Policy

Last updated: 4 March 2026

This Privacy Policy explains how Dynamint Oy (“Dynamint”, “we”, “us”, “our”) collects, uses, stores, and shares personal data when you use the Mökki-Mikko application and related services (the “Service”). It also explains your rights under the EU General Data Protection Regulation (“GDPR”).

If you have questions or want to exercise your rights, contact us at support@dynamint.fi.

1. Controller and contact details

Data controller: Dynamint Oy
Business ID: 3212175-5 (VAT/intl: FI32121755)
Address: PL 13, 00561 Helsinki, Finland
Support & data protection requests: support@dynamint.fi

We do not currently designate a Data Protection Officer (DPO). You can contact us at the email above for all privacy matters.

2. What personal data we process

2.1 Account and identity data (from sign-in)

When you sign in using Google Sign-In or Apple Sign-In, we process:

  • Name

  • Email address

  • Subject identifier (a unique identifier from the sign-in provider)

2.2 Group content you provide

We process data you and your group members enter into the Service, such as:

  • schedules, bookings, notes, messages, and other records created in the app

This data may include personal data depending on what you choose to enter.

2.3 Media you upload

We process media you upload (for example images), including associated metadata required for storage and retrieval.

2.4 Logs and technical telemetry

We process logs and telemetry needed to provide, secure, debug, and maintain the Service. This can include:

  • device/app diagnostics, error logs, performance metrics

  • authentication events

  • IP address and request metadata (as part of normal service operation)

2.5 Usage analytics (optional; not enabled in early versions)

Early versions of the Service may not collect analytics. If we introduce analytics, we expect to use Firebase Analytics (or equivalent) and collect usage statistics only with opt-in consent where required.

3. Where your data is stored and processed

We use Google Cloud services to host and operate the Service.

  • Firestore database: stored in europe-north1 (Helsinki)

  • Google Cloud Storage (media uploads): stored in europe-north1 (Helsinki)

We aim to keep primary storage in this region. Some processing may still occur as part of operating global cloud services (e.g., support, security operations, and content scanning workflows), depending on provider configurations.

4. How we use your data (purposes)

We use personal data to:

  1. Provide the Service

  • create and manage your account

  • authenticate you and prevent fraud

  • enable group functionality and sharing

  1. Operate, secure, and maintain the Service

  • monitor reliability and performance

  • diagnose and fix bugs

  • prevent misuse and enforce our Terms

  1. Safety, moderation, and legal compliance

  • detect and prevent illegal or harmful activity

  • comply with legal obligations and lawful requests

  1. Support

  • respond to support requests and user reports

  1. Analytics (only if enabled with consent)

  • understand feature usage and improve the Service

5. Legal bases for processing (GDPR)

Depending on context, we rely on the following legal bases:

  • Contract (GDPR Art. 6(1)(b)): to provide core Service functionality (account, group features, storage and syncing of your content).

  • Legitimate interests (GDPR Art. 6(1)(f)): to secure and maintain the Service, prevent abuse, troubleshoot issues, and protect users and the Service. Where we rely on legitimate interests, we balance these interests against your rights and freedoms.

  • Consent (GDPR Art. 6(1)(a)): for optional analytics (e.g., Firebase Analytics) when enabled; you can withdraw consent at any time.

  • Legal obligation (GDPR Art. 6(1)(c)): when we must comply with applicable laws.

6. Group sharing and visibility

The Service is group-based. When you join a group:

  • other members of that group may see your name and email address

  • members may access content you post in that group (including messages and uploaded media)

If you leave a group, the content you posted in that group remains in the group for continuity of shared schedules and history, unless removed by the group owner/admin or by available product features.

7. Developer access, moderation, and automated scanning

To prevent illegal or harmful use and to maintain the Service:

  • Images: user-uploaded images may be automatically scanned proactively to detect illegal content.

  • Other content (e.g., text and records): generally accessed only when necessary for support/troubleshooting, when we detect suspicious activity, or when we receive a user report.

  • Reporting: at present, reports are handled via email at support@dynamint.fi.

Authorized Dynamint personnel may access data where needed for these purposes, under access controls.

8. Cookies and tracking

  • The mobile app itself may use local storage and identifiers necessary for functionality and security.

  • Analytics identifiers and related tracking will be used only if/when analytics are introduced and you opt in via a consent screen (where required).

If you use a web version of the Service, additional web-specific cookie disclosures may apply on that site.

9. Who we share data with

We do not sell your personal data and do not share it with third parties for advertising.

We share data only:

  • With cloud service providers we use to host and operate the Service (notably Google Cloud / Firebase). These providers process data on our behalf as service providers/processors.

  • With group members, as described in Section 6 (because group sharing is a core function).

  • When required by law, such as responding to lawful requests from authorities.

10. International transfers

Your primary data storage is in europe-north1 (Helsinki). However, as with most cloud services, limited cross-border processing may occur depending on provider operations (for example, support, security, and abuse-prevention functions).

Where transfers outside the EEA occur, we aim to ensure appropriate safeguards are in place as required by GDPR. (We may update this section as our provider and contractual setup is reviewed and finalized.)

11. Data retention

Tenancy ends when you delete your account. Account deletion may not be available as an in-app feature in early versions; until then, you can request deletion via support@dynamint.fi.

After account deletion, your data may be retained for up to 30 days as a measure against unintentional data loss and to support restoration scenarios. Backups are retained for 30 days.

Group content note: content you posted in a group may remain accessible to that group after you leave or delete your account, for continuity, unless deleted by the group owner/admin or by available product features, or unless deletion is required by law.

We may retain limited information longer if necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

12. Your rights under GDPR

Depending on your situation, you have the right to:

  • Access your personal data

  • Rectify incorrect or incomplete data

  • Delete your personal data (“right to be forgotten”), subject to legal/technical limits and group continuity needs

  • Restrict processing in certain cases

  • Object to processing based on legitimate interests

  • Data portability for data you provided, where applicable

  • Withdraw consent at any time (where processing is based on consent, such as analytics)

To exercise these rights, email support@dynamint.fi. We will respond as soon as possible and within the time required by GDPR.

13. Complaints

If you believe our processing of your personal data violates GDPR, you have the right to lodge a complaint with your local supervisory authority.

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).

14. Security

We use reasonable technical and organizational measures designed to protect personal data. Data is encrypted in transit (HTTPS/TLS) and encrypted at rest in our primary storage systems. No method of transmission or storage is 100% secure, but we work to protect the Service using appropriate safeguards.

15. Children’s privacy

The Service is intended for users who are of legal age to enter into a contract. We do not currently implement age-gating within the app. If you believe a child has provided personal data to us, contact support@dynamint.fi.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice in the Service or by other reasonable means. The “Last updated” date indicates when this policy was last revised.

17. Contact

For support, privacy questions, or GDPR requests: support@dynamint.fi