Privacy Policy
Updated April 8, 2026
1. Data Controller
Eläinlähtöinen Oy
Business ID: 3431336-3
Email: support@elainlahtoinen.fi
Contact person for data protection matters: Henna Hanhirova (henna@elainlahtoinen.fi)
KoiraKaveri is a product of Eläinlähtöinen Oy.
2. What Data We Collect
2.1. Data You Provide
| Data category | Examples |
|---|---|
| Account information | Name, email address, location (optional), time zone |
| Dog profiles | Dog's name, breed, date of birth, weight, health conditions, medications |
| Health journal | Poop quality logs, symptom entries, health index data, vet visit notes |
| User-uploaded content | Photos, images, documents, and notes uploaded to the App |
| Chat and AI conversations | Messages exchanged with the AI Assistant |
| Family group and sitter data | Invitations, shared access permissions, sitter instructions |
2.2. Data Collected Automatically
| Data category | Examples |
|---|---|
| Device and technical data | Device type, operating system, app version, IP address |
| Usage data | Features used, session duration, navigation patterns (collected anonymously via Google Analytics) |
| Subscription data | Subscription tier, purchase date, renewal status, transaction identifiers (managed via RevenueCat) |
| Log data | Error logs, crash reports, authentication timestamps |
3. Purposes and Legal Bases for Processing
| Purpose | Legal basis |
|---|---|
| Providing and operating the App (accounts, dog profiles, health features) | Contract |
| Managing subscriptions and billing via app stores and RevenueCat | Contract |
| AI-powered features (health summaries, training suggestions, chat) | Contract |
| Anonymous usage analytics via Google Analytics | Legitimate interest |
| Creating anonymized summaries of AI conversation topics to improve content | Legitimate interest |
| Technical maintenance, security, and error resolution | Legitimate interest |
| Customer support and communication | Contract |
| Compliance with legal obligations (e.g., accounting law) | Legal obligation |
| Marketing communications (newsletters) | Consent |
4. Data Storage and Retention
4.1. Primary Storage
Your primary data — including dog profiles, health journals, chat history, and uploaded content — is stored on Google Cloud Platform (GCP) servers located within the European Economic Area (EEA).
4.2. Retention Periods
| Data type | Retention period |
|---|---|
| Account and dog profile data | Duration of your account; deleted immediately upon account deletion |
| Health journal and uploaded content | Duration of your account; deleted immediately upon account deletion |
| AI conversations (raw) | 7 days, then permanently deleted |
| Anonymized AI conversation summaries | Indefinitely (irreversibly de-identified, not linked to your identity) |
| Technical and error logs | 6–12 months |
| App usage analytics (our own) | Indefinitely (pseudonymized, linked to a non-identifying user ID) |
| Anonymous analytics data (Google Analytics) | Per Google Analytics default retention policy (currently 14 months; anonymized) |
| Subscription and billing records | Duration of account, plus as required by accounting law (up to 7 years) |
When you delete your account, all your personal data is permanently and immediately deleted. We recommend exporting your data before deleting your account, as deletion cannot be reversed. Anonymized summaries and aggregated analytics are retained as they cannot be linked back to you. Billing records required by law (e.g., accounting law) are retained for the legally mandated period.
5. Subprocessors and Third-Party Services
We use the following trusted third-party service providers (subprocessors) to deliver and operate KoiraKaveri. Where data is transferred outside the EEA, we rely on appropriate safeguards such as European Commission Standard Contractual Clauses (SCCs), the EU-U.S. Data Privacy Framework, or adequacy decisions to ensure GDPR compliance.
5.1. Google — Workspace
| Service | Google Workspace (Gmail, Drive, etc.) |
| Purpose | Internal business operations, including handling customer support emails and storing internal business documents |
| Data processed | Your email address and the contents of any emails you send to us |
| Data location | Global (Google Workspace data may be processed in any Google data center worldwide) |
| Safeguards | SCCs, EU-U.S. Data Privacy Framework |
5.2. Google — Cloud Platform (GCP)
| Service | Google Cloud Platform (Firestore, Cloud Storage, Cloud Functions) |
| Purpose | Primary data storage, application hosting, and backend services |
| Data processed | All App data: account information, dog profiles, health journals, chat history, uploaded images and files |
| Data location | EEA |
| Safeguards | Data residency within EEA; Google Cloud Data Processing Addendum |
5.3. Google — Gemini AI
| Service | Google Gemini API (AI models) |
| Purpose | Powering the AI Assistant, generating health summaries, training suggestions, and chat responses |
| Data processed | Contextual data sent to the AI model per request: relevant dog profile information, health journal entries, and chat messages |
| Data location | Global (AI processing may occur outside the EEA, including the United States) |
| Safeguards | SCCs, Google Cloud Data Processing Addendum; data is not used by Google to train its models |
5.4. Google Analytics
| Service | Google Analytics 4 |
| Purpose | Understanding anonymous usage patterns and app behavior to improve the user experience |
| Data processed | Anonymized usage data: page views, feature usage, session duration, device type, approximate location (country/region level). No personally identifiable information is sent to Google Analytics. |
| Data location | Global (Google Analytics servers) |
| Safeguards | IP anonymization enabled; no PII collected; SCCs, EU-U.S. Data Privacy Framework |
5.5. RevenueCat
| Service | RevenueCat Inc. (subscription management platform) |
| Purpose | Coordinating in-app purchases and subscriptions across Apple App Store and Google Play, managing subscription status and entitlements |
| Data processed | Email address, subscription tier, purchase history, transaction identifiers, app user ID |
| Data location | United States (hosted on Amazon Web Services / AWS). Data is stored and processed outside the EEA. |
| Safeguards | SCCs, RevenueCat Data Processing Agreement |
5.6. Apple — App Store
| Service | Apple App Store (app distribution and in-app purchases) |
| Purpose | Distributing the App to iOS users, processing in-app subscription purchases and payments, delivering push notifications |
| Data processed | Apple ID, device identifiers, purchase and subscription history, payment information (handled entirely by Apple) |
| Data location | Global (Apple data centers, including the United States) |
| Safeguards | Apple's Data Processing Agreement; EU-U.S. Data Privacy Framework. Payment information is handled entirely by Apple and is never shared with KoiraKaveri. |
5.7. Google — Play Store
| Service | Google Play Store (app distribution and in-app purchases) |
| Purpose | Distributing the App to Android users, processing in-app subscription purchases and payments, delivering push notifications |
| Data processed | Google account information, device identifiers, purchase and subscription history, payment information (handled entirely by Google) |
| Data location | Global (Google data centers, including the United States) |
| Safeguards | Google's Data Processing Agreement; EU-U.S. Data Privacy Framework. Payment information is handled entirely by Google and is never shared with KoiraKaveri. |
6. AI and Automated Processing
6.1. AI Assistant
KoiraKaveri uses Google's Gemini AI models to power its AI Assistant. When you interact with the AI, relevant context (such as your dog's profile, recent health entries, and your message) is sent to the Gemini API to generate a response.
- AI-generated responses are not reviewed by KoiraKaveri employees before being delivered to you.
- Google does not use your data sent via the Gemini API to train its general AI models.
- No automated decisions with legal or similarly significant effects are made about you based on AI processing.
6.2. Anonymized AI Summaries
We create anonymized, irreversibly de-identified summaries of the topics discussed with the AI Assistant. These summaries contain no personal information and cannot be linked back to you or your dog. They are used solely to improve our training materials, content library, and app experience.
If you wish to opt out of this anonymized data collection, please contact us at support@elainlahtoinen.fi.
7. International Data Transfers
Your primary data is stored within the EEA on Google Cloud Platform. However, certain services require data to be transferred or processed outside the EEA:
| Service | Data transferred | Destination | Safeguard |
|---|---|---|---|
| Google Gemini AI | AI request context (dog profile excerpts, messages) | Global (incl. US) | SCCs, Google Cloud DPA |
| Google Workspace | Support emails, business correspondence | Global | SCCs, EU-U.S. DPF |
| Google Analytics | Anonymous usage data | Global | IP anonymization, SCCs, EU-U.S. DPF |
| RevenueCat | Email, subscription data | United States (AWS) | SCCs, RevenueCat DPA |
| Apple App Store | Apple ID, device identifiers, purchase history | Global (incl. US) | Apple DPA, EU-U.S. DPF |
| Google Play Store | Google account, device identifiers, purchase history | Global (incl. US) | Google DPA, EU-U.S. DPF |
We regularly review our subprocessors and their safeguards to ensure continued compliance with the GDPR.
8. Data Security
We protect your data using industry-standard security measures, including:
- Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS.
- Encryption at rest: Data stored on GCP is encrypted at rest using Google-managed encryption keys.
- Access control: Only authorized personnel have access to production systems and data, governed by role-based access controls.
- Authentication: User passwords are securely hashed and never stored in plain text. The App supports authentication via Firebase Authentication.
- Monitoring: We monitor our systems for unauthorized access attempts and security anomalies.
9. Your Rights Under the GDPR
As a data subject under the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your personal data ("right to be forgotten") |
| Restriction | Request that we limit how we process your data |
| Data portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interest, including AI-based analysis |
| Withdraw consent | Withdraw consent for marketing communications at any time |
To exercise any of these rights, contact us at support@elainlahtoinen.fi. We will respond within 30 days.
If you are unsatisfied with our response, you have the right to file a complaint with the Finnish Data Protection Ombudsman:
10. Cookies and Tracking
The KoiraKaveri website (koirakaveri.fi) uses:
- Google Analytics cookies to collect anonymous usage statistics. These cookies do not identify you personally.
- Essential cookies required for the website to function (e.g., session management).
The KoiraKaveri mobile app does not use browser cookies but does collect anonymous usage analytics as described in Section 5.4.
You can manage your cookie preferences through your browser settings.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Updated" date at the top of this document.
- For significant changes, we will notify you via the App or by email at least 14 days in advance.
12. Contact
For any questions or requests regarding this Privacy Policy or your personal data:
Eläinlähtöinen Oy
Business ID: 3431336-3
Email: support@elainlahtoinen.fi
Data protection contact: henna@elainlahtoinen.fi
Website: www.koirakaveri.fi