Privacy Policy
Last updated: 11.6.2026
Summary
This privacy policy explains what personal data we collect in the Taimi app and website, for what purpose, on what legal basis, and how long we retain it. We respect your privacy and comply with the EU General Data Protection Regulation (GDPR) and the Finnish national Data Protection Act. We never sell, rent, or disclose your personal data to third parties for commercial purposes.
1. Data Controller
Taimi
Taimi, c/o [Business ID pending], Helsinki, Finland
Email: hei@taimifamily.com
Data Protection Officer: hei@taimifamily.com
2. What Personal Data We Collect
We only collect data that is necessary to provide and develop the service. Currently (in beta phase), we collect the following data:
a) When joining the beta waiting list
- Email address
- Family type (parent, child, both)
- Consent for email communications (marketing and product updates)
- Time of joining
b) Automatically collected data
- Essential cookies: Session data and cookie preferences (taimi_consent)
- Analytics (only with consent): Anonymized usage data via Google Analytics 4 (page views, session duration, device information)
- Marketing (only with consent): Advertising conversion tracking via Meta Pixel and Google Ads
c) Through the contact form
- Name
- Email address
- Message content
3. Purpose and Legal Basis of Processing
| Purpose | Legal Basis (GDPR) |
|---|---|
| Beta waiting list management | Legitimate interest (Art. 6(1)(f)) |
| Email communications | Consent (Art. 6(1)(a)) |
| Analytics | Consent (Art. 6(1)(a)) |
| Ad targeting and measurement | Consent (Art. 6(1)(a)) |
| Technical operation of the service | Legitimate interest (Art. 6(1)(f)) |
| Responding to inquiries | Legitimate interest (Art. 6(1)(f)) |
You may withdraw consent-based processing at any time by notifying us by email.
4. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means.
- Beta waiting list data: Retained for a maximum of 2 years from your last interaction with us, or until the service launches and your waiting list entry is converted to a user account — whichever comes first. You may request deletion of your data at any time before then.
- Analytics data: Google Analytics 4 retains data for a maximum of 14 months. Individual users cannot be identified from this data, which is anonymised at the point of collection.
- Marketing cookies: Cookies expire within 3–6 months depending on the specific cookie (see our detailed cookie list for exact durations).
- Contact messages and lead submissions: Retained for a maximum of 12 months after we have completed handling your inquiry or lead.
Once the applicable retention period has expired, we securely delete, destroy, or anonymise your personal data in accordance with our data disposal procedures and applicable law.
5. Data Disclosure and Transfer
We do not disclose your personal data to third parties for our own commercial purposes. However, we use the following service providers who process data on our behalf:
Data processing agreements (DPA) compliant with GDPR have been signed with all service providers. When data is transferred outside the EU, we ensure an adequate level of protection through standard contractual clauses (SCC) or equivalent mechanisms.
6. Cookies and Similar Technologies
We use cookies and similar technologies to ensure website functionality, analytics, and marketing. You can manage your cookie settings at any time via the "Cookie Settings" button at the bottom of the page. A detailed cookie list can be found on the cookies page.
7. Data Subject Rights
Under GDPR, you have the following rights:
- Right of access – You may request a copy of all personal data concerning you.
- Right to rectification – You may request correction of inaccurate data.
- Right to erasure – You may request deletion of your data ("right to be forgotten"), unless we have a legal obligation to retain it.
- Right to restriction of processing – You may request restriction of processing of your data in certain situations.
- Right to data portability – You may request your data in a machine-readable format.
- Right to object – You may object to processing based on legitimate interest.
- Right to withdraw consent – You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
- Right to lodge a complaint – If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with the supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (tietosuoja.fi).
You may exercise your rights by sending an email to hei@taimifamily.com. We will respond to requests within one month.
8. Data Security
We have implemented appropriate technical and organizational measures to protect your personal data. These include:
- Data transmission encryption (TLS/HTTPS)
- Database encryption (at rest)
- Access control and strong authentication
- Regular security audits
- Staff data protection training
8b. Data Breaches
In the event of a personal data breach that may pose a risk to the rights and freedoms of data subjects:
- We will notify the Office of the Data Protection Ombudsman within 72 hours of becoming aware of the breach (GDPR Art. 33).
- If the breach poses a high risk to the rights and freedoms of data subjects, we will notify the data subjects without undue delay (GDPR Art. 34).
- We document all data breaches and the measures taken to remedy the breach.
9. Automated Decision-Making and Profiling
We do not use automated decision-making or profiling that would have legal effects or similarly significant effects on you.
10. Children's Privacy
Taimi is designed for families, and children are intended to use the app under the active supervision of a parent or legal guardian.
Registration and parental consent
During the registration process, we ask for the parent's or guardian's information to create a Family Account. Children under the age of 18 must be registered by their parent or legal guardian. For children under the age of 13, the parent or guardian must explicitly consent to the collection and use of the child's personal data as described in this Privacy Policy during the account creation process.
Parental controls and choices
As the parent or guardian who created the Family Account, you can view and manage the personal data of any child linked to your account at any time through your account settings. You may also request deletion of your child's personal data by contacting us. Upon receiving such a request, we will delete as much of the child's data as we are legally permitted to — noting that certain data may need to be retained to comply with legal obligations (for example, financial transaction records where applicable).
What we collect from children
We only collect information from children that is necessary to provide the Service requested by the parent. This may include the child's first name, age, completed tasks and chore history, learning progress, savings goals and balances, and in-app achievements. We do not serve targeted advertising to children, we do not sell children's personal data, and we do not create profiles of children for purposes unrelated to the Service.
Inadvertent collection
If we learn that we have inadvertently collected personal data from a child under the age of 13 without verifiable parental consent as required by law, we will delete that data as quickly as possible. If you believe we may have collected data from a child without proper consent, please contact us immediately at the email address listed in the Contact Information section below.
11. Changes to This Policy
We reserve the right to update this privacy policy as the service evolves. We will notify you of significant changes by email (if you are on the beta waiting list) and/or on the website. We recommend checking this page regularly.
12. Contact Information
All privacy-related questions, requests, and inquiries:
Email: hei@taimifamily.com
We aim to respond to all privacy inquiries within 30 days.
