Privacy Policy

Last updated: 24 April 2026

This Privacy Policy explains how Dynamint Oy (“Dynamint”, “we”, “us”, “our”) collects, uses, stores, and shares personal data when you use the MökkiMikko application (in English, “Summer Cottage App”) and related services (the “Service”). It also explains your rights under the EU General Data Protection Regulation (“GDPR”).

If you have questions or want to exercise your rights, contact us at support@dynamint.fi.

1. Controller and contact details

Data controller: Dynamint Oy
Business ID: 3212175-5 (VAT/intl: FI32121755)
Address: PL 13, 00561 Helsinki, Finland
Support & data protection requests: support@dynamint.fi

We do not currently designate a Data Protection Officer (DPO). You can contact us at the email above for all privacy matters.

2. Personal data we process

2.1 Account and identity data (from sign-in)

When you sign in using Google Sign-In or Apple Sign-In, we process:

• Name
• Email address
• Subject identifier (a unique identifier from the sign-in provider)

When you sign in using Google or Apple, authentication is handled by those providers and subject to their privacy policies.

2.2 Group content you provide

We process data you and your group members enter into the Service, such as:

• schedules, bookings, notes, messages, and other records created in the app

This data may include personal data depending on what you choose to enter.

2.3 Media you upload

We process media you upload (for example images), including associated metadata required for storage and retrieval.

2.4 Logs and technical telemetry

We process logs and telemetry needed to provide, secure, debug, and maintain the Service. This can include:

• device/app diagnostics, error logs, performance metrics
• authentication events
• IP address and request metadata generated during normal operation of the Service

2.5 Usage analytics (optional; not enabled in early versions)

Early versions of the Service may not collect analytics. If we introduce analytics, we expect to use Firebase Analytics (or equivalent). Analytics will be enabled only with opt-in consent via a consent screen where required.

2.6 Subscription and purchase data

If you purchase, restore, or use a paid subscription, we process subscription-related data needed to manage paid access to the Service. This may include:

• purchase history
• transaction and receipt data
• subscription status and entitlement status
• product identifiers
• renewal, cancellation, and expiration information
• internal identifiers used to associate purchases with your account
• your app user ID or other account-linked identifiers used for subscription management
• device identifiers and other device-level identifiers where needed for purchase validation, fraud prevention, functionality, analytics, or attribution

Subscription management, receipt validation, entitlement tracking, and related subscription infrastructure may be handled through RevenueCat, together with the relevant app store or payment platform (such as Apple App Store or Google Play).

3. Where your data is stored and processed

We use Google Cloud services to host and operate the Service.

• Firestore database: stored in europe-north1 (Helsinki)
• Google Cloud Storage (media uploads): stored in europe-north1 (Helsinki)

We use service providers to support subscription management and related functionality.

We aim to keep primary storage in this region. Some processing may still occur outside this region or outside the EEA as part of operating global cloud services (e.g., support, security operations, and content scanning workflows) or by service providers such as the subscription infrastructure provider RevenueCat.

4. How we use your data (purposes)

We use personal data to:

1. Provide the Service

• create and manage your account
• authenticate you and prevent fraud
• enable group functionality and sharing
• process purchases and manage access to paid features
• associate purchases and subscriptions with the correct account or device

2. Operate, secure, and maintain the Service

• monitor reliability and performance
• diagnose and fix bugs
• prevent misuse and enforce our Terms
• validate subscriptions and manage entitlements
• prevent fraud and abuse in connection with purchases and subscriptions

3. Safety, moderation, and legal compliance

• detect and prevent illegal or harmful activity
• comply with legal obligations and lawful requests

4. Support

• respond to support requests and user reports
• assist with purchase or subscription issues

5. Analytics (only if enabled with consent)

• understand feature usage and improve the Service

6. Attribution and measurement (where applicable)

• measure the source and performance of installs, purchases, trials, and subscription conversions
• use device identifiers or platform-provided attribution identifiers only where permitted by platform settings and applicable law

5. Legal bases for processing (GDPR)

Depending on context, we rely on the following legal bases:

• Contract (GDPR Art. 6(1)(b)): to provide core Service functionality (account, group features, storage and syncing of your content), and where applicable to process purchases, validate subscriptions, and manage access to paid features.
• Legitimate interests (GDPR Art. 6(1)(f)): Our legitimate interests include maintaining the security, reliability, and integrity of the Service, preventing fraud and abuse, diagnosing technical issues, managing subscription functionality, using limited identifiers needed for attribution and measurement where permitted, and protecting the Service and its users.
• Consent (GDPR Art. 6(1)(a)): for optional analytics (e.g., Firebase Analytics) when enabled, and for attribution, advertising measurement, or tracking where consent is required by applicable law or platform rules; you can withdraw consent at any time.
• Legal obligation (GDPR Art. 6(1)(c)): when we must comply with applicable laws.

6. Group sharing and visibility

The Service is group-based. When you join a group:

• other members of that group will be able to see your name and email address
• members may access content you post in that group (including messages and uploaded media)

If you leave a group, the content you posted in that group remains in the group for continuity of shared schedules and history, unless removed by the group owner/admin or by available product features.

7. Developer access, moderation, and automated scanning

To prevent illegal or harmful use and to maintain the Service:

• Images: user-uploaded images may be automatically scanned proactively to detect illegal content.
• Other content (e.g., text and records): generally accessed only when necessary for support/troubleshooting, when we detect suspicious activity, or when we receive a user report.
• Reporting: at present, reports are handled via email at support@dynamint.fi.

Authorized Dynamint personnel may access data where needed for these purposes, under access controls.

8. Cookies and tracking

• The mobile app itself may use local storage and identifiers necessary for functionality and security.
• Subscription and purchase infrastructure, including RevenueCat, may process app user IDs, device identifiers, and other identifiers needed to validate purchases, manage subscriptions, prevent fraud, and maintain functionality.
• Depending on your device, platform settings, and applicable law, device identifiers or platform-provided attribution identifiers may also be used for attribution, conversion measurement, and analytics.
• If we measure ad campaign performance through providers such as Meta or Google Ads, device identifiers, app identifiers, advertising identifiers, or similar attribution data may be collected and shared for ad attribution, conversion measurement, campaign performance reporting, and related fraud-prevention purposes.
• Analytics identifiers and related tracking will be used only if/when analytics, attribution, or ad measurement features are introduced and you opt in via a consent screen where required.

If you use a web version of the Service, additional web-specific cookie disclosures may apply on that site.

9. Who we share data with

We do not sell your personal data and do not share it with third parties for advertising.

We share data only:

• With cloud service providers and measurement partners. Our infrastructure providers include Google Cloud Platform and Firebase (operated by Google Ireland Ltd.), and subscription infrastructure providers such as RevenueCat, which may process data on our behalf to manage subscriptions, validate receipts, track entitlements, associate purchases with the relevant account, prevent fraud, and support attribution or subscription analytics where applicable. If we use ad performance measurement tools, providers such as Meta or Google Ads may also receive device identifiers, app identifiers, advertising identifiers, conversion events, and related attribution data for ad attribution, campaign measurement, and fraud-prevention purposes, subject to platform settings and applicable law. Authentication providers such as Google or Apple process authentication data according to their own privacy policies.
• With group members, as described in Section 6 (because group sharing is a core function).
• When required by law, such as responding to lawful requests from authorities.

We maintain data processing agreements with our processors where required by GDPR.

10. International transfers

Our primary data storage is in europe-north1 (Helsinki). However, as with most cloud services and subscription infrastructure providers, limited cross-border processing may occur depending on provider operations (for example, support, security, and abuse-prevention functions).

Where transfers outside the EEA occur, we aim to ensure appropriate safeguards are in place as required by GDPR.

11. Data retention

Your tenancy ends when you delete your account.

An account can be deleted:

• from the application settings
• on the website https://app.mokkimikko.fi/account-delete
• by requesting deletion via email at support@dynamint.fi

After account deletion, data may be retained for up to 30 days to prevent accidental data loss and to support restoration scenarios.
Backups are retained for 30 days.

However, content added to a group may remain accessible to that group even after the account is deleted, unless it is removed separately.

Subscription or transaction-related records may be retained for longer where necessary for legal, accounting, tax, fraud-prevention, dispute-resolution, or contractual reasons, including by relevant service providers or app store ecosystems.

In some cases, data may be retained for longer in order to comply with legal obligations, resolve disputes, or enforce agreements.

12. Your rights under GDPR

Depending on your situation, you have the right to:

• Access your personal data
• Rectify incorrect or incomplete data
• Delete your personal data (“right to be forgotten”), subject to legal/technical limits and group continuity needs
• Restrict processing in certain cases
• Object to processing based on legitimate interests
• Data portability for data you provided, where applicable
• Withdraw consent at any time (where processing is based on consent, such as analytics)

To exercise these rights, email support@dynamint.fi. We will respond as soon as possible and within the time required by GDPR. We may need to verify your identity before fulfilling a request to ensure that personal data is not disclosed to an unauthorized person.

13. Complaints

If you believe our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or where the alleged infringement occurred.

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).

14. Security

We use reasonable technical and organizational measures designed to protect personal data. Data is encrypted in transit (HTTPS/TLS) and encrypted at rest in our primary storage systems. No method of transmission or storage is 100% secure, but we work to protect the Service using appropriate safeguards.

15. Children’s privacy

The Service is primarily intended for adult users. However, minors may use the Service with the permission and supervision of a parent or legal guardian, for example as part of a family group.

The Service does not currently implement a separate age-verification mechanism. If you believe that a minor has provided us with personal data without the permission of a parent or legal guardian, please contact us at
support@dynamint.fi.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice in the Service or by other reasonable means. The “Last updated” date indicates when this policy was last revised.

17. Contact

For support, privacy questions, or GDPR requests: support@dynamint.fi