KoiraKaveri Logo
KoiraKaveri
Ominaisuudet Opas Hinnoittelu FAQ

Privacy Policy

Updated April 8, 2026

1. Data Controller

Eläinlähtöinen Oy

Business ID: 3431336-3

Email: support@elainlahtoinen.fi

Contact person for data protection matters: Henna Hanhirova (henna@elainlahtoinen.fi)

KoiraKaveri is a product of Eläinlähtöinen Oy.

2. What Data We Collect

2.1. Data You Provide

Data category Examples
Account information Name, email address, location (optional), time zone
Dog profiles Dog's name, breed, date of birth, weight, health conditions, medications
Health journal Poop quality logs, symptom entries, health index data, vet visit notes
User-uploaded content Photos, images, documents, and notes uploaded to the App
Chat and AI conversations Messages exchanged with the AI Assistant
Family group and sitter data Invitations, shared access permissions, sitter instructions

2.2. Data Collected Automatically

Data category Examples
Device and technical data Device type, operating system, app version, IP address
Usage data Features used, session duration, navigation patterns (collected anonymously via Google Analytics)
Subscription data Subscription tier, purchase date, renewal status, transaction identifiers (managed via RevenueCat)
Log data Error logs, crash reports, authentication timestamps

3. Purposes and Legal Bases for Processing

Purpose Legal basis
Providing and operating the App (accounts, dog profiles, health features) Contract
Managing subscriptions and billing via app stores and RevenueCat Contract
AI-powered features (health summaries, training suggestions, chat) Contract
Anonymous usage analytics via Google Analytics Legitimate interest
Creating anonymized summaries of AI conversation topics to improve content Legitimate interest
Technical maintenance, security, and error resolution Legitimate interest
Customer support and communication Contract
Compliance with legal obligations (e.g., accounting law) Legal obligation
Marketing communications (newsletters) Consent

4. Data Storage and Retention

4.1. Primary Storage

Your primary data — including dog profiles, health journals, chat history, and uploaded content — is stored on Google Cloud Platform (GCP) servers located within the European Economic Area (EEA).

4.2. Retention Periods

Data type Retention period
Account and dog profile data Duration of your account; deleted immediately upon account deletion
Health journal and uploaded content Duration of your account; deleted immediately upon account deletion
AI conversations (raw) 7 days, then permanently deleted
Anonymized AI conversation summaries Indefinitely (irreversibly de-identified, not linked to your identity)
Technical and error logs 6–12 months
App usage analytics (our own) Indefinitely (pseudonymized, linked to a non-identifying user ID)
Anonymous analytics data (Google Analytics) Per Google Analytics default retention policy (currently 14 months; anonymized)
Subscription and billing records Duration of account, plus as required by accounting law (up to 7 years)

When you delete your account, all your personal data is permanently and immediately deleted. We recommend exporting your data before deleting your account, as deletion cannot be reversed. Anonymized summaries and aggregated analytics are retained as they cannot be linked back to you. Billing records required by law (e.g., accounting law) are retained for the legally mandated period.

5. Subprocessors and Third-Party Services

We use the following trusted third-party service providers (subprocessors) to deliver and operate KoiraKaveri. Where data is transferred outside the EEA, we rely on appropriate safeguards such as European Commission Standard Contractual Clauses (SCCs), the EU-U.S. Data Privacy Framework, or adequacy decisions to ensure GDPR compliance.

5.1. Google — Workspace

ServiceGoogle Workspace (Gmail, Drive, etc.)
PurposeInternal business operations, including handling customer support emails and storing internal business documents
Data processedYour email address and the contents of any emails you send to us
Data locationGlobal (Google Workspace data may be processed in any Google data center worldwide)
SafeguardsSCCs, EU-U.S. Data Privacy Framework

5.2. Google — Cloud Platform (GCP)

ServiceGoogle Cloud Platform (Firestore, Cloud Storage, Cloud Functions)
PurposePrimary data storage, application hosting, and backend services
Data processedAll App data: account information, dog profiles, health journals, chat history, uploaded images and files
Data locationEEA
SafeguardsData residency within EEA; Google Cloud Data Processing Addendum

5.3. Google — Gemini AI

ServiceGoogle Gemini API (AI models)
PurposePowering the AI Assistant, generating health summaries, training suggestions, and chat responses
Data processedContextual data sent to the AI model per request: relevant dog profile information, health journal entries, and chat messages
Data locationGlobal (AI processing may occur outside the EEA, including the United States)
SafeguardsSCCs, Google Cloud Data Processing Addendum; data is not used by Google to train its models

5.4. Google Analytics

ServiceGoogle Analytics 4
PurposeUnderstanding anonymous usage patterns and app behavior to improve the user experience
Data processedAnonymized usage data: page views, feature usage, session duration, device type, approximate location (country/region level). No personally identifiable information is sent to Google Analytics.
Data locationGlobal (Google Analytics servers)
SafeguardsIP anonymization enabled; no PII collected; SCCs, EU-U.S. Data Privacy Framework

5.5. RevenueCat

ServiceRevenueCat Inc. (subscription management platform)
PurposeCoordinating in-app purchases and subscriptions across Apple App Store and Google Play, managing subscription status and entitlements
Data processedEmail address, subscription tier, purchase history, transaction identifiers, app user ID
Data locationUnited States (hosted on Amazon Web Services / AWS). Data is stored and processed outside the EEA.
SafeguardsSCCs, RevenueCat Data Processing Agreement

5.6. Apple — App Store

ServiceApple App Store (app distribution and in-app purchases)
PurposeDistributing the App to iOS users, processing in-app subscription purchases and payments, delivering push notifications
Data processedApple ID, device identifiers, purchase and subscription history, payment information (handled entirely by Apple)
Data locationGlobal (Apple data centers, including the United States)
SafeguardsApple's Data Processing Agreement; EU-U.S. Data Privacy Framework. Payment information is handled entirely by Apple and is never shared with KoiraKaveri.

5.7. Google — Play Store

ServiceGoogle Play Store (app distribution and in-app purchases)
PurposeDistributing the App to Android users, processing in-app subscription purchases and payments, delivering push notifications
Data processedGoogle account information, device identifiers, purchase and subscription history, payment information (handled entirely by Google)
Data locationGlobal (Google data centers, including the United States)
SafeguardsGoogle's Data Processing Agreement; EU-U.S. Data Privacy Framework. Payment information is handled entirely by Google and is never shared with KoiraKaveri.

6. AI and Automated Processing

6.1. AI Assistant

KoiraKaveri uses Google's Gemini AI models to power its AI Assistant. When you interact with the AI, relevant context (such as your dog's profile, recent health entries, and your message) is sent to the Gemini API to generate a response.

  • AI-generated responses are not reviewed by KoiraKaveri employees before being delivered to you.
  • Google does not use your data sent via the Gemini API to train its general AI models.
  • No automated decisions with legal or similarly significant effects are made about you based on AI processing.

6.2. Anonymized AI Summaries

We create anonymized, irreversibly de-identified summaries of the topics discussed with the AI Assistant. These summaries contain no personal information and cannot be linked back to you or your dog. They are used solely to improve our training materials, content library, and app experience.

If you wish to opt out of this anonymized data collection, please contact us at support@elainlahtoinen.fi.

7. International Data Transfers

Your primary data is stored within the EEA on Google Cloud Platform. However, certain services require data to be transferred or processed outside the EEA:

Service Data transferred Destination Safeguard
Google Gemini AI AI request context (dog profile excerpts, messages) Global (incl. US) SCCs, Google Cloud DPA
Google Workspace Support emails, business correspondence Global SCCs, EU-U.S. DPF
Google Analytics Anonymous usage data Global IP anonymization, SCCs, EU-U.S. DPF
RevenueCat Email, subscription data United States (AWS) SCCs, RevenueCat DPA
Apple App Store Apple ID, device identifiers, purchase history Global (incl. US) Apple DPA, EU-U.S. DPF
Google Play Store Google account, device identifiers, purchase history Global (incl. US) Google DPA, EU-U.S. DPF

We regularly review our subprocessors and their safeguards to ensure continued compliance with the GDPR.

8. Data Security

We protect your data using industry-standard security measures, including:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS.
  • Encryption at rest: Data stored on GCP is encrypted at rest using Google-managed encryption keys.
  • Access control: Only authorized personnel have access to production systems and data, governed by role-based access controls.
  • Authentication: User passwords are securely hashed and never stored in plain text. The App supports authentication via Firebase Authentication.
  • Monitoring: We monitor our systems for unauthorized access attempts and security anomalies.

9. Your Rights Under the GDPR

As a data subject under the GDPR, you have the following rights:

Right Description
Access Request a copy of the personal data we hold about you
Rectification Request correction of inaccurate or incomplete data
Erasure Request deletion of your personal data ("right to be forgotten")
Restriction Request that we limit how we process your data
Data portability Receive your data in a structured, machine-readable format
Objection Object to processing based on legitimate interest, including AI-based analysis
Withdraw consent Withdraw consent for marketing communications at any time

To exercise any of these rights, contact us at support@elainlahtoinen.fi. We will respond within 30 days.

If you are unsatisfied with our response, you have the right to file a complaint with the Finnish Data Protection Ombudsman:

Office of the Data Protection Ombudsman

Website: tietosuoja.fi

Email: tietosuoja@om.fi

10. Cookies and Tracking

The KoiraKaveri website (koirakaveri.fi) uses:

  • Google Analytics cookies to collect anonymous usage statistics. These cookies do not identify you personally.
  • Essential cookies required for the website to function (e.g., session management).

The KoiraKaveri mobile app does not use browser cookies but does collect anonymous usage analytics as described in Section 5.4.

You can manage your cookie preferences through your browser settings.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Updated" date at the top of this document.
  • For significant changes, we will notify you via the App or by email at least 14 days in advance.

12. Contact

For any questions or requests regarding this Privacy Policy or your personal data:

Eläinlähtöinen Oy

Business ID: 3431336-3

Email: support@elainlahtoinen.fi

Data protection contact: henna@elainlahtoinen.fi

Website: www.koirakaveri.fi

KoiraKaveri Logo
KoiraKaveri
Ominaisuudet Opas Hinnoittelu FAQ Käyttöehdot Tietosuoja

© 2026 Eläinlähtöinen Oy. Kaikki oikeudet pidätetään.