Legal

Privacy Policy

Last updated: 4 July 2026 · Draft 0.1

Draft — pending legal review. This policy is prepared from KoirApp's actual data practices and is being finalised with a qualified data-protection lawyer before launch. A few specifics (exact retention periods, the final minimum age, and sub-processor transfer mechanisms) are being confirmed and are noted below.

Controller: Oakko Oy (“we”, “us”, “Oakko”) · Y-tunnus 3011591-7 · Finland
Service: KoirApp mobile application (the “App”)
Contact: koirapp@oakko.app

In short

  • Your data lives in the EU. It's stored with our hosting provider Supabase, in the European Union.
  • We don't sell your data, show ads, or use third-party advertising trackers.
  • We don't run AI or machine-learning analysis on your dogs' information, your notes, or your health records.
  • Analytics is off by default. We only collect anonymous, behavioural product analytics if you opt in — and even then it never includes your name, email, your dogs' details, your notes, or any health text.
  • Reminders are calculated on your device. Their content does not leave your phone through us.
  • You can export and delete your data yourself, in the app.
  • Payments go through Apple. We never see or store your card details.

1. Who we are

KoirApp is operated by Oakko Oy, a company registered in Finland (Y-tunnus 3011591-7). For the purposes of the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (tietosuojalaki 1050/2018), Oakko Oy is the data controller for the personal data described here. Privacy questions and requests: koirapp@oakko.app.

Shared households. KoirApp is built around households that share care of the same dogs. When you join or create a household, the dogs, care logs, notes and records in that household are visible to, and may be added to by, the other members of that household.

2. What we process, and why

“Personal data” here means data about you (a person). Information about your dogs is generally not personal data about a human — but we treat it carefully anyway, and some of it (for example a photo of a vet invoice that names you) can contain your personal data.

Account & identity

Email address; password (stored hashed by our authentication provider — we never see it in plaintext); display name; an optional avatar; a cosmetic accent colour; a system-generated user ID. We use email + password sign-in only — no social or third-party login. Basis: performance of a contract, Art. 6(1)(b).

Household & sharing

Household name, type and time zone; who is a member and their role; invite codes; which member logged or edited an action; temporary “sitter” grants of scoped access to a specific dog. Basis: contract, Art. 6(1)(b).

Dog data

Names, breed, photos, sex, date of birth, microchip number, status, and “passport” details (allergies, conditions, vet name and phone, care notes, breeder/registration details, insurance provider/policy). Basis: contract, Art. 6(1)(b).

Health & care records

Vet visits, vaccinations, parasite/worming treatments, medications and dosing schedules, symptoms, injuries, weight history, costs you enter, free-text notes, and photos of documents you attach — stored in a private storage bucket. This is your dog's health information, not human medical data, so it is generally not “special category” data under Art. 9 GDPR. Documents you photograph may incidentally contain your personal data; please only attach what you're comfortable storing. Basis: contract, Art. 6(1)(b).

Activity logs

Each feed / outing / medication event: the time, who did it, optional notes, and details such as food type. We also store limited operational metadata (which screen created it, app version, whether the log followed a reminder tap) to keep the app reliable. Basis: contract, Art. 6(1)(b); reliability as a legitimate interest, Art. 6(1)(f).

Subscription data

If you subscribe, we store your household's tier, the store, a subscription identifier and the current period end. We never receive or store your payment-card details. Basis: contract, Art. 6(1)(b).

Support & feedback

If you contact us in the app, we store your message and category plus basic technical context (app version, OS name/version, device model) to reproduce issues. Basis: legitimate interest in providing support, Art. 6(1)(f).

3. Analytics & error reporting (opt-in, off by default)

  • Off until you opt in. We send nothing to our analytics provider until you actively grant consent (in onboarding or in My Settings → Anonymous analytics). Events before your choice are held locally and either sent (if you later opt in) or discarded.
  • What's collected (if you opt in): a fixed set of behavioural product events — categories and counts only (e.g. “log created”, “paywall viewed”) — with the app version and a pseudonymous user ID (a random identifier, not your name or email).
  • Never sent to analytics: your name, email, dogs' names or details, breed, notes, health text, medication/dosing details, microchip number, allergies, conditions, phone numbers, addresses, invite codes, or any free text. The app actively strips such fields as a safety net.
  • Provider: PostHog, configured to its EU region.
  • Withdraw any time in My Settings → Anonymous analytics; we stop immediately.

Basis: your consent, Art. 6(1)(a). Analytics-event retention is being finalised (a limited period).

4. Payments

Subscriptions are sold through the Apple App Store. Apple processes the payment; your card and billing details are handled by Apple under Apple's own privacy policy. We receive only the result — that your household is on a given tier, a subscription identifier, and the renewal date. Subscription status is relayed via RevenueCat (being wired in for launch).

5. Reminders

Feeding, walk and medication reminders are computed on your device and scheduled as local notifications. We do not operate a remote push service for these, and the content of your reminders does not leave your device through us.

6. The sitter feature

You can temporarily hand a specific dog to another logged-in household (a “sitter”). You choose what is shared; the sitter's access is scoped and temporary and enforced on our servers, not just hidden in the interface. They cannot see your dog's full health record, weight history, breeder/registration data, insurance/admin data, costs, or your other dogs. When you end the sitting, their access is revoked immediately. Basis: contract, Art. 6(1)(b).

7. Who we share data with (sub-processors)

We do not sell your data and do not share it for advertising. We use a small number of processors under data-processing agreements. Exact regions and transfer mechanisms are being confirmed with counsel.

ProviderPurposeLocation
SupabaseDatabase, authentication, file storageEU
PostHogProduct analytics + error reports (opt-in only)EU (eu.i.posthog.com)
Apple (App Store)App distribution + payment processingApple infrastructure, incl. outside the EU/EEA
RevenueCatSubscription-status managementUnited States (SCCs)

KoirApp is built with the Expo framework, but the app uses local, on-device notifications only (no remote push) and no over-the-air updates, so no Expo service receives your personal data at runtime.

8. International transfers

Your account and content are hosted in the EU (Supabase EU; PostHog EU). Some providers (Apple, RevenueCat) process limited data outside the EU/EEA for payments and subscription management; where that happens, transfers are protected by Standard Contractual Clauses and/or the EU–US Data Privacy Framework.

9. How long we keep data

We keep personal data only as long as needed. Your account, household, dog, health-record, log and file data is kept for the life of your account and deleted when you delete your account (see §10); content in a shared household remains with that household for its other members. Opt-in analytics, error reports, support messages, and operational backups/logs are each retained for a limited period, being finalised with counsel.

10. Your rights (GDPR)

You have the right to access, rectify, erase, restrict, object to, and port your personal data, and to withdraw consent for analytics at any time.

  • Export (portability): export your personal data as a JSON file from the app.
  • Deletion: delete your account in My Settings → Delete my account. Any household where you are the only member is deleted in full; shared households remain for their other members. See Deleting your account.
  • Other requests (access, restriction, objection): email koirapp@oakko.app. We respond within one month.

Supervisory authority (Finland): Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), tietosuoja.fi. You may also complain to the authority in your country of residence.

11. Security

We use encryption in transit (HTTPS/TLS), per-household access control enforced on the server (row-level security), private file storage for photos and documents, and hashed passwords. No method is 100% secure, but we work to protect your data and to notify you and the authorities of any qualifying breach as required by law.

12. Children

KoirApp is intended for adults and is not directed at children. In Finland the age of digital consent is 13; KoirApp's final minimum age is being confirmed with counsel and will be stated here and in the Terms. We do not knowingly collect data from children below that age.

13. No AI, no ads, no data selling

We do not send your data to any AI or machine-learning service — not for summaries, suggestions, or anything else. There is no automated decision-making with legal or similarly significant effects; reminders are simple, rule-based calculations on your device. We show no ads, embed no advertising/tracking SDKs, and do not sell your data.

14. Cookies & this website

The KoirApp mobile app does not use browser cookies. This website (koirapp.fi) uses no cookies, no analytics, and no third-party requests — fonts and all assets are served from koirapp.fi itself.

15. Changes

We may update this policy as the App evolves. We'll post the new version here with an updated date and, for material changes, notify you in the App or by email.

← Back to home