Tietosuojakäytäntö
Kuinka MushingPlan kerää, käyttää ja suojaa henkilötietojasi.
Tämä tietosuojakäytäntö on tällä hetkellä saatavilla englanniksi. Käännös on tulossa.
1 Who We Are
MushingPlan ("we", "us", "our") operates the MushingPlan mobile application and website (mushingplan.com). We are the data controller for the personal data processed through our services.
For privacy inquiries, contact us at: [email protected]
2 Data We Collect
We collect the following categories of personal data:
Account Data
Name, email address, profile photo, and authentication identifiers when you sign in via Google or Apple OAuth.
Location & GPS Data
Real-time GPS coordinates, training routes, speed, distance, elevation, and historical route data. You can disable location tracking at any time.
Wearable & Watch Data
GDPR Art. 9Heart rate, speed, distance, duration, and fitness metrics from Garmin or Apple Watch. Heart rate and biometric data are special category data requiring your explicit, separate consent. You can use GPS-only features without sharing health data.
Offline-Collected Data
When offline, data is stored locally in an encrypted database and synced when you reconnect. The legal basis applies at the moment of collection, not at sync time.
Dog & Animal Data
Dog profiles, health records, vaccination history, breeding information, and wellness checks. Linked to an identifiable owner, so treated as personal data under GDPR.
Marketplace Data
Listing information, transaction history, and booking details. Payment information is processed by Stripe and not stored on our servers.
Messages
Content and metadata of in-app messages, including timestamps and participants.
Device & Technical Data
Device model, OS version, app version, IP address, crash logs, analytics, and push notification tokens.
3 Legal Bases for Processing
4 How We Use Your Data
- Provide and maintain the MushingPlan service
- Record and display GPS training sessions and routes
- Sync wearable device data for training analytics
- Manage dog profiles, health records, and kennel operations
- Facilitate marketplace transactions and bookings
- Enable in-app messaging between users
- Send push notifications (with your consent)
- Improve our services through aggregated analytics
- Ensure platform security and prevent fraud
5 Data Sharing & Third Parties
Stripe
Payment processing for marketplace transactions (Stripe Connect).
Mapbox
Map rendering and offline map tiles.
Firebase (Google)
Analytics, crash reporting, performance monitoring, push notifications.
Google Analytics
Website and app usage statistics and user journey analysis.
Meta Pixel (Facebook)
Ad conversion tracking and audience targeting (with consent).
Garmin / Apple
Watch integration APIs for syncing wearable data.
Google / Apple
OAuth authentication services.
Our servers and databases are hosted by DigitalOcean in Amsterdam, Netherlands (EEA). We do not sell your personal data to third parties.
6 International Data Transfers
Our servers, database (PostgreSQL), and cache (Redis) are hosted by DigitalOcean in Amsterdam, Netherlands, within the EEA. Some third-party providers (such as Stripe, Mapbox, Google/Firebase, and Meta) may process data outside the EEA. In such cases, we ensure appropriate safeguards including Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.
7 Data Retention
| Data Type | Retention |
|---|---|
| Account data | Duration of account, deleted within 30 days after |
| Training & GPS data | Duration of account (individual sessions deletable) |
| Dog health records | Duration of account |
| Marketplace transactions | 7 years (tax/accounting obligations) |
| Messages | Duration of account, deleted within 30 days after |
| Analytics data | Aggregated and anonymized within 26 months |
| Offline data | Stored locally until synced, then same periods apply |
8 Your Rights (GDPR Articles 15–22)
Right of access
Art. 15Request a copy of all personal data we hold about you
Right to rectification
Art. 16Correct inaccurate data
Right to erasure
Art. 17Request deletion of your data ("right to be forgotten")
Right to restriction
Art. 18Restrict processing of your data
Right to data portability
Art. 20Receive your data in JSON/CSV format
Right to object
Art. 21Object to processing based on legitimate interest
Right to withdraw consent
Withdraw any consent at any time
Right to lodge a complaint
Contact your local supervisory authority
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
Relevant supervisory authorities:
9 Offline Data & Consent
- Consent for data collection is obtained before you begin an offline session
- Your consent preferences are stored locally on your device
- If you withdraw consent while offline, the app honors this locally and will not sync affected data
- Data deletion requests apply to both local device storage and our servers
- Locally stored offline data is encrypted on your device
10 Children's Data
MushingPlan is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, contact us at [email protected] and we will delete it promptly.
11 Data Security
Encryption in transit
TLS encryption for all data transfers
Encryption at rest
Data encrypted on our servers and locally on your device
Access controls
Role-based authentication and authorization
Security assessments
Regular security reviews and monitoring
12 Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or via email. Continued use of MushingPlan after changes constitutes acceptance of the updated policy.
13 Contact
For questions about this Privacy Policy or our data practices, contact us at:
[email protected]