MökkiCare
Sign in

Privacy Policy

Last updated: 7 May 2026.

1. Controller

MökkiCare ("we", "us") is the data controller for personal data processed via mokkicare.app. Contact us via our contact form.

2. What we collect

  • Account data: name, email, phone, language preference.
  • Provider data (if applicable): bio, headline, service area, business ID (Y-tunnus), insurance status, services, equipment, payout methods.
  • Property data (owners): cottage name, location, address, notes, photos.
  • Task and bid data: descriptions, budgets, status, scheduled dates, completion photos.
  • Messaging: chat messages and attachments between owners and providers.
  • Reviews: ratings and comments left after a paid task.
  • Technical: IP address, device, log data, cookie identifiers (essential cookies only by default).

3. Legal bases (GDPR Art. 6)

  • Performance of contract (Art. 6(1)(b)) — providing the marketplace.
  • Legitimate interests (Art. 6(1)(f)) — safety, fraud prevention, service improvement.
  • Legal obligation (Art. 6(1)(c)) — accounting, tax records.
  • Consent (Art. 6(1)(a)) — non-essential cookies and optional communications.

4. Sharing

Personal data is shared with the other party of a task only after a bid is accepted. We use sub-processors for hosting (Lovable Cloud / Supabase EU), email, and payments (Stripe). A Data Processing Addendum is available on request.

5. Retention

  • Account: until you delete it; backups are purged within 30 days.
  • Messages and attachments: 24 months from last activity.
  • Tasks, bids, reviews: 6 years (Finnish accounting requirements where invoiced).
  • Logs: 90 days.

6. Your rights (GDPR Arts. 15–21)

You can access, rectify, export, restrict, object to, or delete your personal data. Use Account settings to download your data or delete your account, or reach us via the contact form. You may lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).

7. Security

Data is encrypted in transit (TLS) and at rest. Access is restricted via row-level security and least-privilege. We will notify the supervisory authority within 72 hours of any reportable breach.

8. International transfers

Where data is transferred outside the EEA, we rely on EU Standard Contractual Clauses.

9. Children

The service is not directed at users under 16.

10. Changes

We will notify users by email and in-app of material changes.