Privacy Policy

JKOVE Oy (Business ID 3111634-8)

Contact for privacy matters: hello@flovei.com

Personal data is processed to enable the operation of the Flovei service, to identify the user, and to ensure the use and technical functioning of the service.

The legal basis for processing is a contract (GDPR art. 6(1)(b)): by registering, the user accepts the service's terms of use and this privacy policy. For certain optional features, the legal basis is consent (GDPR art. 6(1)(a)), which the user may withdraw at any time in the settings.

• Contact details (email address, name)
• Authentication data (passwords are stored only as hashes)
• Information entered into the service by the user
• Technical log data (session information, usage times, IP address)

The service does not collect personal data of the user's clients or other third parties. The service does not process special categories of personal data (GDPR art. 9).

The following subcontractors are used for processing personal data:

• Supabase Inc. — database and user authentication. Data is stored within the EU (AWS eu-north-1, Stockholm).
• Vercel Inc.— technical platform and delivery of static content for the service. Backend functions of the service are run on Vercel's infrastructure in the United States.

Data processing agreements (DPAs) compliant with the GDPR are in place between the controller and the processors. Any transfer of data outside the EU/EEA area is based on the Standard Contractual Clauses (SCCs) approved by the European Commission and on the EU–US Data Privacy Framework.

Within the controller's organisation, personal data may be accessed by representatives of the controller who have a task-based need to process the data in connection with the operation, development, or user support of the service.

The personnel of the subcontractors referred to in section 4 may access the data to the extent required by the maintenance of technical infrastructure, troubleshooting, or support services, in accordance with each subcontractor's own security and privacy practices.

Personal data is not disclosed to other third parties unless there is a statutory obligation to do so.

Personal data is retained for as long as the user has an active user account. Following deletion of the account, the data is removed within 30 days, with the exception of data subject to a statutory retention obligation.

Technical log data is retained for a maximum of 12 months to ensure information security.

The user has the following rights under the GDPR:

• Right of access to their own data
• Right to rectification of inaccurate data
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with the supervisory authority (Office of the Data Protection Ombudsman, tietosuoja.fi)

These rights may be exercised by sending a message to hello@flovei.com. Requests will be responded to within 30 days.

Data transfer between the service and the user is encrypted (HTTPS/TLS). Passwords are stored as one-way hashes. Access to the database is restricted using row-level access controls.

The service uses only cookies that are strictly necessary for its operation, such as maintaining session and login state. The service does not use advertising or tracking cookies.

This privacy policy may be updated from time to time. Users will be informed of significant changes within the service or by email.