Privacy Policy

Puddles Oy (business ID 3610705-3), Helsinki, Finland. For privacy questions, contact tuki@tackbird.com.

At sign-up: email address, your chosen username, password hash (we never see the plaintext password).

During use: address details to identify your housing association and neighborhood, profile picture (optional), posts and messages you publish, reviews you give, technical log data on app usage.

Payments (when activated): payment metadata via Stripe. We do not store card data ourselves — Stripe Payments Europe Ltd processes them.

Identity verification (when activated): confirmation that your identity has been verified, but we do not store your personal identity number.

Contract: delivering the service to you (account management, posts, messages).

Consent: precise location data, push notifications, marketing.

Legal obligation: accounting, VAT, taxation, anti-money-laundering.

Legitimate interest: service security, abuse prevention, service improvement via anonymized analytics.

We keep data as long as you have an active account. When you delete your account, personal data is deleted within 30 days. Data subject to legal retention obligations (e.g. accounting records) is kept for the period required by law, typically 6 years.

We do not sell or rent your data. We use the following processors under strict contract:

• Supabase Inc. — application database and authentication (servers in EU)
• Stripe Payments Europe Ltd — payment processing (when payments are enabled)
• Sentry — error logs (anonymized)
• Apple and Google — app store, push notifications

We may disclose data to authorities if required by law.

We aim to keep data within the EU. Where transfers outside the EU occur (e.g. via technical providers), we use Commission-approved Standard Contractual Clauses (SCC).

Under GDPR you have the right to:

• Access the personal data we hold
• Request correction of inaccurate data
• Request deletion ("right to be forgotten")
• Restrict processing
• Port data to another service
• Object to processing
• Withdraw consent
• Lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi)

You can exercise any of these rights by emailing tuki@tackbird.com.

We use industry-standard practices to protect data: encrypted connections (TLS), passwords stored as hashes (bcrypt), restricted access to data, regular backups. In the event of a data breach, we will notify you as required by law within 72 hours.

TackBird is intended for adults (18+). We do not knowingly collect data from children under 13. If we learn that a minor has created an account, we will delete the account and the data.

We update this policy when needed. Material changes will be announced in the app and by email at least 30 days before they take effect. The latest update date appears at the top.